Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Documenti di spedizione 000293949040405959000.exe

Overview

General Information

Sample name:Documenti di spedizione 000293949040405959000.exe
Analysis ID:1560838
MD5:5d32495cf3af0094a17aa09f76b7d27c
SHA1:3009c98452cd000828b3bf0ba8ad5b72d05c7f7e
SHA256:e6f50a0c2551c1d2593b8963bac95b0a3f4aad6d6b60d2a4e09d0c70dfd37649
Tags:AgentTeslaexeFTPftp-concaribe-comSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
.NET source code contains potential unpacker
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.concaribe.com", "Username": "testi@concaribe.com", "Password": "ro}UWgz#!38E"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x33afd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x33b6f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x33bf9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x33c8b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x33cf5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x33d67:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x33dfd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x33e8d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                • 0x30e3d:$s2: GetPrivateProfileString
                • 0x30540:$s3: get_OSFullName
                • 0x31c11:$s5: remove_Key
                • 0x31dd9:$s5: remove_Key
                • 0x32d01:$s6: FtpWebRequest
                • 0x33adf:$s7: logins
                • 0x34051:$s7: logins
                • 0x36d62:$s7: logins
                • 0x36e14:$s7: logins
                • 0x38766:$s7: logins
                • 0x379ae:$s9: 1.85 (Hash, version 2, native byte-order)
                0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 7 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://ftp.concaribe.comAvira URL Cloud: Label: malware
                  Source: http://concaribe.comAvira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.concaribe.com", "Username": "testi@concaribe.com", "Password": "ro}UWgz#!38E"}
                  Multi AV Scanner detection for submitted file
                  Source: Documenti di spedizione 000293949040405959000.exeReversingLabs: Detection: 28%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: Documenti di spedizione 000293949040405959000.exeJoe Sandbox ML: detected
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49706 version: TLS 1.2
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                  Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                  Source: Joe Sandbox ViewIP Address: 192.185.13.234 192.185.13.234
                  Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                  Source: global trafficDNS traffic detected: DNS query: ftp.concaribe.com
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://concaribe.com
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.concaribe.com
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: https://aka.ms/console-logger
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: https://aka.ms/dotnet-test.
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: https://aka.ms/vstest-collect
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: https://aka.ms/vstest-configure-datacollector
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: https://aka.ms/vstest-runsettings-arguments
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmp, Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                  Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49706 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: Documenti di spedizione 000293949040405959000.exe
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 0_2_0115E14C0_2_0115E14C
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_027DA2282_2_027DA228
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_027DB21D2_2_027DB21D
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_027D4A582_2_027D4A58
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_027DDB082_2_027DDB08
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_027D3E402_2_027D3E40
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_027D41882_2_027D4188
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_064EA8B42_2_064EA8B4
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_064EA5982_2_064EA598
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_064EBDF02_2_064EBDF0
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_064EDBF02_2_064EDBF0
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065066C02_2_065066C0
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065056A02_2_065056A0
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_0650C2402_2_0650C240
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_0650B3002_2_0650B300
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065023802_2_06502380
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_06507E402_2_06507E40
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065077602_2_06507760
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_0650E4682_2_0650E468
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065000402_2_06500040
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_06505DC82_2_06505DC8
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065000062_2_06500006
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_065000282_2_06500028
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074519691.0000000002EB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb6643012-12fd-45a5-9ab2-ac7e7ee5488b.exe4 vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000000.2066101536.0000000000A92000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWaves.exe, vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareGame.dll: vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb6643012-12fd-45a5-9ab2-ac7e7ee5488b.exe4 vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4542684748.0000000000AF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4542512598.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb6643012-12fd-45a5-9ab2-ac7e7ee5488b.exe4 vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exeBinary or memory string: OriginalFilenameWaves.exe, vs Documenti di spedizione 000293949040405959000.exe
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.5530000.2.raw.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.5530000.2.raw.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock'
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/0@2/2
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMutant created: NULL
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Documenti di spedizione 000293949040405959000.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Documenti di spedizione 000293949040405959000.exeReversingLabs: Detection: 28%
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: 5-?|--Help|/?|/Help
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: 5-?|--Help|/?|/Help
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: Microsoft.VisualStudio.TestPlatform.CommandLine.Resources.Resources/AddnlInfoMessagesBannerAAppContainerTestPrerequisiteFail/AppxBundleSourceWarning'AssemblyPathInvalid-AttachmentOutputFormat#AttachmentsBannerCAvailableDiscoverersHeaderMessage?AvailableExecutorsHeaderMessage1AvailableExtensionFormatCAvailableExtensionsMetadataFormat;AvailableLoggersHeaderMessageOAvailableSettingsProvidersHeaderMessage)AvailableTestsFormat#BatchSizeRequiredOBlameCollectDumpNotSupportedForPlatformeBlameCollectDumpTestTimeoutNotSupportedForPlatform)BlameIncorrectOption3BuildBasePathArgumentHelp+BuildBasePathNotFound'CannotBeNullOrEmpty5CLIRunSettingsArgumentHelp'CollectArgumentHelpECollectWithTestSettingErrorMessage!CommandLineError1CommandLineInformational%CommandLineWarning)CommaSeparatedFormat3ConfigurationArgumentHelp3CopyrightCommandLineTitleADataCollectorFriendlyNameInvalidDays)DbgTrcMessagesBanner9DesignModeClientTimeoutError+DisableAutoFakesUsageaDisablingCodeCoverageInAppContainerTestExecutionkDisablingCodeCoverageInPhoneAppContainerTestExecutioneDisablingDataCollectionInAppContainerTestExecutionoDisablingDataCollectionInPhoneAppContainerTestExecutionQDisablingDCOnExceptionWhileParsingDCInfo
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: SettingFormat)SkippedTestIndicatorESomeTestsUnavailableAfterFiltering+SpecificTestsRequired!StacktraceBanner#StartingDiscovery#StartingExecution1StartTestSessionTimedOut)StdErrMessagesBanner)StdOutMessagesBanner/StopTestSessionTimedOut9StringFormatToJoinTwoStringsMSuggestTestAdapterPathIfNoTestsIsFound7SupportedFileTypesIndicator;SupportedFileWithoutSeparator5SupportedFileWithSeparatorGSwitchToIsolationInAppContainerModeKSwitchToIsolationInMultiTargetingModeQSwitchToIsolationInPhoneAppContainerMode'SwitchToNoIsolation=TestAdapterLoadingStrategyHelpMTestAdapterLoadingStrategyValueInvalid_TestAdapterLoadingStrategyValueInvalidRecursive7TestAdapterPathDoesNotExist'TestAdapterPathHelp9TestAdapterPathValueRequired_TestAdapterPathValueRequiredWhenStrategyXIsUsed5TestCaseFilterArgumentHelp7TestCaseFilterValueRequired
                  Source: Documenti di spedizione 000293949040405959000.exeString found in binary or memory: SettingFormat)SkippedTestIndicatorESomeTestsUnavailableAfterFiltering+SpecificTestsRequired!StacktraceBanner#StartingDiscovery#StartingExecution1StartTestSessionTimedOut)StdErrMessagesBanner)StdOutMessagesBanner/StopTestSessionTimedOut9StringFormatToJoinTwoStringsMSuggestTestAdapterPathIfNoTestsIsFound7SupportedFileTypesIndicator;SupportedFileWithoutSeparator5SupportedFileWithSeparatorGSwitchToIsolationInAppContainerModeKSwitchToIsolationInMultiTargetingModeQSwitchToIsolationInPhoneAppContainerMode'SwitchToNoIsolation=TestAdapterLoadingStrategyHelpMTestAdapterLoadingStrategyValueInvalid_TestAdapterLoadingStrategyValueInvalidRecursive7TestAdapterPathDoesNotExist'TestAdapterPathHelp9TestAdapterPathValueRequired_TestAdapterPathValueRequiredWhenStrategyXIsUsed5TestCaseFilterArgumentHelp7TestCaseFilterValueRequired
                  Source: unknownProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: Documenti di spedizione 000293949040405959000.exe, Tank.cs.Net Code: Polan System.AppDomain.Load(byte[])
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: 0xA04BB9CD [Mon Mar 22 08:35:25 2055 UTC]
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_064EFEF0 push es; ret 2_2_064EFEF4
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeCode function: 2_2_064E3FB7 push 24065EDAh; retf 2_2_064E3FD5
                  Source: Documenti di spedizione 000293949040405959000.exeStatic PE information: section name: .text entropy: 7.1490323177146875
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.5530000.2.raw.unpack, Form1.csHigh entropy of concatenated method names: 'oxycobaltammine', 'fringier', 'unchorded', 'wAhRr7CKv', 'Dispose', 'lVOGV1721', 'ULHqFVpPeqZbNsBNpV', 'TchE2TMnA4CKf52ZUf', 'f0mq9hQrUpsqOwSyGd', 'nTd0Zl0tx6BYOWEqZW'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.5530000.2.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csHigh entropy of concatenated method names: 'pwiMsJJwOLAUrsrsiLrJk', 'vkJkyBAyMrJJZpZnJUUsB', 'pBDTEixOwwhDhOiywipLh', 'wZnEyxixGJZZTGvwQsrMDAvGiTwBJLT', 'erhT', 'aerhTteS46w', 'LvfQyBLvviAnvZJBUkfipTGCDTvQDxU', 'F6WFViyxW', 'TE3wDwuNS', 'MyGetProcAddressWrapper'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, Form1.csHigh entropy of concatenated method names: 'oxycobaltammine', 'fringier', 'unchorded', 'wAhRr7CKv', 'Dispose', 'lVOGV1721', 'ULHqFVpPeqZbNsBNpV', 'TchE2TMnA4CKf52ZUf', 'f0mq9hQrUpsqOwSyGd', 'nTd0Zl0tx6BYOWEqZW'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csHigh entropy of concatenated method names: 'pwiMsJJwOLAUrsrsiLrJk', 'vkJkyBAyMrJJZpZnJUUsB', 'pBDTEixOwwhDhOiywipLh', 'wZnEyxixGJZZTGvwQsrMDAvGiTwBJLT', 'erhT', 'aerhTteS46w', 'LvfQyBLvviAnvZJBUkfipTGCDTvQDxU', 'F6WFViyxW', 'TE3wDwuNS', 'MyGetProcAddressWrapper'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, Form1.csHigh entropy of concatenated method names: 'oxycobaltammine', 'fringier', 'unchorded', 'wAhRr7CKv', 'Dispose', 'lVOGV1721', 'ULHqFVpPeqZbNsBNpV', 'TchE2TMnA4CKf52ZUf', 'f0mq9hQrUpsqOwSyGd', 'nTd0Zl0tx6BYOWEqZW'
                  Source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csHigh entropy of concatenated method names: 'pwiMsJJwOLAUrsrsiLrJk', 'vkJkyBAyMrJJZpZnJUUsB', 'pBDTEixOwwhDhOiywipLh', 'wZnEyxixGJZZTGvwQsrMDAvGiTwBJLT', 'erhT', 'aerhTteS46w', 'LvfQyBLvviAnvZJBUkfipTGCDTvQDxU', 'F6WFViyxW', 'TE3wDwuNS', 'MyGetProcAddressWrapper'
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: 1150000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: 2EB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: 2DD0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: 2790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: 2970000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: 4970000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599653Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599218Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598998Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598890Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598671Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598453Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598342Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598124Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597796Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597249Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597140Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597031Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596921Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596812Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596703Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596593Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596484Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596374Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596265Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596046Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595937Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595828Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595718Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595609Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595499Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595390Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595281Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595171Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595062Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594953Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594843Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594734Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594624Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWindow / User API: threadDelayed 8259Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWindow / User API: threadDelayed 1599Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 6768Thread sleep count: 8259 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 6768Thread sleep count: 1599 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599653s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599546s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599218s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -599109s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598998s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598890s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598781s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598671s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598562s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598342s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598234s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598124s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -598015s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597796s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597578s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597249s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597140s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -597031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596921s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596484s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596374s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596265s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596156s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -596046s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595937s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595718s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595609s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595499s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595390s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595281s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595171s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -595062s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -594953s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -594843s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -594734s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe TID: 320Thread sleep time: -594624s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599653Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599218Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598998Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598890Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598671Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598453Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598342Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598124Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597796Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597249Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597140Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 597031Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596921Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596812Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596703Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596593Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596484Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596374Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596265Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 596046Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595937Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595828Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595718Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595609Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595499Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595390Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595281Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595171Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 595062Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594953Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594843Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594734Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeThread delayed: delay time: 594624Jump to behavior
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4545882419.0000000005C80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeProcess created: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe "C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Documenti di spedizione 000293949040405959000.exe, 00000000.00000000.2066101536.0000000000A92000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: procdump.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected AgentTesla
                  Source: Yara matchFile source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Documenti di spedizione 000293949040405959000.exe PID: 6396, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Documenti di spedizione 000293949040405959000.exe PID: 2260, type: MEMORYSTR
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                  Source: C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                  Source: Yara matchFile source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Documenti di spedizione 000293949040405959000.exe PID: 6396, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Documenti di spedizione 000293949040405959000.exe PID: 2260, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected AgentTesla
                  Source: Yara matchFile source: 2.2.Documenti di spedizione 000293949040405959000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Documenti di spedizione 000293949040405959000.exe.3f3c9b0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Documenti di spedizione 000293949040405959000.exe.3efaf80.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Documenti di spedizione 000293949040405959000.exe PID: 6396, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Documenti di spedizione 000293949040405959000.exe PID: 2260, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		2
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter                  		Boot or Logon Initialization Scripts11
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Credentials in Registry                  		24
                  System Information Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                  Obfuscated Files or Information                  		Security Account Manager1
                  Query Registry                  		SMB/Windows Admin Shares1
                  Email Collection                  		2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Software Packing                  		NTDS121
                  Security Software Discovery                  		Distributed Component Object ModelInput Capture13
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Timestomp                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials141
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                  Virtualization/Sandbox Evasion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                  Process Injection                  		Proc Filesystem1
                  System Network Configuration Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Documenti di spedizione 000293949040405959000.exe29%ReversingLabs
                  Documenti di spedizione 000293949040405959000.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://ftp.concaribe.com100%Avira URL Cloudmalware
                  http://concaribe.com100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  api.ipify.org
                  		104.26.12.205
                  		truefalse
                    		high
                    concaribe.com
                    		192.185.13.234
                    		truetrue
                      		unknown
                      ftp.concaribe.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://api.ipify.orgDocumenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmp, Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            		high
                            http://ftp.concaribe.comDocumenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://aka.ms/dotnet-test.Documenti di spedizione 000293949040405959000.exefalse
                              		high
                              https://aka.ms/vstest-configure-datacollectorDocumenti di spedizione 000293949040405959000.exefalse
                                		high
                                https://account.dyn.com/Documenti di spedizione 000293949040405959000.exe, 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, Documenti di spedizione 000293949040405959000.exe, 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  http://concaribe.comDocumenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://api.ipify.org/tDocumenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDocumenti di spedizione 000293949040405959000.exe, 00000002.00000002.4543807005.0000000002971000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://aka.ms/vstest-runsettings-argumentsDocumenti di spedizione 000293949040405959000.exefalse
                                        		high
                                        https://aka.ms/console-loggerDocumenti di spedizione 000293949040405959000.exefalse
                                          		high
                                          https://aka.ms/vstest-collectDocumenti di spedizione 000293949040405959000.exefalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            104.26.12.205
                                            		api.ipify.orgUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            192.185.13.234
                                            		concaribe.comUnited States
                                            		46606UNIFIEDLAYER-AS-1UStrue

