Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Quotation From Asia Tianjin Steel Co.Ltd.exe

Overview

General Information

Sample Name:Quotation From Asia Tianjin Steel Co.Ltd.exe
Analysis ID:458829
MD5:0fcf33a3980c44c176d519a4589028aa
SHA1:f2aebb3e351e1654c49b8d1781d28ac8591721d1
SHA256:6d877514b8301c2c5ec0655792599f127b2a1649f7483a584d5f7125171cf7a0
Tags:AgentTeslaexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "usernamegood@vivaldi.net", "Password": "aaaAAaaaawGoodPass@123@", "Host": "smtp.vivaldi.net"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
        00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "usernamegood@vivaldi.net", "Password": "aaaAAaaaawGoodPass@123@", "Host": "smtp.vivaldi.net"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeVirustotal: Detection: 37%Perma Link
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeReversingLabs: Detection: 28%
                      Machine Learning detection for sampleShow sources
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeJoe Sandbox ML: detected
                      Source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: mscorrc.pdb source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.252031228.0000000007230000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501973199.0000000005920000.00000002.00000001.sdmp
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h
                      Source: global trafficTCP traffic: 192.168.2.5:49728 -> 31.209.137.12:587
                      Source: Joe Sandbox ViewIP Address: 31.209.137.12 31.209.137.12
                      Source: global trafficTCP traffic: 192.168.2.5:49728 -> 31.209.137.12:587
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_00EFA09A recv,
                      Source: unknownDNS traffic detected: queries for: smtp.vivaldi.net
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpString found in binary or memory: http://JWsVGd.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dst
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com/
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232830773.0000000005B62000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com1Fc
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comgo
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-upa
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232785891.0000000005B76000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234918906.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234679985.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersD
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236156609.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersO
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236202999.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersb
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersd
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238676609.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersico2
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersr
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com;_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comI.TTFV_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com__
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coml1
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comlic
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.commta
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comsief
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232183674.0000000005B76000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232562754.0000000005B70000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/Vo
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232197740.0000000001B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cntU
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/2_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/;_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/H
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233135201.0000000005B65000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/I_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/X
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/__
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/d_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/I_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233318873.0000000005B65000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/m_
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238354635.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236529593.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.237095915.0000000005B95000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232751222.0000000005B73000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmpString found in binary or memory: https://10QLtVeXGPiyPS.net
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmpString found in binary or memory: https://10QLtVeXGPiyPS.netd
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

                      System Summary:

                      barindex
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_00EFB0BA NtQuerySystemInformation,
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_00EFB089 NtQuerySystemInformation,
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_03320202
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_03320006
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_03320070
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F6F99
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F8680
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FC910
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FF1B0
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FA9C0
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F7848
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F6880
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FC4E8
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FD738
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F73A0
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FA7F8
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FCBD0
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F67CF
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FCBC0
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F9E58
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F9E48
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F5D28
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FBD1C
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FDD08
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FC900
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FD140
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F8598
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FA410
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FA808
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FA401
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FC4D8
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F0A28
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F0A19
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_01070070
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_01070006
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_04ED62B8
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_04EDA688
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_04ED7010
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_05985698
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_0598A438
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_05980070
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_0598DE60
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_05980006
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: OriginalFilenametYWMIegPZljjEbkQaYWdORyJX.exe4 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.243897661.00000000010AC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFileIOPermissi.exe6 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.247006575.0000000004791000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameStoreElement.dllB vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.248471042.0000000005920000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameConfigNodeType.dll> vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.252031228.0000000007230000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496424078.0000000000FF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenametYWMIegPZljjEbkQaYWdORyJX.exe4 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000000.242919622.000000000073C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFileIOPermissi.exe6 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501701176.0000000005610000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501973199.0000000005920000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496359418.0000000000FE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeBinary or memory string: OriginalFilenameFileIOPermissi.exe6 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: security.dll
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_00EFAF3E AdjustTokenPrivileges,
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_00EFAF07 AdjustTokenPrivileges,
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Quotation From Asia Tianjin Steel Co.Ltd.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeVirustotal: Detection: 37%
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeReversingLabs: Detection: 28%
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe 'C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe'
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: mscorrc.pdb source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.252031228.0000000007230000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501973199.0000000005920000.00000002.00000001.sdmp
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exeStatic PE information: 0xE7CA8BB4 [Wed Mar 25 09:15:32 2093 UTC]
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_01862C34 push cs; ret
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_0187723C push 580187C3h; ret
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033FE6A4 push eax; retf
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F8069 push eax; iretd
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 0_2_033F805F push eax; iretd
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_00EF2954 push cs; ret
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_04EDBECA push eax; iretd
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_04EDA632 push esp; ret
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.44517704491
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile created: \quotation from asia tianjin steel co.ltd.exe
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile created: \quotation from asia tianjin steel co.ltd.exe
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476, type: MEMORYSTR
                      Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFunction Chain: memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,systemQueried,threadDelayed,memAlloc,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,memAlloc,threadDelayed,threadDelayed,memAlloc
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWindow / User API: threadDelayed 582
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 5464Thread sleep time: -38010s >= -30000s
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 5112Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864Thread sleep count: 582 > 30
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864Thread sleep time: -17460000s >= -30000s
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864Thread sleep time: -60000s >= -30000s
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 38010
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 30000
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeThread delayed: delay time: 30000
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: VMWARE
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess information queried: ProcessInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeCode function: 4_2_04ED30B8 KiUserExceptionDispatcher,LdrInitializeThunk,
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeMemory allocated: page read and write | page guard

