Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
ORDINE DI ACQUISTO URGENTE.exe

Overview

General Information

Sample Name:ORDINE DI ACQUISTO URGENTE.exe
Analysis ID:753977
MD5:30fed3bfa7e3fed7fbd5d60f1a444f2d
SHA1:b6080144f7cb27b4ad1e79cc65c14388bf87dcc5
SHA256:ae5f04e1939d8ce30342a717d15c99489f9afa411aacfdbc85a4f6af79013694
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
.NET source code contains potential unpacker
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Launches processes in debugging mode, may be used to hinder debugging
Creates a process in suspended mode (likely to inject code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • ORDINE DI ACQUISTO URGENTE.exe (PID: 2224 cmdline: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe MD5: 30FED3BFA7E3FED7FBD5D60F1A444F2D)
    • WerFault.exe (PID: 3920 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 3600 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: ORDINE DI ACQUISTO URGENTE.exeVirustotal: Detection: 26%Perma Link
Source: ORDINE DI ACQUISTO URGENTE.exeReversingLabs: Detection: 12%
Source: ORDINE DI ACQUISTO URGENTE.exeJoe Sandbox ML: detected
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: System.Core.ni.pdbRSDSD source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Xml.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Accessibility.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.323227583.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.ni.pdbRSDS source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Windows.Forms.pdbP source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: ORDINE DI ACQUISTO URGENTE.PDB source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300514888.00000000006FC000.00000004.00000010.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.273186840.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbd source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.289272448.0000000006C78000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdbRSDS source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.289285429.0000000006C88000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.PDB source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300514888.00000000006FC000.00000004.00000010.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.273186840.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbrc source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300882369.0000000000946000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322836606.0000000000967000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Windows.Feedback.WatsonDI ACQUISTO URGENTE.PDB source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300882369.0000000000946000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322836606.0000000000967000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbQ[ source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.323227583.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: :C:\Windows\SysWOW64\WerFault.exee\??\C:\Windows\SysWOW64\WerFault.exe63209-4053en-USenMicrosoft.Windows.Feedback.WatsonDI ACQUISTO URGENTE.PDBblrr source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300458512.0000000000340000.00000004.00000001.00040000.00000000.sdmp
Source: Binary string: System.Windows.Forms.DataVisualization.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.301200607.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.275817637.0000000000995000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Windows.Forms.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Accessibility.pdbSystem.Windows.Forms.dllSystem.Windows.Forms.dll source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: mscorlib.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: c.pdbis source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300514888.00000000006FC000.00000004.00000010.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.273186840.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: mscorlib.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbsk source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322836606.0000000000967000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Microsoft.VisualBasic.pdbl source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Core.pdbMicrosoft.VisualBasic.dllMicrosoft.VisualBasic.dll source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Xml.ni.pdbRSDS source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: mscorlib.pdbL}g) source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.301034425.000000000095F000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322805975.000000000095F000.00000004.00000020.00020000.00000000.sdmp
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248772295.0000000005606000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251903893.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251800771.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlP
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.260973693.0000000005607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersi
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comFH
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comG
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comals
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsF
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcomd
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comdva
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.come
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.287901825.0000000005600000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comgretaG
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.260973693.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.287901825.0000000005600000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comltTF
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comm
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.260973693.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comtouG
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250200672.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250425855.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250326230.0000000005608000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250425855.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250326230.0000000005608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnRig
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250425855.0000000005607000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cns-cW
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253322331.000000000560D000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252672947.000000000560B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252672947.000000000560B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/1
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253270889.000000000560D000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253322331.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/U
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253322331.000000000560D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248462210.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248436496.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248462210.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248436496.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.coma
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248566839.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249352023.000000000561B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.come