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1560838
                                            Start date and time:2024-11-22 11:55:07 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 7m 18s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:7
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:Documenti di spedizione 000293949040405959000.exe
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@5/0@2/2
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:
                                            • Successful, ratio: 99%
                                            • Number of executed functions: 71
                                            • Number of non-executed functions: 7
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • VT rate limit hit for: Documenti di spedizione 000293949040405959000.exe

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            05:56:03API Interceptor11698437x Sleep call for process: Documenti di spedizione 000293949040405959000.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            104.26.12.205Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                            • api.ipify.org/
                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                            • api.ipify.org/
                                            perfcc.elfGet hashmaliciousXmrigBrowse
                                            • api.ipify.org/
                                            SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            192.185.13.234draft bl_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                            • concaribe.com/wp-includes/assets/GkRyQpLAQhPD144.bin

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            api.ipify.orgRFQ_PO_N39859JFK_ORDER_SPECIFICATIONS_OM.batGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                            • 104.26.13.205
                                            MV BBG MUARA Ship's Particulars.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.12.205
                                            CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.12.205
                                            +11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msgGet hashmaliciousHtmlDropperBrowse
                                            • 104.26.12.205
                                            DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                            • 172.67.74.152
                                            datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            https://www.canva.com/design/DAGXCpgrUrs/iMtluWgvWDmsrSdUOsij5Q/view?utm_content=DAGXCpgrUrs&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            https://pub-a652f10bc7cf485fb3baac4a6358c931.r2.dev/dreyflex.htmlGet hashmaliciousGabagoolBrowse
                                            • 104.26.12.205
                                            https://url.us.m.mimecastprotect.com/s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.comGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUShttps://dorentop.es/yorii/Odrivex/Get hashmaliciousHTMLPhisherBrowse
                                            • 104.18.11.207
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.21.66.38
                                            https://vidrariamortagua.pt/index.php/es/inicio/Get hashmaliciousUnknownBrowse
                                            • 104.22.50.245
                                            https:/novembro-24.s3.us-east-2.amazonaws.com/FAT-Comprovativo_Novembro_hky_22-11-2024_21.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 1.1.1.1
                                            http://cdn-webstats.comGet hashmaliciousUnknownBrowse
                                            • 172.67.215.185
                                            https://start.searchmagiconline.com/nav?emid=0F8BFBFF00050657None421A96011&appId=1654513741549412&string_interpolation=GET_BRAND_NAMEGet hashmaliciousUnknownBrowse
                                            • 104.18.30.129
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.21.66.38
                                            http://acsltddocu3.technolutionszzzz.net/Get hashmaliciousUnknownBrowse
                                            • 104.17.25.14
                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                            • 104.21.66.38
                                            http://mweb.webhop.orgGet hashmaliciousHTMLPhisherBrowse
                                            • 104.18.95.41
                                            UNIFIEDLAYER-AS-1USexe010.exeGet hashmaliciousUpatreBrowse
                                            • 192.185.35.56
                                            88a4dd8-Contract Agreement-Final378208743.pdfGet hashmaliciousUnknownBrowse
                                            • 162.241.114.35
                                            754619b-Contract Agreement-Final727916073.pdfGet hashmaliciousUnknownBrowse
                                            • 162.241.114.35
                                            Invoice_Billing_carolinadunesbh.com_6995261057.htmlGet hashmaliciousUnknownBrowse
                                            • 69.49.245.172
                                            scam.htmlGet hashmaliciousUnknownBrowse
                                            • 69.49.245.172
                                            https://irvinsahnimd.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TVc1aGNHUT0mdWlkPVVTRVIzMTEwMjAyNFUyNjEwMzE1MQGet hashmaliciousUnknownBrowse
                                            • 192.254.189.167
                                            https://vintagefarmandbarn.com/%25$$%25$%25/%25$$%25/dBsG4Ne3GFI7tW1iwp6n.htmlGet hashmaliciousHTMLPhisherBrowse
                                            • 69.49.230.170
                                            MV BBG MUARA Ship's Particulars.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 50.87.144.157
                                            CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 50.87.144.157
                                            Secured Audlo_secpod.com_1524702658.htmlGet hashmaliciousUnknownBrowse
                                            • 69.49.245.172

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            3b5074b1b5d032e5620f69f9f700ff0esosoliso.exeGet hashmaliciousMassLogger RATBrowse
                                            • 104.26.12.205
                                            STMod_32bit.exeGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            STMod.exeGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            ST Mod - Patcher.exeGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            STMod_32bit.exeGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            STMod.exeGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            Bomke.ps1Get hashmaliciousLummaCBrowse
                                            • 104.26.12.205
                                            Sc.ps1Get hashmaliciousLummaCBrowse
                                            • 104.26.12.205
                                            https://hk-csl5g.top/comGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.26.12.205

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.137699977023649
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Windows Screen Saver (13104/52) 0.07%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            File name:Documenti di spedizione 000293949040405959000.exe
                                            File size:598'016 bytes
                                            MD5:5d32495cf3af0094a17aa09f76b7d27c
                                            SHA1:3009c98452cd000828b3bf0ba8ad5b72d05c7f7e
                                            SHA256:e6f50a0c2551c1d2593b8963bac95b0a3f4aad6d6b60d2a4e09d0c70dfd37649
                                            SHA512:afa9331ef7fdf6b261b1a1164af17ab52fccb3f24ff659bd6242bf01ba210989bf326e4ba0141cdbb994f0759061f87e498a86fad7d77d566aa26dfcad35ebc1
                                            SSDEEP:12288:7O7LcE7rjYvGrCLXBozBd6bRMgvChOW1AsQ6nBhhdBrGZ:ZEcu29ozBUVMgvNW1AsQOfRG
                                            TLSH:01D47B44A3F84A29F2FB6F74BAB854214A33FC47AD36E66D254C208D1B63B50D960773
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....K...............0..............5... ...@....@.. ....................................@................................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x49350e
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0xA04BB9CD [Mon Mar 22 08:35:25 2055 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x934bc0x4f.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x940000x586.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x960000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x915140x916002a1574129f89f6c4b0949b2f0b2e1129False0.6438662134565778SysEx File -7.1490323177146875IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0x940000x5860x6003725bc2916ed261fb7504eaa278107efFalse0.4134114583333333data4.021983263157424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x960000xc0x2000760b0782746b15bc40a395c2b19145bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0x940a00x2fcdata0.43848167539267013
                                            RT_MANIFEST0x9439c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 22, 2024 11:56:02.627371073 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:02.627474070 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:02.627573967 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:02.633796930 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:02.633833885 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:03.858349085 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:03.858460903 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:04.065332890 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:04.065371990 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:04.065836906 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:04.108385086 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:04.200516939 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:04.247324944 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:04.524168015 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:04.524256945 CET44349706104.26.12.205192.168.2.5
                                            Nov 22, 2024 11:56:04.524333000 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:04.530807018 CET49706443192.168.2.5104.26.12.205
                                            Nov 22, 2024 11:56:05.771034956 CET4970821192.168.2.5192.185.13.234
                                            Nov 22, 2024 11:56:05.891618013 CET2149708192.185.13.234192.168.2.5
                                            Nov 22, 2024 11:56:05.891736031 CET4970821192.168.2.5192.185.13.234
                                            Nov 22, 2024 11:56:05.897455931 CET4970821192.168.2.5192.185.13.234
                                            Nov 22, 2024 11:56:06.017201900 CET2149708192.185.13.234192.168.2.5
                                            Nov 22, 2024 11:56:06.017379999 CET4970821192.168.2.5192.185.13.234

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 22, 2024 11:56:02.476547003 CET5033953192.168.2.51.1.1.1
                                            Nov 22, 2024 11:56:02.618993998 CET53503391.1.1.1192.168.2.5
                                            Nov 22, 2024 11:56:05.080461979 CET5813753192.168.2.51.1.1.1
                                            Nov 22, 2024 11:56:05.769383907 CET53581371.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Nov 22, 2024 11:56:02.476547003 CET192.168.2.51.1.1.10x60a0Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                            Nov 22, 2024 11:56:05.080461979 CET192.168.2.51.1.1.10x283aStandard query (0)ftp.concaribe.comA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Nov 22, 2024 11:56:02.618993998 CET1.1.1.1192.168.2.50x60a0No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                            Nov 22, 2024 11:56:02.618993998 CET1.1.1.1192.168.2.50x60a0No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                            Nov 22, 2024 11:56:02.618993998 CET1.1.1.1192.168.2.50x60a0No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                            Nov 22, 2024 11:56:05.769383907 CET1.1.1.1192.168.2.50x283aNo error (0)ftp.concaribe.comconcaribe.comCNAME (Canonical name)IN (0x0001)false
                                            Nov 22, 2024 11:56:05.769383907 CET1.1.1.1192.168.2.50x283aNo error (0)concaribe.com192.185.13.234A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • api.ipify.org

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.549706104.26.12.2054432260C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe
                                            TimestampBytes transferredDirectionData
                                            2024-11-22 10:56:04 UTC155OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                            Host: api.ipify.org
                                            Connection: Keep-Alive
                                            2024-11-22 10:56:04 UTC399INHTTP/1.1 200 OK
                                            Date: Fri, 22 Nov 2024 10:56:04 GMT
                                            Content-Type: text/plain
                                            Content-Length: 11
                                            Connection: close
                                            Vary: Origin
                                            cf-cache-status: DYNAMIC
                                            Server: cloudflare
                                            CF-RAY: 8e68640b38eb420a-EWR
                                            server-timing: cfL4;desc="?proto=TCP&rtt=1582&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1798029&cwnd=250&unsent_bytes=0&cid=202c12398174d86c&ts=680&x=0"
                                            2024-11-22 10:56:04 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                            Data Ascii: 8.46.123.75