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeMemory written: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeProcess created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
                      Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                      Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900, type: MEMORYSTR

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11OS Credential Dumping2System Information Discovery114Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsAccess Token Manipulation1Obfuscated Files or Information3Credentials in Registry1Query Registry1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Process Injection112Software Packing3Security Account ManagerSecurity Software Discovery211SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsVirtualization/Sandbox Evasion131SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion131DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection112/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Quotation From Asia Tianjin Steel Co.Ltd.exe38%VirustotalBrowse
                      Quotation From Asia Tianjin Steel Co.Ltd.exe29%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      Quotation From Asia Tianjin Steel Co.Ltd.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.carterandcone.com1Fc0%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/m_0%Avira URL Cloudsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.carterandcone.com/0%VirustotalBrowse
                      http://www.carterandcone.com/0%Avira URL Cloudsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.fontbureau.coml10%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.founder.com.cn/cn/Vo0%Avira URL Cloudsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      https://10QLtVeXGPiyPS.net0%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/2_0%Avira URL Cloudsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/d_0%Avira URL Cloudsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.carterandcone.como.0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/;_0%Avira URL Cloudsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://www.fontbureau.commta0%Avira URL Cloudsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/X0%URL Reputationsafe
                      http://www.fontbureau.comF0%URL Reputationsafe
                      https://10QLtVeXGPiyPS.netd0%Avira URL Cloudsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/H0%URL Reputationsafe
                      http://www.fontbureau.comlic0%URL Reputationsafe
                      http://r3.o.lencr.0%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/__0%Avira URL Cloudsafe
                      http://www.fontbureau.comd0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/jp/I_0%Avira URL Cloudsafe
                      http://www.fontbureau.com;_0%Avira URL Cloudsafe
                      http://JWsVGd.com0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.monotype.0%URL Reputationsafe
                      http://www.carterandcone.comn-upa0%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.fontbureau.como0%URL Reputationsafe
                      http://www.carterandcone.comgo0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cno.0%URL Reputationsafe
                      http://www.fontbureau.com__0%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/I_0%Avira URL Cloudsafe
                      http://www.fontbureau.comI.TTFV_0%Avira URL Cloudsafe
                      http://www.fontbureau.comsief0%URL Reputationsafe
                      http://www.founder.com.cn/cntU0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      smtp.vivaldi.net
                      		31.209.137.12
                      		truefalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.1Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.fontbureau.com/designersGQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/?Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/bTheQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersico2Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238676609.0000000005B95000.00000004.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers?Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                		high
                                http://www.carterandcone.com1FcQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232830773.0000000005B62000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.com/designersDQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234679985.0000000005B95000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/m_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233318873.0000000005B65000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.tiro.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.com/Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designersQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersOQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236156609.0000000005B95000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.coml1Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://r3.i.lencr.org/0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sajatypeworks.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cn/VoQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232562754.0000000005B70000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.typography.netDQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cn/cTheQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://fontfabrik.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://10QLtVeXGPiyPS.netQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/2_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://x1.c.lencr.org/0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://x1.i.lencr.org/0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designersdQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designersbQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236202999.0000000005B95000.00000004.00000001.sdmpfalse
                                          		high
                                          http://r3.o.lencr.org0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/DPleaseQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/Y0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fonts.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/d_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.sandoll.co.krQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.como.Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232785891.0000000005B76000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sakkal.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/;_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://cps.root-x1.letsencrypt.org0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersrQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.apache.org/licenses/LICENSE-2.0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.fontbureau.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.commtaQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://DynDns.comDynDNSQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/XQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.comFQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://10QLtVeXGPiyPS.netdQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://cps.letsencrypt.org0Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/HQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.comlicQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://r3.o.lencr.Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/jp/Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/__Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.fontbureau.comdQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.carterandcone.comlQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/jp/I_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.fontbureau.com;_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://JWsVGd.comQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers/cabarga.htmlNQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cnQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232183674.0000000005B76000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers/frere-jones.htmlQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designers/cabarga.htmlQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.monotype.Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238354635.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236529593.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.237095915.0000000005B95000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.carterandcone.comn-upaQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jiyu-kobo.co.jp/Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.comoQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.carterandcone.comgoQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.zhongyicts.com.cno.Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232751222.0000000005B73000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers8Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.fontbureau.com__Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.jiyu-kobo.co.jp/I_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233135201.0000000005B65000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.fontbureau.comI.TTFV_Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.fontbureau.com/designers/Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234918906.0000000005B6C000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.comsiefQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.founder.com.cn/cntUQuotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232197740.0000000001B7B000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            31.209.137.12
                                                            		smtp.vivaldi.netIceland
                                                            		51896HRINGDU-ASISfalse