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248566839.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249352023.000000000561B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comt
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253264565.0000000005635000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.244090320.0000000000242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOrVb.exe< vs ORDINE DI ACQUISTO URGENTE.exe
Source: ORDINE DI ACQUISTO URGENTE.exeBinary or memory string: OriginalFilenameOrVb.exe< vs ORDINE DI ACQUISTO URGENTE.exe
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264
Source: ORDINE DI ACQUISTO URGENTE.exeVirustotal: Detection: 26%
Source: ORDINE DI ACQUISTO URGENTE.exeReversingLabs: Detection: 12%
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeFile read: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeJump to behavior
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ORDINE DI ACQUISTO URGENTE.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264Jump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2224
Source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.301200607.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.275817637.0000000000995000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2BD.tmpJump to behavior
Source: classification engineClassification label: mal56.evad.winEXE@5/4@0/0
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: System.Core.ni.pdbRSDSD source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Xml.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Accessibility.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.323227583.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.ni.pdbRSDS source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Windows.Forms.pdbP source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: ORDINE DI ACQUISTO URGENTE.PDB source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300514888.00000000006FC000.00000004.00000010.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.273186840.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbd source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.289272448.0000000006C78000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdbRSDS source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.289285429.0000000006C88000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.PDB source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300514888.00000000006FC000.00000004.00000010.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.273186840.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbrc source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300882369.0000000000946000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322836606.0000000000967000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Windows.Feedback.WatsonDI ACQUISTO URGENTE.PDB source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300882369.0000000000946000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322836606.0000000000967000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbQ[ source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.323227583.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: :C:\Windows\SysWOW64\WerFault.exee\??\C:\Windows\SysWOW64\WerFault.exe63209-4053en-USenMicrosoft.Windows.Feedback.WatsonDI ACQUISTO URGENTE.PDBblrr source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300458512.0000000000340000.00000004.00000001.00040000.00000000.sdmp
Source: Binary string: System.Windows.Forms.DataVisualization.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.301200607.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.275817637.0000000000995000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Windows.Forms.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Accessibility.pdbSystem.Windows.Forms.dllSystem.Windows.Forms.dll source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: mscorlib.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: c.pdbis source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.300514888.00000000006FC000.00000004.00000010.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.273186840.00000000006F7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.276057499.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: mscorlib.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbsk source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322836606.0000000000967000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: Microsoft.VisualBasic.pdbl source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Core.pdbMicrosoft.VisualBasic.dllMicrosoft.VisualBasic.dll source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.Xml.ni.pdbRSDS source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: System.ni.pdb source: WERF2BD.tmp.dmp.11.dr
Source: Binary string: mscorlib.pdbL}g) source: ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.301034425.000000000095F000.00000004.00000020.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000002.322805975.000000000095F000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: ORDINE DI ACQUISTO URGENTE.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.ORDINE DI ACQUISTO URGENTE.exe.240000.0.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: ORDINE DI ACQUISTO URGENTE.exeStatic PE information: 0xD41BCFC1 [Wed Oct 7 09:54:09 2082 UTC]
Source: initial sampleStatic PE information: section name: .text entropy: 7.34282860276798
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe TID: 2368Thread sleep time: -42186s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeThread delayed: delay time: 42186Jump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264Jump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264Jump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception11
Process Injection		11
Disable or Modify Tools		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts21
Virtualization/Sandbox Evasion		LSASS Memory21
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Software Packing		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 753977 Sample: ORDINE DI ACQUISTO URGENTE.exe Startdate: 25/11/2022 Architecture: WINDOWS Score: 56 12 Multi AV Scanner detection for submitted file 2->12 14 .NET source code contains potential unpacker 2->14 16 Machine Learning detection for sample 2->16 6 ORDINE DI ACQUISTO URGENTE.exe 2 2->6         started        process3 process4 8 WerFault.exe 24 9 6->8         started        10 WerFault.exe 6->10         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ORDINE DI ACQUISTO URGENTE.exe26%VirustotalBrowse
ORDINE DI ACQUISTO URGENTE.exe12%ReversingLabsByteCode-MSIL.Trojan.Pwsx
ORDINE DI ACQUISTO URGENTE.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.fontbureau.comalsF0%URL Reputationsafe
http://www.fontbureau.comalsF0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/10%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.fontbureau.comFH0%Avira URL Cloudsafe
http://www.sajatypeworks.coma0%URL Reputationsafe
http://www.founder.com.cn/cnRig0%Avira URL Cloudsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.founder.com.cn/cns-cW0%Avira URL Cloudsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sajatypeworks.come0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/U0%URL Reputationsafe
http://www.sajatypeworks.comt0%URL Reputationsafe
http://www.fontbureau.comG0%URL Reputationsafe
http://www.fontbureau.comcomd0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.fontbureau.coma0%URL Reputationsafe
http://www.fontbureau.comd0%URL Reputationsafe
http://en.w0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.come0%URL Reputationsafe