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:05:56:00
                                            Start date:22/11/2024
                                            Path:C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"
                                            Imagebase:0xa90000
                                            File size:598'016 bytes
                                            MD5 hash:5D32495CF3AF0094A17AA09F76B7D27C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2074626158.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:1
                                            Start time:05:56:00
                                            Start date:22/11/2024
                                            Path:C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"
                                            Imagebase:0x1f0000
                                            File size:598'016 bytes
                                            MD5 hash:5D32495CF3AF0094A17AA09F76B7D27C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:2
                                            Start time:05:56:00
                                            Start date:22/11/2024
                                            Path:C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Documenti di spedizione 000293949040405959000.exe"
                                            Imagebase:0x5e0000
                                            File size:598'016 bytes
                                            MD5 hash:5D32495CF3AF0094A17AA09F76B7D27C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4543807005.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4543807005.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4542512598.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:7.5%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:33
                                              Total number of Limit Nodes:3
                                              execution_graph 16408 115d5e0 16409 115d626 GetCurrentProcess 16408->16409 16411 115d671 16409->16411 16412 115d678 GetCurrentThread 16409->16412 16411->16412 16413 115d6b5 GetCurrentProcess 16412->16413 16414 115d6ae 16412->16414 16415 115d6eb 16413->16415 16414->16413 16416 115d713 GetCurrentThreadId 16415->16416 16417 115d744 16416->16417 16418 115d828 DuplicateHandle 16419 115d8be 16418->16419 16420 115b258 16423 115b33f 16420->16423 16421 115b267 16424 115b361 16423->16424 16425 115b384 16423->16425 16424->16425 16426 115b588 GetModuleHandleW 16424->16426 16425->16421 16427 115b5b5 16426->16427 16427->16421 16428 1154668 16429 115467a 16428->16429 16430 1154686 16429->16430 16432 1154781 16429->16432 16433 1154787 16432->16433 16437 1154878 16433->16437 16441 1154888 16433->16441 16438 115487f 16437->16438 16440 115498c 16438->16440 16445 1154248 16438->16445 16443 11548af 16441->16443 16442 115498c 16442->16442 16443->16442 16444 1154248 CreateActCtxA 16443->16444 16444->16442 16446 1155918 CreateActCtxA 16445->16446 16448 11559db 16446->16448

                                              Executed Functions

                                              Function 0115D5D0 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 294 115d5d0-115d66f GetCurrentProcess 298 115d671-115d677 294->298 299 115d678-115d6ac GetCurrentThread 294->299 298->299 300 115d6b5-115d6e9 GetCurrentProcess 299->300 301 115d6ae-115d6b4 299->301 302 115d6f2-115d70d call 115d7b0 300->302 303 115d6eb-115d6f1 300->303 301->300 307 115d713-115d742 GetCurrentThreadId 302->307 303->302 308 115d744-115d74a 307->308 309 115d74b-115d7ad 307->309 308->309
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 0115D65E
                                              • GetCurrentThread.KERNEL32 ref: 0115D69B
                                              • GetCurrentProcess.KERNEL32 ref: 0115D6D8
                                              • GetCurrentThreadId.KERNEL32 ref: 0115D731
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: 7966e1b0eeb01296cd409d7e8687b0d4c1ad5654b420a52326084a095d5a2864
                                              • Instruction ID: d395bd63ee833c741264d1c856474db12a12e28ebda9f089a23f0e3a2a3792f7
                                              • Opcode Fuzzy Hash: 7966e1b0eeb01296cd409d7e8687b0d4c1ad5654b420a52326084a095d5a2864
                                              • Instruction Fuzzy Hash: D35144B0900249CFDB58DFAAD548BAEBFF1EF49304F20C45AD419A7261D7389884CB65
                                              Function 0115D5E0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 316 115d5e0-115d66f GetCurrentProcess 320 115d671-115d677 316->320 321 115d678-115d6ac GetCurrentThread 316->321 320->321 322 115d6b5-115d6e9 GetCurrentProcess 321->322 323 115d6ae-115d6b4 321->323 324 115d6f2-115d70d call 115d7b0 322->324 325 115d6eb-115d6f1 322->325 323->322 329 115d713-115d742 GetCurrentThreadId 324->329 325->324 330 115d744-115d74a 329->330 331 115d74b-115d7ad 329->331 330->331
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 0115D65E
                                              • GetCurrentThread.KERNEL32 ref: 0115D69B
                                              • GetCurrentProcess.KERNEL32 ref: 0115D6D8
                                              • GetCurrentThreadId.KERNEL32 ref: 0115D731
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: ff0102c393602b0a08f6c1f11c6a43a7970179a4a2651cd58810bbca65b4f6b1
                                              • Instruction ID: b4ac5986b5cdb376611bcd02ef65193cc91d687a036e6270b961f5e560a5c27d
                                              • Opcode Fuzzy Hash: ff0102c393602b0a08f6c1f11c6a43a7970179a4a2651cd58810bbca65b4f6b1
                                              • Instruction Fuzzy Hash: F85145B0900249CFDB58DFAAD548BAEBFF5EF49304F20C45AE419A7260D7349884CB65
                                              Function 0115B33F Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 361 115b33f-115b35f 362 115b361-115b36e call 1159dc8 361->362 363 115b38b-115b38f 361->363 368 115b384 362->368 369 115b370 362->369 365 115b391-115b39b 363->365 366 115b3a3-115b3e4 363->366 365->366 372 115b3e6-115b3ee 366->372 373 115b3f1-115b3ff 366->373 368->363 416 115b376 call 115b5e8 369->416 417 115b376 call 115b5da 369->417 372->373 374 115b401-115b406 373->374 375 115b423-115b425 373->375 377 115b411 374->377 378 115b408-115b40f call 115b004 374->378 380 115b428-115b42f 375->380 376 115b37c-115b37e 376->368 379 115b4c0-115b580 376->379 382 115b413-115b421 377->382 378->382 411 115b582-115b585 379->411 412 115b588-115b5b3 GetModuleHandleW 379->412 383 115b431-115b439 380->383 384 115b43c-115b443 380->384 382->380 383->384 386 115b445-115b44d 384->386 387 115b450-115b459 call 115b014 384->387 386->387 392 115b466-115b46b 387->392 393 115b45b-115b463 387->393 394 115b46d-115b474 392->394 395 115b489-115b48d 392->395 393->392 394->395 397 115b476-115b486 call 115b024 call 115b034 394->397 418 115b490 call 115b8e1 395->418 419 115b490 call 115b940 395->419 420 115b490 call 115b8e8 395->420 397->395 400 115b493-115b496 402 115b4b9-115b4bf 400->402 403 115b498-115b4b6 400->403 403->402 411->412 413 115b5b5-115b5bb 412->413 414 115b5bc-115b5d0 412->414 413->414 416->376 417->376 418->400 419->400 420->400
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0115B5A6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 79615ab250eb58ce959a85696603854396996fd916ce6bec75b8998e51153dab
                                              • Instruction ID: 7af5a04bab26f32f1e30e6bc8d09b9bc4c9da879d0264139ac685644cfdcb07a
                                              • Opcode Fuzzy Hash: 79615ab250eb58ce959a85696603854396996fd916ce6bec75b8998e51153dab
                                              • Instruction Fuzzy Hash: 03814670A04B05CFD7A8DF29D0447AABBF2FF48204F10892ED9AAD7A50D734E845CB95
                                              Function 01154248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 421 1154248-11559d9 CreateActCtxA 424 11559e2-1155a3c 421->424 425 11559db-11559e1 421->425 432 1155a3e-1155a41 424->432 433 1155a4b-1155a4f 424->433 425->424 432->433 434 1155a51-1155a5d 433->434 435 1155a60 433->435 434->435 437 1155a61 435->437 437->437
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 011559C9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 812e856f93687f639947c2ba02869fe1e402c4f680cc7fdbe411c6fa8597dc1d
                                              • Instruction ID: 4098c647d7d314a55464d337b6bfc8616b30f42ba6ed0267c8ab3872c1254318
                                              • Opcode Fuzzy Hash: 812e856f93687f639947c2ba02869fe1e402c4f680cc7fdbe411c6fa8597dc1d
                                              • Instruction Fuzzy Hash: EB41F2B0C0071DCBDB68CFA9C844B9DBBF6BF49304F20806AD418AB251DB756946CF91
                                              Function 0115D828 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 438 115d828-115d8bc DuplicateHandle 439 115d8c5-115d8e2 438->439 440 115d8be-115d8c4 438->440 440->439
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0115D8AF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: e24df82f858317cab57254e079c6175b2654dc4ab5e92f102704021f0b62cf84
                                              • Instruction ID: 44d46751ea90593d9d8f4140e7a98e64140eefa2b7d507f8f55ce9df605747d0
                                              • Opcode Fuzzy Hash: e24df82f858317cab57254e079c6175b2654dc4ab5e92f102704021f0b62cf84
                                              • Instruction Fuzzy Hash: 8D21B3B5900248DFDB10CF9AD584ADEBBF9FB48310F14845AE918A7350D378A944CFA5
                                              Function 0115D821 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 443 115d821-115d8bc DuplicateHandle 444 115d8c5-115d8e2 443->444 445 115d8be-115d8c4 443->445 445->444
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0115D8AF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 64b729c80eaa981ee3cb3e6dbac54c1e1ef82094e7baf9dd0c20cc58e57fc5fe
                                              • Instruction ID: c19260590e40c038b41a2caa6fc05bb90dae108e228ec44cd338112243d8c1e6
                                              • Opcode Fuzzy Hash: 64b729c80eaa981ee3cb3e6dbac54c1e1ef82094e7baf9dd0c20cc58e57fc5fe
                                              • Instruction Fuzzy Hash: FA21E0B5900208DFDB10CFA9D584ADEBBF4FB08310F14845AE918A7210C378A944CFA5
                                              Function 0115B540 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 448 115b540-115b580 449 115b582-115b585 448->449 450 115b588-115b5b3 GetModuleHandleW 448->450 449->450 451 115b5b5-115b5bb 450->451 452 115b5bc-115b5d0 450->452 451->452
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0115B5A6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 347335c33ec4c13e398774a8ca7cae1656850602a2c2bcdddbbdf61ea4a170d0
                                              • Instruction ID: 4488b579e23a10125b6169eeb78aa3a6db77d1af18b60a349b9cdf223d6b8a88
                                              • Opcode Fuzzy Hash: 347335c33ec4c13e398774a8ca7cae1656850602a2c2bcdddbbdf61ea4a170d0
                                              • Instruction Fuzzy Hash: FA110FB5C002498FDB14DF9AC444A9EFBF9EB89314F10841AD929B7200C379A545CFA5
                                              Function 010ED61C Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2071741890.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_10ed000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: becb15297c70a0d7b93c397fa6872ba1bcd9393bde7f502cace7fe83700e2d36
                                              • Instruction ID: 19743ca56537d5cb38b80e35ead99306f8565d49dd934024f32515f6bd0cc8c2
                                              • Opcode Fuzzy Hash: becb15297c70a0d7b93c397fa6872ba1bcd9393bde7f502cace7fe83700e2d36
                                              • Instruction Fuzzy Hash: 01210371600244DFDB05DF98D9C8F2ABFE5FB98310F2485A9E98D0B256C33AD416CBA1
                                              Function 010FD01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2071832483.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_10fd000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7c5b323d411f8d201df6ca14721c132982a98803163931e06f071bf00d60a895
                                              • Instruction ID: 979bc18b57ffab6a32bfdc1b75e2856d780ea7e6196960c74b835f86ddc050d7
                                              • Opcode Fuzzy Hash: 7c5b323d411f8d201df6ca14721c132982a98803163931e06f071bf00d60a895
                                              • Instruction Fuzzy Hash: 10212571504200DFDB15DF68D581B16BFA5FB84314F20C5ADEA894B756C33AD407CB61
                                              Function 010ED617 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2071741890.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_10ed000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction ID: 96eb0a97754d21cf01597a5d1895284993ca3ef4d4f631f8022cc54d2e99dd88
                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction Fuzzy Hash: 2711AF76504280CFDB06CF54D5C8B16BFB2FB88314F24C5A9D9890B657C336D45ACBA2
                                              Function 010FD017 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2071832483.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_10fd000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: a307fca5768906321e53a098932bdbba624da7378b95e9cc8c2871d83360fe43
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: D211D075504280CFDB16CF54D5C4B15FFA2FB84314F24C6AEE9494B656C33AD40ACB62

                                              Non-executed Functions

                                              Function 0115E14C Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2072305058.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1150000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7edaefa5f3ac33823d8e89386027ebafa30d02c54b66460fa4072f6ce5cd0e2
                                              • Instruction ID: e3479fe05d9d16ca6aa25c4121b552baf3fd80719d2a3c719c903e2cd274dcb9
                                              • Opcode Fuzzy Hash: b7edaefa5f3ac33823d8e89386027ebafa30d02c54b66460fa4072f6ce5cd0e2
                                              • Instruction Fuzzy Hash: 38A18032E00216CFCF19DFB4C8845DEBBB6FF85300B15456AE925AB265DB31EA06CB40