                                                            General Information

                                                            Joe Sandbox Version:33.0.0 White Diamond
                                                            Analysis ID:458829
                                                            Start date:03.08.2021
                                                            Start time:19:28:01
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 8m 56s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:light
                                                            Sample file name:Quotation From Asia Tianjin Steel Co.Ltd.exe
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:25
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@3/1@1/1
                                                            EGA Information:Failed
                                                            HDC Information:Failed
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 0
                                                            • Number of non-executed functions: 0
                                                            Cookbook Comments:
                                                            • Adjust boot time
                                                            • Enable AMSI
                                                            • Found application associated with file extension: .exe
                                                            Warnings:
                                                            Show All
                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 104.42.151.234, 13.64.90.137, 204.79.197.200, 13.107.21.200, 23.211.6.115, 23.211.4.86, 20.50.102.62, 40.112.88.60, 93.184.221.240, 20.82.210.154, 80.67.82.211, 80.67.82.235
                                                            • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            19:28:56API Interceptor904x Sleep call for process: Quotation From Asia Tianjin Steel Co.Ltd.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            31.209.137.12RE Outstanding SOA Settled.exeGet hashmaliciousBrowse
                                                              invoice.exeGet hashmaliciousBrowse
                                                                RFQ#775643.exeGet hashmaliciousBrowse
                                                                  Payment $67,765.exeGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.exeGet hashmaliciousBrowse
                                                                      DHL SHIPPING INVOICE.pdf.exeGet hashmaliciousBrowse
                                                                        URGENT REQUEST FOR QUOTATION.pdf.exeGet hashmaliciousBrowse
                                                                          RE Outstanding SOA Settled.exeGet hashmaliciousBrowse
                                                                            Swift Copy.exeGet hashmaliciousBrowse
                                                                              Swift Copy.exeGet hashmaliciousBrowse
                                                                                9872362-1926.exeGet hashmaliciousBrowse
                                                                                  invoice.exeGet hashmaliciousBrowse
                                                                                    Order.exeGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Artemis960D9DB7F7C9.7109.exeGet hashmaliciousBrowse
                                                                                        PREPAYMENT.exeGet hashmaliciousBrowse
                                                                                          SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                            quo 4542.exeGet hashmaliciousBrowse
                                                                                              SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                Swift TT copy.exeGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.ArtemisA47F39CCDFEA.14562.exeGet hashmaliciousBrowse

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                    smtp.vivaldi.netRE Outstanding SOA Settled.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    invoice.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    quotation.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    RFQ#775643.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Payment $67,765.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    DHL SHIPPING INVOICE.pdf.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    URGENT REQUEST FOR QUOTATION.pdf.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    RE Outstanding SOA Settled.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Swift Copy.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Swift Copy.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    9872362-1926.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    invoice.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Order.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SecuriteInfo.com.Artemis960D9DB7F7C9.7109.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    PREPAYMENT.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    quo 4542.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Swift TT copy.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12