http://www.fontbureau.comm0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.fontbureau.como0%URL Reputationsafe
http://www.fontbureau.comals0%URL Reputationsafe
http://www.fontbureau.comtouG0%Avira URL Cloudsafe
http://www.fontbureau.comdva0%Avira URL Cloudsafe
http://www.fontbureau.comltTF0%Avira URL Cloudsafe
http://www.fontbureau.comgretaG0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://www.fontbureau.com/designers/?ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.founder.com.cn/cn/bTheORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://www.fontbureau.com/designers?ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.fontbureau.comFHORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.tiro.comORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designersORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.goodfont.co.krORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.founder.com.cn/cnRigORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250425855.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250326230.0000000005608000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fontbureau.comalsFORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.sajatypeworks.comORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248462210.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248436496.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designersiORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.260973693.0000000005607000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.typography.netDORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.founder.com.cn/cn/cTheORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.galapagosdesign.com/staff/dennis.htmORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://fontfabrik.comORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/1ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252672947.000000000560B000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.founder.com.cn/cns-cWORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250425855.0000000005607000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.galapagosdesign.com/DPleaseORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fonts.comORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.sandoll.co.krORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.sajatypeworks.comaORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248462210.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248436496.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.urwpp.deDPleaseORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.zhongyicts.com.cnORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.sajatypeworks.comeORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248566839.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249352023.000000000561B000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.sakkal.comORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253264565.0000000005635000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.comtouGORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.apache.org/licenses/LICENSE-2.0ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251903893.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251800771.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.comORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.jiyu-kobo.co.jp/UORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253270889.000000000560D000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253322331.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.sajatypeworks.comtORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249024795.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250071482.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252477097.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249324231.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248848096.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252779211.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250672820.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252430627.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249689982.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248822950.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250272085.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248611771.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248534345.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249414698.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252388763.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.251615308.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250927226.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248780756.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252651259.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248566839.000000000561B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.249352023.000000000561B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comGORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comcomdORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/jp/ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253322331.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comaORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comdORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://en.wORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.248772295.0000000005606000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comdvaORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.carterandcone.comlORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/cabarga.htmlNORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.founder.com.cn/cnORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250200672.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250425855.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.250326230.0000000005608000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/frere-jones.htmlORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.comeORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255593248.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlPORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255655082.000000000560D000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.commORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.253322331.000000000560D000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.252672947.000000000560B000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.comoORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.260973693.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers8ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.288135469.0000000006812000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.comalsORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.255923031.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.256232609.000000000560E000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.comgretaGORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.287901825.0000000005600000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.comltTFORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261430958.000000000560C000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.260973693.0000000005607000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000000.287901825.0000000005600000.00000004.00000800.00020000.00000000.sdmp, ORDINE DI ACQUISTO URGENTE.exe, 00000000.00000003.261279166.0000000005607000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          No contacted IP infos