                                              Execution Graph

                                              Execution Coverage:12.3%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:86
                                              Total number of Limit Nodes:12
                                              execution_graph 40976 27d0848 40977 27d084e 40976->40977 40978 27d091b 40977->40978 40982 27d1342 40977->40982 40987 64e2108 40977->40987 40991 64e20f8 40977->40991 40983 27d1330 40982->40983 40985 27d134b 40982->40985 40983->40977 40984 27d1440 40984->40977 40985->40984 40995 27d7e71 40985->40995 40988 64e2117 40987->40988 41008 64e1864 40988->41008 40992 64e2117 40991->40992 40993 64e1864 GetModuleHandleW 40992->40993 40994 64e2138 40993->40994 40994->40977 40996 27d7e7b 40995->40996 40997 27d7f31 40996->40997 41000 650fa18 40996->41000 41004 650fa28 40996->41004 40997->40985 41002 650fa3d 41000->41002 41001 650fc52 41001->40997 41002->41001 41003 650fc68 GlobalMemoryStatusEx GlobalMemoryStatusEx 41002->41003 41003->41002 41006 650fa3d 41004->41006 41005 650fc52 41005->40997 41006->41005 41007 650fc68 GlobalMemoryStatusEx GlobalMemoryStatusEx 41006->41007 41007->41006 41009 64e186f 41008->41009 41012 64e2fcc 41009->41012 41011 64e3abe 41011->41011 41013 64e2fd7 41012->41013 41014 64e41e4 41013->41014 41016 64e5e68 41013->41016 41014->41011 41017 64e5e89 41016->41017 41018 64e5ead 41017->41018 41020 64e6018 41017->41020 41018->41014 41021 64e6025 41020->41021 41022 64e605e 41021->41022 41024 64e5230 41021->41024 41022->41018 41025 64e523b 41024->41025 41027 64e60d0 41025->41027 41028 64e5264 41025->41028 41027->41027 41029 64e526f 41028->41029 41035 64e5274 41029->41035 41031 64e613f 41039 64eb450 41031->41039 41045 64eb438 41031->41045 41032 64e6179 41032->41027 41036 64e527f 41035->41036 41037 64e73c8 41036->41037 41038 64e5e68 GetModuleHandleW 41036->41038 41037->41031 41038->41037 41041 64eb481 41039->41041 41042 64eb4cd 41039->41042 41040 64eb48d 41040->41032 41041->41040 41051 64eb6c8 41041->41051 41056 64eb6c6 41041->41056 41042->41032 41047 64eb481 41045->41047 41048 64eb4cd 41045->41048 41046 64eb48d 41046->41032 41047->41046 41049 64eb6c8 GetModuleHandleW 41047->41049 41050 64eb6c6 GetModuleHandleW 41047->41050 41048->41032 41049->41048 41050->41048 41054 64eb438 GetModuleHandleW 41051->41054 41055 64eb450 GetModuleHandleW 41051->41055 41062 64eb708 41051->41062 41052 64eb6d2 41052->41042 41054->41052 41055->41052 41057 64eb6c8 41056->41057 41059 64eb708 GetModuleHandleW 41057->41059 41060 64eb438 GetModuleHandleW 41057->41060 41061 64eb450 GetModuleHandleW 41057->41061 41058 64eb6d2 41058->41042 41059->41058 41060->41058 41061->41058 41064 64eb70d 41062->41064 41063 64eb74c 41063->41052 41064->41063 41065 64eb950 GetModuleHandleW 41064->41065 41066 64eb97d 41065->41066 41066->41052 41067 64e3458 DuplicateHandle 41068 64e34ee 41067->41068 41069 64e3210 41070 64e3256 GetCurrentProcess 41069->41070 41072 64e32a8 GetCurrentThread 41070->41072 41073 64e32a1 41070->41073 41074 64e32de 41072->41074 41075 64e32e5 GetCurrentProcess 41072->41075 41073->41072 41074->41075 41078 64e331b 41075->41078 41076 64e3343 GetCurrentThreadId 41077 64e3374 41076->41077 41078->41076 41079 64ed8f0 41080 64ed958 CreateWindowExW 41079->41080 41082 64eda14 41080->41082