                                                                                                    ASN

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                    HRINGDU-ASISRE Outstanding SOA Settled.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    invoice.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    RFQ#775643.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Payment $67,765.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    DHL SHIPPING INVOICE.pdf.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    URGENT REQUEST FOR QUOTATION.pdf.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    RE Outstanding SOA Settled.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Swift Copy.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Swift Copy.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    9872362-1926.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    invoice.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Order.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SecuriteInfo.com.Artemis960D9DB7F7C9.7109.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    PREPAYMENT.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    quo 4542.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    Swift TT copy.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12
                                                                                                    SecuriteInfo.com.ArtemisA47F39CCDFEA.14562.exeGet hashmaliciousBrowse
                                                                                                    • 31.209.137.12

                                                                                                    JA3 Fingerprints

                                                                                                    No context

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Quotation From Asia Tianjin Steel Co.Ltd.exe.log
                                                                                                    Process:C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):664
                                                                                                    Entropy (8bit):5.288448637977022
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                                                                                    MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                                                                                    SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                                                                                    SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                                                                                    SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                                                                                    Malicious:true
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):7.437526161568796
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                    File name:Quotation From Asia Tianjin Steel Co.Ltd.exe
                                                                                                    File size:823296
                                                                                                    MD5:0fcf33a3980c44c176d519a4589028aa
                                                                                                    SHA1:f2aebb3e351e1654c49b8d1781d28ac8591721d1
                                                                                                    SHA256:6d877514b8301c2c5ec0655792599f127b2a1649f7483a584d5f7125171cf7a0
                                                                                                    SHA512:74b2fcf32136661792f9255e78f3bc2c2e5690182d964d103e44e5e34841b41386bd33905e23667b4be32652783c5c164cb8a9091c77da515fde467c096b7423
                                                                                                    SSDEEP:12288:wo6as4J1zgVDU0QrAXDGZSIUf055blwR/0lcJsTtmEburWqpu6x7XM2iN:wo6asU1eBBXyqfgbyR/XKxsW36FXM1
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................P.................. ........@.. ....................................@................................

                                                                                                    File Icon

                                                                                                    Icon Hash:00828e8e8686b000

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x4ca5f2
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                    Time Stamp:0xE7CA8BB4 [Wed Mar 25 09:15:32 2093 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:v2.0.50727
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xca5a00x4f.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x5cc.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xca5840x1c.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000xc85f80xc8600False0.786352737056data7.44517704491IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0xcc0000x5cc0x600False0.42578125data4.1279967586IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0xce0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                    RT_VERSION0xcc0900x33cdata
                                                                                                    RT_MANIFEST0xcc3dc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain

                                                                                                    Version Infos

                                                                                                    DescriptionData
                                                                                                    Translation0x0000 0x04b0
                                                                                                    LegalCopyrightCopyright 2020
                                                                                                    Assembly Version1.0.0.0
                                                                                                    InternalNameFileIOPermissi.exe
                                                                                                    FileVersion1.0.0.0
                                                                                                    CompanyName
                                                                                                    LegalTrademarks
                                                                                                    Comments
                                                                                                    ProductNameModul VB 3
                                                                                                    ProductVersion1.0.0.0
                                                                                                    FileDescriptionModul VB 3
                                                                                                    OriginalFilenameFileIOPermissi.exe

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Aug 3, 2021 19:30:37.475300074 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:37.541042089 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:37.541230917 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.118119001 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.118660927 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.181658983 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.181740046 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.182279110 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.245362997 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.297498941 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.343296051 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.406749964 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.406779051 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.406794071 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.406809092 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.407020092 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.407069921 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.471543074 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.483303070 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.547992945 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.594192028 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.798753023 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.862318993 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.863651037 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:39.927512884 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:39.928388119 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.032656908 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.088265896 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.089205980 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.152415037 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.153657913 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.154540062 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.248058081 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.248622894 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.312366009 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.314050913 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.314184904 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.314282894 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.314384937 CEST49728587192.168.2.531.209.137.12
                                                                                                    Aug 3, 2021 19:30:40.378827095 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.378848076 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.378858089 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.399832010 CEST5874972831.209.137.12192.168.2.5
                                                                                                    Aug 3, 2021 19:30:40.453666925 CEST49728587192.168.2.531.209.137.12