                          General Information

                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:753977
                          Start date and time:2022-11-25 18:12:37 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 5m 9s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:ORDINE DI ACQUISTO URGENTE.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:15
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal56.evad.winEXE@5/4@0/0
                          EGA Information:Failed
                          HDC Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 52.168.117.173
                          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          18:13:42API Interceptor1x Sleep call for process: ORDINE DI ACQUISTO URGENTE.exe modified
                          18:14:03API Interceptor1x Sleep call for process: WerFault.exe modified

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ORDINE DI ACQUIS_f427dbf47d10ff7d10aa4ade5246715c0275215_dae93591_0f6c1856\Report.wer

                          Download File
                          Process:C:\Windows\SysWOW64\WerFault.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):65536
                          Entropy (8bit):1.1325366051579553
                          Encrypted:false
                          SSDEEP:192:5Ax/JiokHBUZMXiaKeCikHKvP/u7sRS274Itt:5C/JnsBUZMXiaz/u7sRX4Itt
                          MD5:19071247BD81849F0DAEDA943561C3F7
                          SHA1:CC5EBCA286BEA2C3206612272D4703904BCD0A0E
                          SHA-256:A254C9A06EEB47A4D9DB333CA46D1B01177E12C7C58055A43DAB4594DAF4EEA0
                          SHA-512:07BF8F90C0D3B475064EB0D2645046E7B7DC083203449732BDA193A9F037518BCCB16660167AEB13304100B04050FF2C205481510B4CC744E2997B7098E837FB
                          Malicious:false
                          Reputation:low
                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.3.9.0.2.4.3.4.2.6.2.3.1.1.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.3.9.0.2.4.3.6.5.5.9.2.0.3.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.7.8.f.7.4.c.b.-.8.b.c.8.-.4.f.4.e.-.b.2.4.4.-.0.e.2.3.5.b.c.6.f.4.b.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.8.3.4.f.c.5.4.-.0.0.c.e.-.4.7.1.9.-.8.c.7.e.-.7.8.4.6.6.e.4.2.3.b.8.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.O.R.D.I.N.E. .D.I. .A.C.Q.U.I.S.T.O. .U.R.G.E.N.T.E...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.O.r.V.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.b.0.-.0.0.0.1.-.0.0.1.f.-.5.f.1.0.-.2.2.a.d.3.c.0.1.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.3.8.6.b.3.a.a.0.1.9.c.c.d.9.9.8.2.d.0.6.a.4.c.8.6.a.4.8.e.a.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.6.0.8.0.1.4.4.f.7.c.b.2.7.b.4.a.d.1.e.7.9.c.c.

                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2BD.tmp.dmp

                          Download File
                          Process:C:\Windows\SysWOW64\WerFault.exe
                          File Type:Mini DuMP crash report, 14 streams, Sat Nov 26 02:13:55 2022, 0x1205a4 type
                          Category:dropped
                          Size (bytes):271049
                          Entropy (8bit):4.34882955852115
                          Encrypted:false
                          SSDEEP:3072:cZ+Xu420Pjd+pf6Op9gIOgF5uF0FUCgUWoeNEXpojRzzOh+WYbVw:cZj0IpBp9RpDO+TjWtNupCRzzOwWYb
                          MD5:587D45D50A30E41E51FF874BD662A1B9
                          SHA1:7D2F6A4C80849F4E493265C693899F12985B8D7C
                          SHA-256:678269431E400075D7170CCFB7DF16C2B496D60B7FC82F306A818E039776BD1F
                          SHA-512:7190C449D610EE9733875C25E7F5DEF5AE79A08F077E0240A7648A53FEFAC005A69BD75D6AFE780C118AA1D21061B3E2C594B787118C4A980115AC808597F96A
                          Malicious:false
                          Reputation:low
                          Preview:MDMP....... .......cv.c............$...........|...,.......43...=..........T.......8...........T............2............... ..........."...................................................................U...........B......,#......GenuineIntelW...........T...........Iv.c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA30.tmp.WERInternalMetadata.xml

                          Download File
                          Process:C:\Windows\SysWOW64\WerFault.exe
                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):8488
                          Entropy (8bit):3.7190868779514226
                          Encrypted:false
                          SSDEEP:192:Rrl7r3GLNiEY6iC6YqRLSUMlIgmfZiYSlCprh89bHesfKNm:RrlsNiz636YASUMKgmfoYSDHdfJ
                          MD5:6F99E64B9D4F9EE0BF52AFC382EFE970
                          SHA1:3B1F70878D1EBB8828536B2BA6D9B32C30486695
                          SHA-256:9AD892B29E28B5D1BD4AD691FE2D875C67D4B7DA31AB5D4E8720826D23F85690
                          SHA-512:90742EB950BAC975854E9BB77B947303228A6F1BE2D3B8F092827DB763A7708856917C0EE8BCE4223B71970B794021EF60E495C3DEC2A4E387BD005116AFDC7C
                          Malicious:false
                          Reputation:low
                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.2.4.<./.P.i.d.>.......