                                              Executed Functions

                                              Function 06502380 Relevance: 9.0, Strings: 6, Instructions: 1524COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: 658ce4d59f232f021c918912c4027d42124df8a6ca897d52f9d71bb6e2494efd
                                              • Instruction ID: 52e90ea6a6a624ee8174a049cf981e3ad26a14a369c0a9030e62f3faae394954
                                              • Opcode Fuzzy Hash: 658ce4d59f232f021c918912c4027d42124df8a6ca897d52f9d71bb6e2494efd
                                              • Instruction Fuzzy Hash: 37E23834E002098FDB64DF68C598A9DB7F2FF89310F5485A9D449AB2A5EB34ED85CF40
                                              Function 0650B300 Relevance: 8.3, Strings: 6, Instructions: 767COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: c440f5376a035e5dd2ee69badb51dc5db56263a1ef7180d691f3945cb61d7a55
                                              • Instruction ID: e4ee0af469e49f2c9e7860cd95d9bff436d5aa7cd0641aa49b24b777820ab3dd
                                              • Opcode Fuzzy Hash: c440f5376a035e5dd2ee69badb51dc5db56263a1ef7180d691f3945cb61d7a55
                                              • Instruction Fuzzy Hash: BD527F30E102099FEF64DB68D4D07AEB7B6FB85310F20892AE405DB295DB36DD85CB91
                                              Function 06507E40 Relevance: 3.0, Strings: 2, Instructions: 476COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1809 6507e40-6507e5e 1810 6507e60-6507e63 1809->1810 1811 6507e84-6507e87 1810->1811 1812 6507e65-6507e7f 1810->1812 1813 6507e89-6507ea5 1811->1813 1814 6507eaa-6507ead 1811->1814 1812->1811 1813->1814 1816 6507ec4-6507ec7 1814->1816 1817 6507eaf-6507ebd 1814->1817 1818 6507ed4-6507ed6 1816->1818 1819 6507ec9-6507ed3 1816->1819 1825 6507ee6-6507efc 1817->1825 1827 6507ebf 1817->1827 1821 6507ed8 1818->1821 1822 6507edd-6507ee0 1818->1822 1821->1822 1822->1810 1822->1825 1829 6507f02-6507f0b 1825->1829 1830 6508117-6508121 1825->1830 1827->1816 1831 6507f11-6507f2e 1829->1831 1832 6508122-6508157 1829->1832 1841 6508104-6508111 1831->1841 1842 6507f34-6507f5c 1831->1842 1835 6508159-650815c 1832->1835 1836 6508391-6508394 1835->1836 1837 6508162-6508171 1835->1837 1839 6508396-65083b2 1836->1839 1840 65083b7-65083ba 1836->1840 1846 6508190-65081d4 1837->1846 1847 6508173-650818e 1837->1847 1839->1840 1844 65083c0-65083cc 1840->1844 1845 6508465-6508467 1840->1845 1841->1829 1841->1830 1842->1841 1862 6507f62-6507f6b 1842->1862 1852 65083d7-65083d9 1844->1852 1849 6508469 1845->1849 1850 650846e-6508471 1845->1850 1863 6508365-650837b 1846->1863 1864 65081da-65081eb 1846->1864 1847->1846 1849->1850 1850->1835 1853 6508477-6508480 1850->1853 1858 65083f1-65083f5 1852->1858 1859 65083db-65083e1 1852->1859 1860 6508403 1858->1860 1861 65083f7-6508401 1858->1861 1865 65083e3 1859->1865 1866 65083e5-65083e7 1859->1866 1867 6508408-650840a 1860->1867 1861->1867 1862->1832 1868 6507f71-6507f8d 1862->1868 1863->1836 1876 6508350-650835f 1864->1876 1877 65081f1-650820e 1864->1877 1865->1858 1866->1858 1871 650841b-6508454 1867->1871 1872 650840c-650840f 1867->1872 1879 65080f2-65080fe 1868->1879 1880 6507f93-6507fbd 1868->1880 1871->1837 1892 650845a-6508464 1871->1892 1872->1853 1876->1863 1876->1864 1877->1876 1886 6508214-650830a call 6506670 1877->1886 1879->1841 1879->1862 1893 6507fc3-6507feb 1880->1893 1894 65080e8-65080ed 1880->1894 1942 6508318 1886->1942 1943 650830c-6508316 1886->1943 1893->1894 1900 6507ff1-650801f 1893->1900 1894->1879 1900->1894 1906 6508025-650802e 1900->1906 1906->1894 1908 6508034-6508066 1906->1908 1915 6508071-650808d 1908->1915 1916 6508068-650806c 1908->1916 1915->1879 1918 650808f-65080e6 call 6506670 1915->1918 1916->1894 1917 650806e 1916->1917 1917->1915 1918->1879 1944 650831d-650831f 1942->1944 1943->1944 1944->1876 1945 6508321-6508326 1944->1945 1946 6508334 1945->1946 1947 6508328-6508332 1945->1947 1948 6508339-650833b 1946->1948 1947->1948 1948->1876 1949 650833d-6508349 1948->1949 1949->1876
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: 8a064f4c62af19a0a73e9874d0ecd3915223e097bf7e5f46f4f868f2ce584fe6
                                              • Instruction ID: bdcf199f40d900c3f58402352ee2542557d9997c97f0c115cfbe5f140e3782f6
                                              • Opcode Fuzzy Hash: 8a064f4c62af19a0a73e9874d0ecd3915223e097bf7e5f46f4f868f2ce584fe6
                                              • Instruction Fuzzy Hash: 45027C30B002159FEF58DF68D890AAEB7E6FF88304F148529D4099B395DB35EC86CB81
                                              Function 065066C0 Relevance: .8, Instructions: 818COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cef0891f34cc99ee51383a1ac9457fda8986ef2a737012a3c8d9fa35908ca327
                                              • Instruction ID: 732b50b0f0a6e586dda35c75299e69d3611f3d3acb75dcd7576de9f139a7ce84
                                              • Opcode Fuzzy Hash: cef0891f34cc99ee51383a1ac9457fda8986ef2a737012a3c8d9fa35908ca327
                                              • Instruction Fuzzy Hash: 4F62AC34B002058FEB54DB68D594AADB7F2FF88314F248469E409EB395DB35ED56CB80
                                              Function 0650C240 Relevance: .6, Instructions: 636COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 789f1822ed53671f9778b8210ded21de13c38fc3ace913faedfae21df9781cb3
                                              • Instruction ID: b06662102a4069634a1e08586a96b301a4b53c30e1e4b6d6ec89a8ecce2d92ec
                                              • Opcode Fuzzy Hash: 789f1822ed53671f9778b8210ded21de13c38fc3ace913faedfae21df9781cb3
                                              • Instruction Fuzzy Hash: F2328F34B102058FEB54DF68D990AADB7B6FB89310F108629E405DB395DB35EC46CB91
                                              Function 065056A0 Relevance: .6, Instructions: 592COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 76e13571df13c61cef7e0e15963e364d8d256bce426ae0cd6a623954da814701
                                              • Instruction ID: 193f22f969d744c3be872e6c1d3fd16793c2d6eade40deb7982f0471a65fe58f
                                              • Opcode Fuzzy Hash: 76e13571df13c61cef7e0e15963e364d8d256bce426ae0cd6a623954da814701
                                              • Instruction Fuzzy Hash: EE12B331F102059FEB64DB64D98066EBBB2FF84310F24886AD8599B385EA34DD45CF91
                                              Function 0650AD98 Relevance: 10.4, Strings: 8, Instructions: 397COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 527 650ad98-650adb6 529 650adb8-650adbb 527->529 530 650adbd-650add9 529->530 531 650adde-650ade1 529->531 530->531 532 650ade3-650adf0 531->532 533 650adf5-650adf8 531->533 532->533 535 650afb5-650afbe 533->535 536 650adfe-650ae01 533->536 537 650ae03-650ae0c 535->537 538 650afc4-650afce 535->538 536->537 540 650ae1b-650ae1e 536->540 547 650ae12-650ae16 537->547 548 650afcf-650afd9 537->548 543 650ae20-650ae25 540->543 544 650ae28-650ae2b 540->544 543->544 545 650ae3c-650ae3f 544->545 546 650ae2d-650ae31 544->546 550 650ae41-650ae4a 545->550 551 650ae4f-650ae52 545->551 546->538 549 650ae37 546->549 547->540 555 650b023-650b025 548->555 556 650afdb-650afdd 548->556 549->545 550->551 552 650ae54-650ae67 551->552 553 650ae6c-650ae6e 551->553 552->553 557 650ae70 553->557 558 650ae75-650ae78 553->558 560 650b027-650b029 555->560 556->560 561 650afdf-650b006 556->561 557->558 558->529 562 650ae7e-650aea2 558->562 563 650b02a-650b02d 560->563 564 650b008-650b00b 561->564 578 650afb2 562->578 579 650aea8-650aeb7 562->579 565 650b050-650b053 563->565 566 650b02f-650b04b 563->566 567 650b018-650b01b 564->567 568 650b00d-650b017 564->568 570 650b060-650b063 565->570 571 650b055-650b059 565->571 566->565 567->563 572 650b01d 567->572 575 650b069-650b0a4 570->575 577 650b2cc-650b2ce 570->577 571->575 576 650b05b 571->576 655 650b01d call 650b2f0 572->655 656 650b01d call 650b300 572->656 586 650b297-650b2aa 575->586 587 650b0aa-650b0b6 575->587 576->570 580 650b2d0 577->580 581 650b2d5-650b2d8 577->581 578->535 589 650aeb9-650aebf 579->589 590 650aecf-650af0a call 6506670 579->590 580->581 581->564 582 650b2de-650b2e8 581->582 588 650b2ac 586->588 594 650b0d6-650b11a 587->594 595 650b0b8-650b0d1 587->595 588->577 591 650aec1 589->591 592 650aec3-650aec5 589->592 606 650af22-650af39 590->606 607 650af0c-650af12 590->607 591->590 592->590 612 650b136-650b175 594->612 613 650b11c-650b12e 594->613 595->588 619 650af51-650af62 606->619 620 650af3b-650af41 606->620 608 650af14 607->608 609 650af16-650af18 607->609 608->606 609->606 617 650b17b-650b256 call 6506670 612->617 618 650b25c-650b271 612->618 613->612 617->618 618->586 627 650af64-650af6a 619->627 628 650af7a-650afab 619->628 623 650af43 620->623 624 650af45-650af47 620->624 623->619 624->619 630 650af6c 627->630 631 650af6e-650af70 627->631 628->578 630->628 631->628 655->555 656->555
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: b6bfa967e98b94f543b351a1b94e83ad9c7973d96a632a529bfb1933543bffd7
                                              • Instruction ID: 64f44ca125e075415f8c8bce7c82fabb60d8adfaa81e3af22fa7fdae193a6ba1
                                              • Opcode Fuzzy Hash: b6bfa967e98b94f543b351a1b94e83ad9c7973d96a632a529bfb1933543bffd7
                                              • Instruction Fuzzy Hash: 7EE15F30E1030A8FEB69DF68D9906AEB7B6FF85304F108529D409AB395DB35D846CB91
                                              Function 064E320A Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1389 64e320a-64e329f GetCurrentProcess 1393 64e32a8-64e32dc GetCurrentThread 1389->1393 1394 64e32a1-64e32a7 1389->1394 1395 64e32de-64e32e4 1393->1395 1396 64e32e5-64e3319 GetCurrentProcess 1393->1396 1394->1393 1395->1396 1398 64e331b-64e3321 1396->1398 1399 64e3322-64e333d call 64e33e0 1396->1399 1398->1399 1402 64e3343-64e3372 GetCurrentThreadId 1399->1402 1403 64e337b-64e33dd 1402->1403 1404 64e3374-64e337a 1402->1404 1404->1403
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 064E328E
                                              • GetCurrentThread.KERNEL32 ref: 064E32CB
                                              • GetCurrentProcess.KERNEL32 ref: 064E3308
                                              • GetCurrentThreadId.KERNEL32 ref: 064E3361
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: f959c63ae4e389ad6158a479c84218d6f4c98e82f433b0beb876af8b3d882afd
                                              • Instruction ID: b69b0a9af01ead8456b3422010d5c110901ecefcde2b711e20f200b886e5ae14
                                              • Opcode Fuzzy Hash: f959c63ae4e389ad6158a479c84218d6f4c98e82f433b0beb876af8b3d882afd
                                              • Instruction Fuzzy Hash: 9A5157B09102498FDB95DFA9D948BEEBBF1FF88304F20845AE119AB360D7349944CF65
                                              Function 064E3210 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1411 64e3210-64e329f GetCurrentProcess 1415 64e32a8-64e32dc GetCurrentThread 1411->1415 1416 64e32a1-64e32a7 1411->1416 1417 64e32de-64e32e4 1415->1417 1418 64e32e5-64e3319 GetCurrentProcess 1415->1418 1416->1415 1417->1418 1420 64e331b-64e3321 1418->1420 1421 64e3322-64e333d call 64e33e0 1418->1421 1420->1421 1424 64e3343-64e3372 GetCurrentThreadId 1421->1424 1425 64e337b-64e33dd 1424->1425 1426 64e3374-64e337a 1424->1426 1426->1425
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 064E328E
                                              • GetCurrentThread.KERNEL32 ref: 064E32CB
                                              • GetCurrentProcess.KERNEL32 ref: 064E3308
                                              • GetCurrentThreadId.KERNEL32 ref: 064E3361
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: 4052edd336e7b7d29fc47c9879701aaaf1f76181060b811410c5844860eb2f1a
                                              • Instruction ID: 28554c12a2df88e756c0f691a8a14ca4d3699bac21dfdef60ea572e36f79b658
                                              • Opcode Fuzzy Hash: 4052edd336e7b7d29fc47c9879701aaaf1f76181060b811410c5844860eb2f1a
                                              • Instruction Fuzzy Hash: C35146B09002498FDB55DFA9D948BEEBBF1EF88304F20845AE109A7360D7349944CF65
                                              Function 06509210 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1433 6509210-6509235 1434 6509237-650923a 1433->1434 1435 6509260-6509263 1434->1435 1436 650923c-650925b 1434->1436 1437 6509b23-6509b25 1435->1437 1438 6509269-650927e 1435->1438 1436->1435 1440 6509b27 1437->1440 1441 6509b2c-6509b2f 1437->1441 1445 6509280-6509286 1438->1445 1446 6509296-65092ac 1438->1446 1440->1441 1441->1434 1443 6509b35-6509b3f 1441->1443 1447 6509288 1445->1447 1448 650928a-650928c 1445->1448 1450 65092b7-65092b9 1446->1450 1447->1446 1448->1446 1451 65092d1-6509342 1450->1451 1452 65092bb-65092c1 1450->1452 1463 6509344-6509367 1451->1463 1464 650936e-650938a 1451->1464 1453 65092c3 1452->1453 1454 65092c5-65092c7 1452->1454 1453->1451 1454->1451 1463->1464 1469 65093b6-65093d1 1464->1469 1470 650938c-65093af 1464->1470 1475 65093d3-65093f5 1469->1475 1476 65093fc-6509417 1469->1476 1470->1469 1475->1476 1481 6509442-650944c 1476->1481 1482 6509419-650943b 1476->1482 1483 650945c-65094d6 1481->1483 1484 650944e-6509457 1481->1484 1482->1481 1490 6509523-6509538 1483->1490 1491 65094d8-65094f6 1483->1491 1484->1443 1490->1437 1495 6509512-6509521 1491->1495 1496 65094f8-6509507 1491->1496 1495->1490 1495->1491 1496->1495
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: dda1f534ba4ba010473a9365a9b493e99f61bbdf4dcaa13a78f4ec73f1972834
                                              • Instruction ID: b775ea08d11e72b8bccc88ee7ed21bc772278ad257a70827fca6cacc8a87885b
                                              • Opcode Fuzzy Hash: dda1f534ba4ba010473a9365a9b493e99f61bbdf4dcaa13a78f4ec73f1972834
                                              • Instruction Fuzzy Hash: D6914F30B0021A8FDB54DF69D850BAEB7F6BF85604F508469D809EB389EB70DD468F91
                                              Function 0650D008 Relevance: 4.6, Strings: 3, Instructions: 804COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1499 650d008-650d023 1500 650d025-650d028 1499->1500 1501 650d071-650d074 1500->1501 1502 650d02a-650d06c 1500->1502 1503 650d076-650d0b8 1501->1503 1504 650d0bd-650d0c0 1501->1504 1502->1501 1503->1504 1506 650d0c2-650d0c4 1504->1506 1507 650d0cf-650d0d2 1504->1507 1509 650d0ca 1506->1509 1510 650d3af-650d3b8 1506->1510 1511 650d0d4-650d0e3 1507->1511 1512 650d11b-650d11e 1507->1512 1509->1507 1516 650d3c7-650d3d3 1510->1516 1517 650d3ba-650d3bf 1510->1517 1518 650d0f2-650d0fe 1511->1518 1519 650d0e5-650d0ea 1511->1519 1513 650d120-650d162 1512->1513 1514 650d167-650d16a 1512->1514 1513->1514 1520 650d174-650d177 1514->1520 1521 650d16c-650d171 1514->1521 1525 650d4e4-650d4e9 1516->1525 1526 650d3d9-650d3ed 1516->1526 1517->1516 1522 650d104-650d116 1518->1522 1523 650da25-650da3a 1518->1523 1519->1518 1527 650d1c0-650d1c3 1520->1527 1528 650d179-650d1bb 1520->1528 1521->1520 1522->1512 1538 650da3b-650da3c 1523->1538 1539 650d4f1 1525->1539 1526->1539 1540 650d3f3-650d405 1526->1540 1531 650d1e0-650d1e3 1527->1531 1532 650d1c5-650d1db 1527->1532 1528->1527 1541 650d1e5-650d227 1531->1541 1542 650d22c-650d22f 1531->1542 1532->1531 1538->1538 1546 650da3e-650da5e 1538->1546 1548 650d4f4-650d500 1539->1548 1563 650d407-650d40d 1540->1563 1564 650d429-650d42b 1540->1564 1541->1542 1542->1548 1549 650d235-650d238 1542->1549 1551 650da60-650da63 1546->1551 1548->1511 1555 650d506-650d7f3 1548->1555 1553 650d281-650d284 1549->1553 1554 650d23a-650d27c 1549->1554 1560 650da72-650da75 1551->1560 1561 650da65 call 650db7d 1551->1561 1566 650d286-650d2c8 1553->1566 1567 650d2cd-650d2d0 1553->1567 1554->1553 1713 650d7f9-650d7ff 1555->1713 1714 650da1a-650da24 1555->1714 1569 650da77-650da93 1560->1569 1570 650da98-650da9b 1560->1570 1581 650da6b-650da6d 1561->1581 1575 650d411-650d41d 1563->1575 1576 650d40f 1563->1576 1568 650d435-650d441 1564->1568 1566->1567 1572 650d2d2-650d2ee 1567->1572 1573 650d2f3-650d2f6 1567->1573 1606 650d443-650d44d 1568->1606 1607 650d44f 1568->1607 1569->1570 1582 650da9d-650dac9 1570->1582 1583 650dace-650dad0 1570->1583 1572->1573 1584 650d2f8-650d33a 1573->1584 1585 650d33f-650d342 1573->1585 1586 650d41f-650d427 1575->1586 1576->1586 1581->1560 1582->1583 1590 650dad2 1583->1590 1591 650dad7-650dada 1583->1591 1584->1585 1597 650d351-650d354 1585->1597 1598 650d344-650d346 1585->1598 1586->1568 1590->1591 1591->1551 1603 650dadc-650daeb 1591->1603 1600 650d356-650d365 1597->1600 1601 650d39d-650d39f 1597->1601 1598->1539 1608 650d34c 1598->1608 1609 650d374-650d380 1600->1609 1610 650d367-650d36c 1600->1610 1611 650d3a1 1601->1611 1612 650d3a6-650d3a9 1601->1612 1626 650db52-650db67 1603->1626 1627 650daed-650db50 call 6506670 1603->1627 1613 650d454-650d456 1606->1613 1607->1613 1608->1597 1609->1523 1620 650d386-650d398 1609->1620 1610->1609 1611->1612 1612->1500 1612->1510 1613->1539 1624 650d45c-650d478 call 6506670 1613->1624 1620->1601 1644 650d487-650d493 1624->1644 1645 650d47a-650d47f 1624->1645 1627->1626 1644->1525 1647 650d495-650d4e2 1644->1647 1645->1644 1647->1539 1715 650d801-650d806 1713->1715 1716 650d80e-650d817 1713->1716 1715->1716 1716->1523 1717 650d81d-650d830 1716->1717 1719 650d836-650d83c 1717->1719 1720 650da0a-650da14 1717->1720 1721 650d84b-650d854 1719->1721 1722 650d83e-650d843 1719->1722 1720->1713 1720->1714 1721->1523 1723 650d85a-650d87b 1721->1723 1722->1721 1726 650d88a-650d893 1723->1726 1727 650d87d-650d882 1723->1727 1726->1523 1728 650d899-650d8b6 1726->1728 1727->1726 1728->1720 1731 650d8bc-650d8c2 1728->1731 1731->1523 1732 650d8c8-650d8e1 1731->1732 1734 650d8e7-650d90e 1732->1734 1735 650d9fd-650da04 1732->1735 1734->1523 1738 650d914-650d91e 1734->1738 1735->1720 1735->1731 1738->1523 1739 650d924-650d93b 1738->1739 1741 650d94a-650d965 1739->1741 1742 650d93d-650d948 1739->1742 1741->1735 1747 650d96b-650d984 call 6506670 1741->1747 1742->1741 1751 650d993-650d99c 1747->1751 1752 650d986-650d98b 1747->1752 1751->1523 1753 650d9a2-650d9f6 1751->1753 1752->1751 1753->1735