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Aug 3, 2021 19:28:43.455396891 CEST6434453192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:43.480052948 CEST53643448.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:44.431104898 CEST6206053192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:44.458755016 CEST53620608.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:44.472796917 CEST6180553192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:44.509670973 CEST53618058.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:45.551842928 CEST5479553192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:45.585217953 CEST53547958.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:46.620692968 CEST4955753192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:46.648164034 CEST53495578.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:47.388104916 CEST6173353192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:47.432465076 CEST53617338.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:47.674118996 CEST6544753192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:47.701772928 CEST53654478.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:48.870022058 CEST5244153192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:48.895916939 CEST53524418.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:49.970072031 CEST6217653192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:49.995728016 CEST53621768.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:51.836621046 CEST5959653192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:51.863881111 CEST53595968.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:52.866481066 CEST6529653192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:52.892756939 CEST53652968.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:54.137003899 CEST6318353192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:54.165452957 CEST53631838.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:28:55.326634884 CEST6015153192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:28:55.354491949 CEST53601518.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:29:10.726607084 CEST5696953192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:29:10.771431923 CEST53569698.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:29:17.881165981 CEST5516153192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:29:17.915437937 CEST53551618.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:29:37.289781094 CEST5475753192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:29:37.337935925 CEST53547578.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:29:38.612571001 CEST4999253192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:29:38.648159981 CEST53499928.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:29:52.176815033 CEST6007553192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:29:52.217484951 CEST53600758.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:29:55.804697037 CEST5501653192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:29:55.868314028 CEST53550168.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:30:29.589536905 CEST6434553192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:30:29.622097015 CEST53643458.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:30:31.414474010 CEST5712853192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:30:31.449619055 CEST53571288.8.8.8192.168.2.5
                                                                                                    Aug 3, 2021 19:30:37.330224037 CEST5479153192.168.2.58.8.8.8
                                                                                                    Aug 3, 2021 19:30:37.366628885 CEST53547918.8.8.8192.168.2.5

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                    Aug 3, 2021 19:30:37.330224037 CEST192.168.2.58.8.8.80x72e7Standard query (0)smtp.vivaldi.netA (IP address)IN (0x0001)

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                    Aug 3, 2021 19:30:37.366628885 CEST8.8.8.8192.168.2.50x72e7No error (0)smtp.vivaldi.net31.209.137.12A (IP address)IN (0x0001)

                                                                                                    SMTP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                    Aug 3, 2021 19:30:39.118119001 CEST5874972831.209.137.12192.168.2.5220 smtp.vivaldi.net ESMTP Postfix (Ubuntu)
                                                                                                    Aug 3, 2021 19:30:39.118660927 CEST49728587192.168.2.531.209.137.12EHLO 910646
                                                                                                    Aug 3, 2021 19:30:39.181740046 CEST5874972831.209.137.12192.168.2.5250-smtp.vivaldi.net
                                                                                                    250-PIPELINING
                                                                                                    250-SIZE 36700160
                                                                                                    250-ETRN
                                                                                                    250-STARTTLS
                                                                                                    250-ENHANCEDSTATUSCODES
                                                                                                    250-8BITMIME
                                                                                                    250-DSN
                                                                                                    250 SMTPUTF8
                                                                                                    Aug 3, 2021 19:30:39.182279110 CEST49728587192.168.2.531.209.137.12STARTTLS
                                                                                                    Aug 3, 2021 19:30:39.245362997 CEST5874972831.209.137.12192.168.2.5220 2.0.0 Ready to start TLS

                                                                                                    Code Manipulations

                                                                                                    Statistics

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    Analysis Process: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476 Parent PID: 5556

                                                                                                    General

                                                                                                    Start time:19:28:51
                                                                                                    Start date:03/08/2021
                                                                                                    Path:C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:'C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe'
                                                                                                    Imagebase:0xfe0000
                                                                                                    File size:823296 bytes
                                                                                                    MD5 hash:0FCF33A3980C44C176D519A4589028AA
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    Reputation:low

                                                                                                    Analysis Process: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900 Parent PID: 5476

                                                                                                    General

                                                                                                    Start time:19:28:58
                                                                                                    Start date:03/08/2021
                                                                                                    Path:C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
                                                                                                    Imagebase:0x670000
                                                                                                    File size:823296 bytes
                                                                                                    MD5 hash:0FCF33A3980C44C176D519A4589028AA
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                    Reputation:low

                                                                                                    Disassembly

                                                                                                    Code Analysis

                                                                                                    Reset < >