                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAFD.tmp.xml

                          Download File
                          Process:C:\Windows\SysWOW64\WerFault.exe
                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):4829
                          Entropy (8bit):4.5861229965903005
                          Encrypted:false
                          SSDEEP:48:cvIwSD8zsMJgtWI9n3Wgc8sqYjm8fm8M4JptEtD8Fc+q8v7tD4FQtWVxtWwd:uITfKgGgrsqYvJbU5KJkF4WhWwd
                          MD5:036C78C38383C7B88E1E82E1B4CAE2E4
                          SHA1:094E777775181CE1EA02DF6CC24E6660E23757A3
                          SHA-256:BC9499EBB2828FF689409238E95E1D47C4D80E2C85C94D75FA659C5E9485CAAC
                          SHA-512:7F0A9EB195282CBC160B46913216DFC8C08AE1418F2D1FD9241AFA4639929FC23598BF49820839E9A96C49C591F433FCC205DF3E6F44A6E5AC6760D86EE884FE
                          Malicious:false
                          Reputation:low
                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1796364" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):7.33634562269812
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          • Win32 Executable (generic) a (10002005/4) 49.75%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Windows Screen Saver (13104/52) 0.07%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:ORDINE DI ACQUISTO URGENTE.exe
                          File size:869888
                          MD5:30fed3bfa7e3fed7fbd5d60f1a444f2d
                          SHA1:b6080144f7cb27b4ad1e79cc65c14388bf87dcc5
                          SHA256:ae5f04e1939d8ce30342a717d15c99489f9afa411aacfdbc85a4f6af79013694
                          SHA512:75a9242870523960d30a747a2b60a7be76d1bb59af5a7ebf005cd614c4a0fd2ee285f74de51817a1f9b8950c4a8fc8b652b4af88c24e004718e910a531e9f5d3
                          SSDEEP:12288:Sod2kWcRLDUVLwDdgT21GeumZJbxpDF81GmGqPBaynlmhGHqsSqyAeugqAPW6ET9:SodeFjBa5hCuNZ/A6CgUP
                          TLSH:12055BCF65603F45C26DABF0681334587FA16855044CE1E4AFE937CA1A37FADCA8162B
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..>...........]... ...`....@.. ....................................@................................

                          File Icon

                          Icon Hash:00828e8e8686b000

                          Static PE Info

                          General

                          Entrypoint:0x4d5df6
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0xD41BCFC1 [Wed Oct 7 09:54:09 2082 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd5da40x4f.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd60000x39c.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0xd5d880x1c.text
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000xd3dfc0xd3e00False0.6877535029498525data7.34282860276798IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0xd60000x39c0x400False0.3818359375data2.9323058510565096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xd80000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                          NameRVASizeTypeLanguageCountry
                          RT_VERSION0xd60580x340data
                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          No network behavior found

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          • File
                          • Registry

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:18:13:29
                          Start date:25/11/2022
                          Path:C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Desktop\ORDINE DI ACQUISTO URGENTE.exe
                          Imagebase:0x240000
                          File size:869888 bytes
                          MD5 hash:30FED3BFA7E3FED7FBD5D60F1A444F2D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Reputation:low
                          Show Windows behavior

                          File Activities

                          Show Windows behavior

                          Section Activities

                          Show Windows behavior

                          Registry Activities

                          Show Windows behavior

                          Mutex Activities

                          Show Windows behavior

                          Process Activities

                          Show Windows behavior

                          Thread Activities

                          Show Windows behavior

                          Memory Activities

                          Show Windows behavior

                          System Activities

                          Show Windows behavior

                          Windows UI Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          General

                          Target ID:11
                          Start time:18:13:53
                          Start date:25/11/2022
                          Path:C:\Windows\SysWOW64\WerFault.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264
                          Imagebase:0xa10000
                          File size:434592 bytes
                          MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Reputation:high
                          Show Windows behavior

                          File Activities

                          Show Windows behavior

                          Section Activities

                          Show Windows behavior

                          Registry Activities

                          Show Windows behavior

                          Mutex Activities

                          Show Windows behavior

                          Process Activities

                          Show Windows behavior

                          Thread Activities

                          Show Windows behavior

                          Memory Activities

                          Show Windows behavior

                          System Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Windows UI Activities

                          Show Windows behavior

                          Process Token Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          General

                          Target ID:12
                          Start time:18:13:57
                          Start date:25/11/2022
                          Path:C:\Windows\SysWOW64\WerFault.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 1264
                          Imagebase:0xa10000
                          File size:434592 bytes
                          MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Section Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Mutex Activities

                          Show Windows behavior

                          Process Activities

                          Show Windows behavior

                          Thread Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          Disassembly

                          No disassembly