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q
                                              • API String ID: 0-182748909
                                              • Opcode ID: d4f864989f1dee33bb6c7be306e0a088df30aa4df90da2547cc77942534875c2
                                              • Instruction ID: 4510cd0af93abbcf1c9cb2fe961cd43f4a85903a10257ea7a7340eb1179634de
                                              • Opcode Fuzzy Hash: d4f864989f1dee33bb6c7be306e0a088df30aa4df90da2547cc77942534875c2
                                              • Instruction Fuzzy Hash: E3626230A1021A8FDB55EF68D580A5DB7F6FF84344F208A29D4099F3A9DB75ED46CB80
                                              Function 06504C68 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1761 6504c68-6504c8c 1762 6504c8e-6504c91 1761->1762 1763 6504cb2-6504cb5 1762->1763 1764 6504c93-6504cad 1762->1764 1765 6505394-6505396 1763->1765 1766 6504cbb-6504db3 1763->1766 1764->1763 1767 6505398 1765->1767 1768 650539d-65053a0 1765->1768 1784 6504e36-6504e3d 1766->1784 1785 6504db9-6504e01 1766->1785 1767->1768 1768->1762 1770 65053a6-65053b3 1768->1770 1786 6504ec1-6504eca 1784->1786 1787 6504e43-6504eb3 1784->1787 1807 6504e06 call 6505520 1785->1807 1808 6504e06 call 6505511 1785->1808 1786->1770 1804 6504eb5 1787->1804 1805 6504ebe 1787->1805 1798 6504e0c-6504e28 1802 6504e33-6504e34 1798->1802 1803 6504e2a 1798->1803 1802->1784 1803->1802 1804->1805 1805->1786 1807->1798 1808->1798
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq$\Obq
                                              • API String ID: 0-4057264190
                                              • Opcode ID: 48bc64ffbf3a72f78870f94c041f6e0493df09c838a49d4053b13bd40f0c4a36
                                              • Instruction ID: fedd2ee251847fa2e74e153ae6ffafe901d32e52b5ded384cd9d683119ac1ccb
                                              • Opcode Fuzzy Hash: 48bc64ffbf3a72f78870f94c041f6e0493df09c838a49d4053b13bd40f0c4a36
                                              • Instruction Fuzzy Hash: A1615070E002099FEB549FA4C855BAEBBF6FB88300F208429E505AB395DB758D458F91
                                              Function 06509200 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2408 6509200-6509204 2409 6509265-650927e 2408->2409 2410 6509206-6509235 2408->2410 2417 6509280-6509286 2409->2417 2418 6509296-65092ac 2409->2418 2411 6509237-650923a 2410->2411 2412 6509260-6509263 2411->2412 2413 650923c-650925b 2411->2413 2415 6509b23-6509b25 2412->2415 2416 6509269-6509271 2412->2416 2413->2412 2420 6509b27 2415->2420 2421 6509b2c-6509b2f 2415->2421 2425 650927c-650927e 2416->2425 2422 6509288 2417->2422 2423 650928a-650928c 2417->2423 2428 65092b7-65092b9 2418->2428 2420->2421 2421->2411 2426 6509b35-6509b3f 2421->2426 2422->2418 2423->2418 2425->2417 2425->2418 2429 65092d1-6509342 2428->2429 2430 65092bb-65092c1 2428->2430 2441 6509344-6509367 2429->2441 2442 650936e-650938a 2429->2442 2431 65092c3 2430->2431 2432 65092c5-65092c7 2430->2432 2431->2429 2432->2429 2441->2442 2447 65093b6-65093d1 2442->2447 2448 650938c-65093af 2442->2448 2453 65093d3-65093f5 2447->2453 2454 65093fc-6509417 2447->2454 2448->2447 2453->2454 2459 6509442-650944c 2454->2459 2460 6509419-650943b 2454->2460 2461 650945c-65094d6 2459->2461 2462 650944e-6509457 2459->2462 2460->2459 2468 6509523-6509538 2461->2468 2469 65094d8-65094f6 2461->2469 2462->2426 2468->2415 2473 6509512-6509521 2469->2473 2474 65094f8-6509507 2469->2474 2473->2468 2473->2469 2474->2473
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: da6da232edd81e306b714c41b8e21645f537648c09fa3f20165c9976534bcae9
                                              • Instruction ID: 10aeaac9655c38bb6662adca8432332459114dfc48910adad4cf8eabe4316273
                                              • Opcode Fuzzy Hash: da6da232edd81e306b714c41b8e21645f537648c09fa3f20165c9976534bcae9
                                              • Instruction Fuzzy Hash: E7618030B041065FEB94DB78D891BAEB7F6FB84214F508469D409DB389EA30DC46CF91
                                              Function 06504C59 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2477 6504c59-6504c8c 2478 6504c8e-6504c91 2477->2478 2479 6504cb2-6504cb5 2478->2479 2480 6504c93-6504cad 2478->2480 2481 6505394-6505396 2479->2481 2482 6504cbb-6504db3 2479->2482 2480->2479 2483 6505398 2481->2483 2484 650539d-65053a0 2481->2484 2500 6504e36-6504e3d 2482->2500 2501 6504db9-6504e01 2482->2501 2483->2484 2484->2478 2486 65053a6-65053b3 2484->2486 2502 6504ec1-6504eca 2500->2502 2503 6504e43-6504eb3 2500->2503 2523 6504e06 call 6505520 2501->2523 2524 6504e06 call 6505511 2501->2524 2502->2486 2520 6504eb5 2503->2520 2521 6504ebe 2503->2521 2514 6504e0c-6504e28 2518 6504e33-6504e34 2514->2518 2519 6504e2a 2514->2519 2518->2500 2519->2518 2520->2521 2521->2502 2523->2514 2524->2514
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq
                                              • API String ID: 0-2292610095
                                              • Opcode ID: f39a9e8fb7433b3d3eaab6b7f2b2702684404f318f49810d4e3f9bffb23fe2f3
                                              • Instruction ID: 741ed91a11fdc007cd8e30533a9cf92772e9e98ccf9c6cf7fb3292050309d672
                                              • Opcode Fuzzy Hash: f39a9e8fb7433b3d3eaab6b7f2b2702684404f318f49810d4e3f9bffb23fe2f3
                                              • Instruction Fuzzy Hash: 3451AF30F102089FEB14DFB4C855BAEBBF6FF88700F208529E106AB395DA758C018B91
                                              Function 064EB708 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2549 64eb708-64eb727 2551 64eb729-64eb736 call 64ea6ac 2549->2551 2552 64eb753-64eb757 2549->2552 2559 64eb74c 2551->2559 2560 64eb738 2551->2560 2554 64eb76b-64eb7ac 2552->2554 2555 64eb759-64eb763 2552->2555 2561 64eb7ae-64eb7b6 2554->2561 2562 64eb7b9-64eb7c7 2554->2562 2555->2554 2559->2552 2607 64eb73e call 64eb9a2 2560->2607 2608 64eb73e call 64eb9b0 2560->2608 2561->2562 2563 64eb7eb-64eb7ed 2562->2563 2564 64eb7c9-64eb7ce 2562->2564 2566 64eb7f0-64eb7f7 2563->2566 2567 64eb7d9 2564->2567 2568 64eb7d0-64eb7d7 call 64ea6b8 2564->2568 2565 64eb744-64eb746 2565->2559 2569 64eb888-64eb948 2565->2569 2571 64eb7f9-64eb801 2566->2571 2572 64eb804-64eb80b 2566->2572 2573 64eb7db-64eb7e9 2567->2573 2568->2573 2600 64eb94a-64eb94d 2569->2600 2601 64eb950-64eb97b GetModuleHandleW 2569->2601 2571->2572 2576 64eb80d-64eb815 2572->2576 2577 64eb818-64eb821 call 64e3d3c 2572->2577 2573->2566 2576->2577 2581 64eb82e-64eb833 2577->2581 2582 64eb823-64eb82b 2577->2582 2583 64eb835-64eb83c 2581->2583 2584 64eb851-64eb855 2581->2584 2582->2581 2583->2584 2586 64eb83e-64eb84e call 64e8ef8 call 64ea6c8 2583->2586 2605 64eb858 call 64ebc60 2584->2605 2606 64eb858 call 64ebc70 2584->2606 2586->2584 2589 64eb85b-64eb85e 2591 64eb860-64eb87e 2589->2591 2592 64eb881-64eb887 2589->2592 2591->2592 2600->2601 2602 64eb97d-64eb983 2601->2602 2603 64eb984-64eb998 2601->2603 2602->2603 2605->2589 2606->2589 2607->2565 2608->2565
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 064EB96E
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 6537bc2c2ed2703fdb070f56efcec0656de7a861712e3a9854ee6af426725148
                                              • Instruction ID: 7e3bc75bbd8c027bc20d99c64d0a7b406bab6cd87ee265809a92e747f9e76bd0
                                              • Opcode Fuzzy Hash: 6537bc2c2ed2703fdb070f56efcec0656de7a861712e3a9854ee6af426725148
                                              • Instruction Fuzzy Hash: E88132B0A00B458FD7A5DF29D5407AABBF1FF48201F008A2ED49ADBB50D775E849CB90
                                              Function 064ED8E4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2609 64ed8e4-64ed956 2611 64ed958-64ed95e 2609->2611 2612 64ed961-64ed968 2609->2612 2611->2612 2613 64ed96a-64ed970 2612->2613 2614 64ed973-64ed9ab 2612->2614 2613->2614 2615 64ed9b3-64eda12 CreateWindowExW 2614->2615 2616 64eda1b-64eda53 2615->2616 2617 64eda14-64eda1a 2615->2617 2621 64eda55-64eda58 2616->2621 2622 64eda60 2616->2622 2617->2616 2621->2622 2623 64eda61 2622->2623 2623->2623
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 064EDA02
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: cf7476c5111fc07c85e3adb0d6cae8eb8b9cf2f7c2ce110bc7fc7bfedbdd556e
                                              • Instruction ID: f558e3407c5997e527da1255b1478295beb8f260c84d7d3d520f8de01e4db284
                                              • Opcode Fuzzy Hash: cf7476c5111fc07c85e3adb0d6cae8eb8b9cf2f7c2ce110bc7fc7bfedbdd556e
                                              • Instruction Fuzzy Hash: 4A51B0B1D00349DFDB14CF9AC884ADEBFB5BF89310F24812AE419AB250D775A985CF90
                                              Function 064ED8F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 064EDA02
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: 4fab698fe13d8452ce5fdf9f7ce76850d45c0d326b1c4b7785366249500616f8
                                              • Instruction ID: 3be0bfc3a7b2d5136d8cd5e9b5475491ce3c11de947cae060c7f4ed2d1a43b10
                                              • Opcode Fuzzy Hash: 4fab698fe13d8452ce5fdf9f7ce76850d45c0d326b1c4b7785366249500616f8
                                              • Instruction Fuzzy Hash: 6B41B0B1D10349DFDB14CF99C884ADEFBB5BF88310F24812AE819AB250D775A985CF90
                                              Function 064E3450 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 064E34DF
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 2af34a2104295a32970b3d2e4605b58774b6f8767656cca0f7018c4991d7660d
                                              • Instruction ID: ae20c42ff107bc9057238c5a0a57b71fc8c21adc0496f3a7a3c0757977e7ae34
                                              • Opcode Fuzzy Hash: 2af34a2104295a32970b3d2e4605b58774b6f8767656cca0f7018c4991d7660d
                                              • Instruction Fuzzy Hash: 1521E5B5D002489FDB11CFAAD984ADEBFF9FB48310F14841AE915A7310D379A940CFA1
                                              Function 064E3458 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 064E34DF
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 392026e6a6491ac34a57bba75042e5eb3a042d19cea432dd96b5ab3166be1a20
                                              • Instruction ID: 63113222586f1de4821dab73a647a6d94c9576d5af076d0be58989df632aab22
                                              • Opcode Fuzzy Hash: 392026e6a6491ac34a57bba75042e5eb3a042d19cea432dd96b5ab3166be1a20
                                              • Instruction Fuzzy Hash: 8A21E2B59002489FDB11CFAAD984ADEFBF8FB48310F14801AE918A7310D379A940CFA1
                                              Function 027DECC7 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalMemoryStatusEx.KERNELBASE ref: 027DED47
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4543446433.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_27d0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: fdd5c08418b99537587ea47056aaabc713e17ae83581580ddec06dbda402c0c5
                                              • Instruction ID: 7d4010a7128d17a05da1dc36f9b7a644bd8d1efcc50d583662b9e747e2a3a2af
                                              • Opcode Fuzzy Hash: fdd5c08418b99537587ea47056aaabc713e17ae83581580ddec06dbda402c0c5
                                              • Instruction Fuzzy Hash: 582144B1C006999FCB10CFAAC9457DEFBF4AF09310F15816AD518B7241D778A944CFA1
                                              Function 027DECE0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalMemoryStatusEx.KERNELBASE ref: 027DED47
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4543446433.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_27d0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: 3afe976101b2c5155f6adb4ad28f26f94e238511755a3caa8b41e7dad4cdf437
                                              • Instruction ID: a6ef6ef3c06004970cb4b7dd5ea88fe64d3192fc840dea054ba1d0504436a56c
                                              • Opcode Fuzzy Hash: 3afe976101b2c5155f6adb4ad28f26f94e238511755a3caa8b41e7dad4cdf437
                                              • Instruction Fuzzy Hash: F411EFB1C0065A9BCB10DF9AC944A9EFBF4AF49320F15816AD918A7240D778A944CFA5
                                              Function 064EB908 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 064EB96E
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546339823.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_64e0000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 0278b8d815efa0acea8c8ed02b942e82822c0c7c5d96576263ac4d2bfe95465d
                                              • Instruction ID: 1cdb10f2835da784cd852f379d89320f271ebba3342737e75a8c3e85f78e3c3a
                                              • Opcode Fuzzy Hash: 0278b8d815efa0acea8c8ed02b942e82822c0c7c5d96576263ac4d2bfe95465d
                                              • Instruction Fuzzy Hash: 5A11DFB5C00649CFDB10DF9AC944A9EFBF4EF88314F10841AD969A7210C379A545CFA1
                                              Function 0650DB7D Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 884585a8772e46a8d844afa756820e52ecff73c91f08e1c421bd905af65497d8
                                              • Instruction ID: 6f25ba62499bed65bc829d1ca721a63b1381c7eccc7a5c6c6f5968a875251bae
                                              • Opcode Fuzzy Hash: 884585a8772e46a8d844afa756820e52ecff73c91f08e1c421bd905af65497d8
                                              • Instruction Fuzzy Hash: 1441A130E14249DFEB54DFA4D8546AEBBB2FF85300F244A29D405EB280EBB0D946CF81
                                              Function 065021EB Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 0e019bff8623db25037bf26349302bee7c5e46c69027864a94b48ccfd20983fe
                                              • Instruction ID: de40232c9b903530a97b32cd19f13106f22045183a93c7ee3b0be4456fbf4bb4
                                              • Opcode Fuzzy Hash: 0e019bff8623db25037bf26349302bee7c5e46c69027864a94b48ccfd20983fe
                                              • Instruction Fuzzy Hash: AB31E330B102028FEB48ABB4D9557AE77A2BF89204F248428D406EB395DF35DE46CB91
                                              Function 065021F8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 27331d6f6f6d43e12c4f3bd4e8775d1746f31747acf2658152491d2ee2345265
                                              • Instruction ID: 972e090c1dce3a8eef45791041f54462bd97e92b46a2cc2acc9357d5177b6b7b
                                              • Opcode Fuzzy Hash: 27331d6f6f6d43e12c4f3bd4e8775d1746f31747acf2658152491d2ee2345265
                                              • Instruction Fuzzy Hash: 6231BE30B102028FEB48ABB4985876F7BA6BFC9300F208428D406DB395DF35DE46CB95
                                              Function 06508390 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q
                                              • API String ID: 0-1007455737
                                              • Opcode ID: 2f5e7e1b417207669fa33639ed47089d4c84c357076cd7b904d3db40da1e9843
                                              • Instruction ID: a55a27bf76b36b5f00def2a2c2893f709bc79e55ae91f295aa67b4420f7df3fe
                                              • Opcode Fuzzy Hash: 2f5e7e1b417207669fa33639ed47089d4c84c357076cd7b904d3db40da1e9843
                                              • Instruction Fuzzy Hash: 94F0AF31B14100DFEFA89E48E981AB9B3A8FB84318F144466D845CB2C5C731E906CB91
                                              Function 0650B2F0 Relevance: .3, Instructions: 292COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 152d376662c9adff2d040e6f1b9a10c4c81da4d8c4d4d6dc51e01983d3e3a2d9
                                              • Instruction ID: e2de7dbbb5ed7beb570648cb809df7ec5edd3956ce6936b205211d1b5debdae8
                                              • Opcode Fuzzy Hash: 152d376662c9adff2d040e6f1b9a10c4c81da4d8c4d4d6dc51e01983d3e3a2d9
                                              • Instruction Fuzzy Hash: AFA1A270F102099FFF649A68D4D07AE77B6FB89310F204825E405EB3D6DA3ADD818B52
                                              Function 0650B708 Relevance: .3, Instructions: 268COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c10f952107e872598c7bb246da5174a896d72f3ddbbedf7fe8202d68a00ea220
                                              • Instruction ID: e7e6f06bfcf6f43e981c743659187bf4af412a0df276ff4f5b4083ac7e9598ac
                                              • Opcode Fuzzy Hash: c10f952107e872598c7bb246da5174a896d72f3ddbbedf7fe8202d68a00ea220
                                              • Instruction Fuzzy Hash: F7A14870E1020A8FEFA4DB68D5C0BADB7B1FB45314F248926E459DB291D73ADC81CB91
                                              Function 065062C0 Relevance: .2, Instructions: 229COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8cb2ee5441d51b0f34ec45e443bbf64071e59dda0579e10d1a6284e6e43c1b2
                                              • Instruction ID: 4a830d5e7adde618f993a01e2a27cf2de38a6d6c2902b1c1778956b9bcd05964
                                              • Opcode Fuzzy Hash: d8cb2ee5441d51b0f34ec45e443bbf64071e59dda0579e10d1a6284e6e43c1b2
                                              • Instruction Fuzzy Hash: 3E61C171F001214FEB54AA6EC8805AFBADBAFD4220F154479E80EDB3A0DE79DD0287D1
                                              Function 06504399 Relevance: .2, Instructions: 228COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1bb52bff56e31ea53409cf20c34ba1e0fb17c1e809eb49e244adb66dc2ba810
                                              • Instruction ID: 0cdf276e7d38a3b3330311cc211e6540481d2ddb2091c18b28de87fad34e8086
                                              • Opcode Fuzzy Hash: c1bb52bff56e31ea53409cf20c34ba1e0fb17c1e809eb49e244adb66dc2ba810
                                              • Instruction Fuzzy Hash: 50817030B002099FDB54EFB9D4546AEBBF2BF89304F218429D50ADB395EB35DC468B91
                                              Function 065046B8 Relevance: .2, Instructions: 220COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2bde96c448eb309e7599a960bbbddd367c12b4e03b71feaec65567f4185b6247
                                              • Instruction ID: add3287b2defbbdcb9d8fb00781992ee2463f62254e12bdb4817e8c5148b7135
                                              • Opcode Fuzzy Hash: 2bde96c448eb309e7599a960bbbddd367c12b4e03b71feaec65567f4185b6247
                                              • Instruction Fuzzy Hash: 8E913D30E102198FDF64DF68C890B9DB7B1FF85300F208599D549AB295DB74AA86CF91
                                              Function 065046D0 Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a5748ea9de7db0265c6c421a1452330299f33d98119eee4b0cd11633e46e9914
                                              • Instruction ID: 56c5f701b5bcd1476c4d45198fb866b8985c79d69985cfead28db551acdb13cd
                                              • Opcode Fuzzy Hash: a5748ea9de7db0265c6c421a1452330299f33d98119eee4b0cd11633e46e9914
                                              • Instruction Fuzzy Hash: A4913F30E10219CBDF64DF68C890B9DB7B1FF85300F208599D549BB295DB70AA86CF91
                                              Function 0650EFD8 Relevance: .2, Instructions: 204COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ea652719bdd8a10c676c37f4d568ad8bc4c680eb2bc3ad96f846413903d64fb
                                              • Instruction ID: d2c958bf199df487eea5606fc7e38b841ed69edfefe2c2aec304a405f3782583
                                              • Opcode Fuzzy Hash: 5ea652719bdd8a10c676c37f4d568ad8bc4c680eb2bc3ad96f846413903d64fb
                                              • Instruction Fuzzy Hash: 4A714D70A002099FDB58DFA8D990AAEB7F6FF84300F248429D419EB395DB35ED46CB50
                                              Function 0650EFE8 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c66bd462379a2a8cadb13e41817930449769f09a57d64bc2c021639d8d1ede8
                                              • Instruction ID: 54f9735919964469cb79b8bc61be80c52b087de75c2afaa1d269995e729410de
                                              • Opcode Fuzzy Hash: 3c66bd462379a2a8cadb13e41817930449769f09a57d64bc2c021639d8d1ede8
                                              • Instruction Fuzzy Hash: 3A714D70A002499FDB54EFA8D990A9EBBF6FF84300F148429D415EB395DB34ED46CB50
                                              Function 0650FC68 Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2727f0e2a88ec26e592d4e14c49624c2e31d9ec4b4dd4829d0ed3ce3ee9cb916
                                              • Instruction ID: 1a9fa6199592d8dcc42d0733cd2686f6744a4b274ae77d0baa5ad8b9729b0d5e
                                              • Opcode Fuzzy Hash: 2727f0e2a88ec26e592d4e14c49624c2e31d9ec4b4dd4829d0ed3ce3ee9cb916
                                              • Instruction Fuzzy Hash: 7551D631E00105DFEF64EB78E4446ADBBB2FF84315F20886AE519D7291DB35D949CB81
                                              Function 0650FA18 Relevance: .2, Instructions: 173COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aa86395cd629d5c5139e62d1952c0776f6892c95c3451b15aa8e03596b2a07fb
                                              • Instruction ID: dc55885aa07411406cfabacd3d7c51c7910e94f7bfd2af0bf71c10c42d8269cd
                                              • Opcode Fuzzy Hash: aa86395cd629d5c5139e62d1952c0776f6892c95c3451b15aa8e03596b2a07fb
                                              • Instruction Fuzzy Hash: 0151E970B142149FFF74667CD95477F2A5EFB89710F20452AE80AC73D5CA68CC468B92
                                              Function 0650FA28 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 231c14e3ce77791c5985acec5c5dc5eb9a4192a24fcf2e0b22ef113ab51926d1
                                              • Instruction ID: b5128b0919c66fdfb2293d9e696e31ce994811b70f532dcdbec8bf484e1f4c14
                                              • Opcode Fuzzy Hash: 231c14e3ce77791c5985acec5c5dc5eb9a4192a24fcf2e0b22ef113ab51926d1
                                              • Instruction Fuzzy Hash: 74518870B102159FFF74666DE95472F265EF789710F20492AEC0AC73D5CA68CC458B92
                                              Function 06505520 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f1f13d954fdcd8ecf30e780b187c59de1fd79253048f651cec06035eac9c6d9
                                              • Instruction ID: a2cd1bd7b98c01992e1c2448baf849cc438f3741fbfaaeddacc1081d73a2130b
                                              • Opcode Fuzzy Hash: 2f1f13d954fdcd8ecf30e780b187c59de1fd79253048f651cec06035eac9c6d9
                                              • Instruction Fuzzy Hash: 97414F75E006098BEF70CEA9D980AAFF7B6FB84310F10492AE256D7650E731E9458F91
                                              Function 065020A8 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fa3083edde5a272db182dd43c025760264ae99097bb8cb22acdbb680e169126b
                                              • Instruction ID: 6921d3415bade2468b86daa3037449a4530269cb863cd7aa055ab0f6cc5379f7
                                              • Opcode Fuzzy Hash: fa3083edde5a272db182dd43c025760264ae99097bb8cb22acdbb680e169126b
                                              • Instruction Fuzzy Hash: 2A31B234E146058FDB59CF64D89969EBBB2FF89300F10C529E916EB780DB71E946CB40
                                              Function 065020B8 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 113c032a1720a83810ceb65d09e59a9a0275838c9179ee4f2037ec7eda458750
                                              • Instruction ID: a0fed6712f335f0b63699124f0b57fdaaa10d133c27d96512e7a9eceaabdb8c6
                                              • Opcode Fuzzy Hash: 113c032a1720a83810ceb65d09e59a9a0275838c9179ee4f2037ec7eda458750
                                              • Instruction Fuzzy Hash: E5316F34E146098FDB59CF65D89869EBBB2BF89300F10C529E916E7390DB71E946CB40
                                              Function 06503B98 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c61f5b518e7508db02c011fc0939c1d7ab1ab934e5cc9b2aad2d7046e05cd71
                                              • Instruction ID: 278c820ef14f93fdc4c9d9014da37ac9088b77bfeb498e416354b580e6843d0e
                                              • Opcode Fuzzy Hash: 1c61f5b518e7508db02c011fc0939c1d7ab1ab934e5cc9b2aad2d7046e05cd71
                                              • Instruction Fuzzy Hash: 9921BA75F016169FEB10DF68D880AAEBBF1FB48310F008025E905EB394E734D8428B90
                                              Function 00C4D005 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4542843321.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_c4d000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2fe389461e56bfd14253ca6636a322b25b4969e59ae3b3922c4dc783c199db9
                                              • Instruction ID: 392579e1eb66679f09a61c229cf7e7dda8ebaf63ffc8b13893ccd07b306c1d87
                                              • Opcode Fuzzy Hash: a2fe389461e56bfd14253ca6636a322b25b4969e59ae3b3922c4dc783c199db9
                                              • Instruction Fuzzy Hash: 04316B7550D3C49FCB13DB24C990711BF71AB47214F29C5EBD9898F2A3C23A980ACB62
                                              Function 06503BA8 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c54ee9d3cf5389f22c974913c82d02232dacece258fc519522513dca4f53108
                                              • Instruction ID: 6581f39c153b79a164ddabbc85bd8d5057eb00012de38084b4b37e090011b366
                                              • Opcode Fuzzy Hash: 3c54ee9d3cf5389f22c974913c82d02232dacece258fc519522513dca4f53108
                                              • Instruction Fuzzy Hash: 1321BD75F012169FEB50DFA9D881AAEB7F1FB48700F108429E905EB394E735E9418B91
                                              Function 00C4D030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4542843321.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_c4d000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a78f917de1c46b6caba397edc5c37cb2ec30e5fc3efdd0557cc30d5b34e4608
                                              • Instruction ID: d9e5ffaa38dc636506a53b25ce0f08d42d37934689dbc784f7cc61c98fe9cad5
                                              • Opcode Fuzzy Hash: 3a78f917de1c46b6caba397edc5c37cb2ec30e5fc3efdd0557cc30d5b34e4608
                                              • Instruction Fuzzy Hash: 6B21FF71604204DFCB15EF24D980B26BFA5FB88314F24C56DE90A4B296C37AD846CA62
                                              Function 06506DD8 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1fe9ed187663705b23cc25cd1b621858f39d678a5c3116616521b155fe7ec923
                                              • Instruction ID: 1c39a0705197ccfd59ce80f4a373d45c07fe9ed4e38f8c68519ddb02b501432d
                                              • Opcode Fuzzy Hash: 1fe9ed187663705b23cc25cd1b621858f39d678a5c3116616521b155fe7ec923
                                              • Instruction Fuzzy Hash: 7421AF31B101199FEF94DB68E95469EB7B6FB88310F148435D809EB3C4DB30ED518B80
                                              Function 06505511 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58b1163f673dd111c2778d50ed0646520897db3bdbbebf57edaa20631b2b42e0
                                              • Instruction ID: 20b4a15b219928905e065c254e981e95d9213ae3c6d651840c30182001c42a26
                                              • Opcode Fuzzy Hash: 58b1163f673dd111c2778d50ed0646520897db3bdbbebf57edaa20631b2b42e0
                                              • Instruction Fuzzy Hash: 3A114971A006098FDB24CFA9D9C49AFFBB6FF88300B148A2AD15597691D731A849CF90
                                              Function 065042F8 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3759f57d7236905896a42e5aa5612003680db595178f0f66b1bd9414b99b1df4
                                              • Instruction ID: 019111526988470b4313316ba503052a07b8152a7010d02e056bf971cf47cf4e
                                              • Opcode Fuzzy Hash: 3759f57d7236905896a42e5aa5612003680db595178f0f66b1bd9414b99b1df4
                                              • Instruction Fuzzy Hash: 26114530B042600FEB66D67C94047BEBBDADBCA314F14847EE20DCB392D951CC068791
                                              Function 06503CB8 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07cc61efcafedf9d879693d594d7ab1a57fae7199a9768a91a1ac03d1cbbc081
                                              • Instruction ID: 6142a7b3885c5d44bb4109f9892bf8db52cc7b0a10f33f2f23c12a68bad8b0d1
                                              • Opcode Fuzzy Hash: 07cc61efcafedf9d879693d594d7ab1a57fae7199a9768a91a1ac03d1cbbc081
                                              • Instruction Fuzzy Hash: DB11E132B105298FEB54D668D8146AE73E6FBC8700F00453AD40AE7384DE29CC068BD1
                                              Function 0650F259 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 31330e3e958b072f25d44f7259fb27368a62408ccd861b919c1c45b284a10905
                                              • Instruction ID: e5aa0f15e7d3dfa97b5ccb1781081c3cd130afa3496cb17f632eaf3370a5ad0a
                                              • Opcode Fuzzy Hash: 31330e3e958b072f25d44f7259fb27368a62408ccd861b919c1c45b284a10905
                                              • Instruction Fuzzy Hash: DC012835B105514FDB65CABCD854B7A7BD5EBC6314F14846AE40ECB381DA21DC068785
                                              Function 06503CA8 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a36d3d98a58ea0abe194903007aa9dd0baad23a041166555cc3c978c3a0f4e1c
                                              • Instruction ID: 0db7a22c3d3d736189516c39808cfe3045d3d024bace1597c0ad69b51501d823
                                              • Opcode Fuzzy Hash: a36d3d98a58ea0abe194903007aa9dd0baad23a041166555cc3c978c3a0f4e1c
                                              • Instruction Fuzzy Hash: 1E01F73AF104295BEB559668DC157FF33EAEBC4610F000036D50AE7284EE64CC064BD2
                                              Function 06503158 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ccafd958512fb3b7a42a6194568c4bb15612914a910315f8954db5a9cb3c59a
                                              • Instruction ID: 54f5759d8828e738407d7240b9ba82e469e8c606512f159995e74eb93fac8252
                                              • Opcode Fuzzy Hash: 3ccafd958512fb3b7a42a6194568c4bb15612914a910315f8954db5a9cb3c59a
                                              • Instruction Fuzzy Hash: DD016171E0021A9EDB68DBB9C8505DEF7B5FB89310F108A6AD51AE7240EA30DA45CBD1
                                              Function 06503970 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c7743f43171ace681bbefafa1aa625b0ff669d70193bb901a2c3363bda8d858
                                              • Instruction ID: 4c33530f340ae5a42a543105b189835f88945ce80b43919f4a471f3b70b81fa4
                                              • Opcode Fuzzy Hash: 3c7743f43171ace681bbefafa1aa625b0ff669d70193bb901a2c3363bda8d858
                                              • Instruction Fuzzy Hash: DF21F2B1C01259AFCB00CF9AD884ACEFFB4FB48310F10816AE918A3240C374A944CFA5
                                              Function 0650A3C9 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f6d5486900492b99652b76059f914762840b3ca29003da464f26a20daebdbf08
                                              • Instruction ID: 0f941c0e8c1fb7eb7274bb90561470249ff8e4f557d66904603d74578a344de4
                                              • Opcode Fuzzy Hash: f6d5486900492b99652b76059f914762840b3ca29003da464f26a20daebdbf08
                                              • Instruction Fuzzy Hash: B401D434B045200FD751DE3CD964B6A3BE5EB8A700F104469E40ECB3D2DE21DC028B81
                                              Function 06503978 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8579ffc24611ca879d114e0ef2ba600d49d6d933f66fde38169d1b452677a045
                                              • Instruction ID: e11d92c3657a5bba855c2ed18709244b393e5e7e31a76ccae51a8fb2977856e5
                                              • Opcode Fuzzy Hash: 8579ffc24611ca879d114e0ef2ba600d49d6d933f66fde38169d1b452677a045
                                              • Instruction Fuzzy Hash: 6311B3B5D012599FDB00DF9AD885ADEFFF8FB49310F10812AE918A7240C374A554CFA5
                                              Function 06504308 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f791a350fe8688ed7e480662c70d904d79f92b61128501a4368de2a70bd1eb42
                                              • Instruction ID: faf3c40f3945b77841414638f1f55e6f7985917e4b16fce87edeef39b175f3d5
                                              • Opcode Fuzzy Hash: f791a350fe8688ed7e480662c70d904d79f92b61128501a4368de2a70bd1eb42
                                              • Instruction Fuzzy Hash: 2C01F431B001204BEB64DA6DD40476FB3CAEBCA725F20883AE20EC7384DE61DC4247C1
                                              Function 0650F268 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 307073eb7a65a7bf3f528bc0f751fa8c1caf186fa0d537de4f80c09aabcc8f98
                                              • Instruction ID: 65c3c2b65fc0a0e85f80ba80c52f0aa4e2993c51498f7eebe94f3bf90a0e8f9b
                                              • Opcode Fuzzy Hash: 307073eb7a65a7bf3f528bc0f751fa8c1caf186fa0d537de4f80c09aabcc8f98
                                              • Instruction Fuzzy Hash: 3E01D135B104110BEB6599ADDC54B2E77CAEBCA724F10843AE90EC7380DE15EC024785
                                              Function 0650A3D8 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a48321efe2fe6865aebe546e853f52bf5ca6d6d42275e9607f55d74d9c6103d1
                                              • Instruction ID: 376f5662b375225336610aa12917235803aa0b6d22971b67ad4b0cb7174290e6
                                              • Opcode Fuzzy Hash: a48321efe2fe6865aebe546e853f52bf5ca6d6d42275e9607f55d74d9c6103d1
                                              • Instruction Fuzzy Hash: C101A435B105101FDB64EA7CD555B2A77D5EBCA710F108439E50ECB3C6EE21DC428B81
                                              Function 0650C898 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e162825c387dfc39544138ffebd2be4e2586b33d60c11b8d03fb97d5e82c6849
                                              • Instruction ID: da237d27b99dd1b29b3cbb1d21cba5fce64b3381c40ac35ce8978ef3f0ebde4e
                                              • Opcode Fuzzy Hash: e162825c387dfc39544138ffebd2be4e2586b33d60c11b8d03fb97d5e82c6849
                                              • Instruction Fuzzy Hash: D5F0A732E202249BDB14A965DC0059AB73AF786350F104529DD01EB384D731A8008BC0
                                              Function 06506540 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75a8a8354d174f1dc84e5f33530e59fd357c7e34ef11f54b2e4c2a8c99ad0486
                                              • Instruction ID: 9fa80ad524e4fa0d2eb96ea31891f75292133006a6a4bb7da6d1e7f1d6a3adb5
                                              • Opcode Fuzzy Hash: 75a8a8354d174f1dc84e5f33530e59fd357c7e34ef11f54b2e4c2a8c99ad0486
                                              • Instruction Fuzzy Hash: 21E0D835D192449FEB91CB709A593AA3B74FB42204F2044E7D408DB183E13ACE518741
                                              Function 06506550 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 616f49ecab21f6605a30a3e930597ddc1706b10694b91ff6f9ff3ed03d43608b
                                              • Instruction ID: 64a1f4b0c67895abe07367d346f40cb5501204ba4a8b0d5606bf9a78123fc52e
                                              • Opcode Fuzzy Hash: 616f49ecab21f6605a30a3e930597ddc1706b10694b91ff6f9ff3ed03d43608b
                                              • Instruction Fuzzy Hash: B6E0C270E10109ABEF50CEB4CA4975E73BCF701204F6088A4E408C7282E536CA118B40

                                              Non-executed Functions

                                              Function 06507760 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-2843079600
                                              • Opcode ID: 5dbb76b693e29ebdf37db58339ca4b6862b4f1c8b7b05baf3e6e0685972ae73f
                                              • Instruction ID: cadc652c54b748af6d2ae726e8fee4e6bb91e5469ce93848d36dc6b971dba283
                                              • Opcode Fuzzy Hash: 5dbb76b693e29ebdf37db58339ca4b6862b4f1c8b7b05baf3e6e0685972ae73f
                                              • Instruction Fuzzy Hash: 55120F31E012198FDB68DF69C994A9DB7F2BF88304F208969D409AB394DB34ED45CF91
                                              Function 0650AA00 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: e1fbbe3fc912717c120ccacea243f41ae7d820c7bfec62a8d23012a35bbb124c
                                              • Instruction ID: 09f92eacc7518527b8342c625835caae2c35a1582a2c0efc8fa731b8cc9cbe08
                                              • Opcode Fuzzy Hash: e1fbbe3fc912717c120ccacea243f41ae7d820c7bfec62a8d23012a35bbb124c
                                              • Instruction Fuzzy Hash: D7914D30A10309DFEB68DF64D995B6E7BB6FF84300F108529E841AB296DB74D845CF90
                                              Function 06507160 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-981061697
                                              • Opcode ID: 9af26a9f24358a8b8ce4b935c08409f21ec9f86130eeadb44f6a63e595cf1fb8
                                              • Instruction ID: 2de89133c97545bb05d9a3d9f5e68cdcaf38f7623001e5c686cdf7ed3cd53c54
                                              • Opcode Fuzzy Hash: 9af26a9f24358a8b8ce4b935c08409f21ec9f86130eeadb44f6a63e595cf1fb8
                                              • Instruction Fuzzy Hash: C5F13F30B01205CFDB59EF69D554A6EB7B6FF88300F248569D4459B3A9DB35EC82CB80
                                              Function 06508498 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 94a4fdd8c86a9a17555f4afcdb565e1f3b5c9722a24105abe802d6102dfe82a9
                                              • Instruction ID: 123395bf8b1d15a46bd9cc92d5980b62de3a9db2d7bdfd0f7a18c994bf0507f5
                                              • Opcode Fuzzy Hash: 94a4fdd8c86a9a17555f4afcdb565e1f3b5c9722a24105abe802d6102dfe82a9
                                              • Instruction Fuzzy Hash: D6B12D30E10209CFEB58EF68D594A6EB7B6FF84304F648829D4069B395DB35DC86CB81
                                              Function 0650AD88 Relevance: 5.2, Strings: 4, Instructions: 170COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: b9ed30e701a7550e99a05d47bfcadb574e2dd2b573d0921df00e3bc00c9891d9
                                              • Instruction ID: e440da2f124ef77f2020dd20a16dcdbcfc43d20547b81a36f14abaace503b7c0
                                              • Opcode Fuzzy Hash: b9ed30e701a7550e99a05d47bfcadb574e2dd2b573d0921df00e3bc00c9891d9
                                              • Instruction Fuzzy Hash: 86519274A103058FEBA5DB64D580AAEB7B6FF84311F14852AD805EB296DB30DC41CF90
                                              Function 065088B0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.4546408243.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_6500000_Documenti di spedizione 000293949040405959000.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q$LR]q$$]q$$]q
                                              • API String ID: 0-3527005858
                                              • Opcode ID: be199628eadfe28905d0f096058fd45cf67aac21fd9bd5889697af927650d4a9
                                              • Instruction ID: 6eecc4e5f1e7064b02ec4a9517588d22b101b17a3096917443b356d8c1398373
                                              • Opcode Fuzzy Hash: be199628eadfe28905d0f096058fd45cf67aac21fd9bd5889697af927650d4a9
                                              • Instruction Fuzzy Hash: 0D517C30B102019FEB58EF68D990E6AB7E6FF84710F148969E4069F3E5DA30EC45CB91