Edit tour

Windows Analysis Report
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Overview

General Information

Sample Name:	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Analysis ID:	625814
MD5:	717fc8318eb370b1e8ae630af9fe431d
SHA1:	842ee97ed218857603188de6831afcc9919addd6
SHA256:	6035a6b2488b6c073d4b1cda9c9879e207b73e94c3551624667e59cc8719dd01
Tags:	exeNanoCore
Infos:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Yara detected AntiVM3

Detected Nanocore Rat

Antivirus detection for URL or domain

Yara detected Nanocore RAT

Snort IDS alert for network traffic

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

.NET source code contains potential unpacker

.NET source code contains method to dynamically call methods (often used by packers)

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses dynamic DNS services

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Creates processes with suspicious names

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Detected TCP or UDP traffic on non-standard ports

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe (PID: 6316 cmdline: "C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe" MD5: 717FC8318EB370B1E8AE630AF9FE431D)

Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe (PID: 6632 cmdline: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe MD5: 717FC8318EB370B1E8AE630AF9FE431D)

Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe (PID: 6648 cmdline: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe MD5: 717FC8318EB370B1E8AE630AF9FE431D)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "fe56abb4-cb76-44f1-89b4-7bb11730", "Group": "Default", "Domain1": "deranano2.ddns.net", "Port": 1187, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe904d:$x1: NanoCore.ClientPluginHost 0x11b86d:$x1: NanoCore.ClientPluginHost 0x1be06d:$x1: NanoCore.ClientPluginHost 0xe908a:$x2: IClientNetworkHost 0x11b8aa:$x2: IClientNetworkHost 0x1be0aa:$x2: IClientNetworkHost 0xecbbd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x11f3dd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x1c1bdd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe8db5:$a: NanoCore 0xe8dc5:$a: NanoCore 0xe8ff9:$a: NanoCore 0xe900d:$a: NanoCore 0xe904d:$a: NanoCore 0x11b5d5:$a: NanoCore 0x11b5e5:$a: NanoCore 0x11b819:$a: NanoCore 0x11b82d:$a: NanoCore 0x11b86d:$a: NanoCore 0x1bddd5:$a: NanoCore 0x1bdde5:$a: NanoCore 0x1be019:$a: NanoCore 0x1be02d:$a: NanoCore 0x1be06d:$a: NanoCore 0xe8e14:$b: ClientPlugin 0xe9016:$b: ClientPlugin 0xe9056:$b: ClientPlugin 0x11b634:$b: ClientPlugin 0x11b836:$b: ClientPlugin 0x11b876:$b: ClientPlugin
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd6e89:$x1: NanoCore.ClientPluginHost 0xd6ec6:$x2: IClientNetworkHost 0xda9ae:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe5a2c:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xf0ec4:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x10c35e:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xd6b56:$a: NanoCore 0xd6b66:$a: NanoCore 0xd6c25:$a: NanoCore 0xd6c34:$a: NanoCore 0xd6e35:$a: NanoCore 0xd6e49:$a: NanoCore 0xd6e89:$a: NanoCore 0xe2096:$a: NanoCore 0xe20a8:$a: NanoCore 0xe20e4:$a: NanoCore 0xed52e:$a: NanoCore 0xed540:$a: NanoCore 0xed57c:$a: NanoCore 0x1089c8:$a: NanoCore 0x1089da:$a: NanoCore 0x108a16:$a: NanoCore 0xd6bb5:$b: ClientPlugin 0xd6c7e:$b: ClientPlugin 0xd6e52:$b: ClientPlugin 0xd6e92:$b: ClientPlugin 0xe20b1:$b: ClientPlugin
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13ae9:$x1: NanoCore.ClientPluginHost 0x13b26:$x2: IClientNetworkHost 0x17617:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x2269d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x137b6:$a: NanoCore 0x137c6:$a: NanoCore 0x13885:$a: NanoCore 0x13894:$a: NanoCore 0x13a95:$a: NanoCore 0x13aa9:$a: NanoCore 0x13ae9:$a: NanoCore 0x1ed07:$a: NanoCore 0x1ed19:$a: NanoCore 0x1ed55:$a: NanoCore 0x13815:$b: ClientPlugin 0x138de:$b: ClientPlugin 0x13ab2:$b: ClientPlugin 0x13af2:$b: ClientPlugin 0x1ed22:$b: ClientPlugin 0x1ed5e:$b: ClientPlugin 0x69f9c:$b: ClientPlugin 0x69fb3:$b: ClientPlugin 0x139d7:$c: ProjectData 0x1ec54:$c: ProjectData 0x143ab:$d: DESCrypto
Click to see the 19 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe0f5:$x1: NanoCore Client 0xe105:$x1: NanoCore Client 0xe34d:$x2: NanoCore.ClientPlugin 0xe38d:$x3: NanoCore.ClientPluginHost 0xe342:$i1: IClientApp 0xe363:$i2: IClientData 0xe36f:$i3: IClientNetwork 0xe37e:$i4: IClientAppHost 0xe3a7:$i5: IClientDataHost 0xe3b7:$i6: IClientLoggingHost 0xe3ca:$i7: IClientNetworkHost 0xe3dd:$i8: IClientUIHost 0xe3eb:$i9: IClientNameObjectCollection 0xe407:$i10: IClientReadOnlyNameObjectCollection 0xe154:$s1: ClientPlugin 0xe356:$s1: ClientPlugin 0xe84a:$s2: EndPoint 0xe853:$s3: IPAddress 0xe85d:$s4: IPEndPoint 0x10293:$s6: get_ClientSettings 0x10837:$s7: get_Connected
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x94dad:$x1: NanoCore.ClientPluginHost 0x94dea:$x2: IClientNetworkHost 0x9891d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x47d9f:$s1: file:/// 0x47caf:$s2: {11111-22222-10009-11112} 0x47d2f:$s3: {11111-22222-50001-00000} 0x45731:$s4: get_Module 0x45ba0:$s5: Reverse 0x47882:$s6: BlockCopy 0x9fb8f:$s6: BlockCopy 0x9fb86:$s7: ReadByte 0x47db1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x94b15:$x1: NanoCore Client 0x94b25:$x1: NanoCore Client 0x94d6d:$x2: NanoCore.ClientPlugin 0x94dad:$x3: NanoCore.ClientPluginHost 0x94d62:$i1: IClientApp 0x94d83:$i2: IClientData 0x94d8f:$i3: IClientNetwork 0x94d9e:$i4: IClientAppHost 0x94dc7:$i5: IClientDataHost 0x94dd7:$i6: IClientLoggingHost 0x94dea:$i7: IClientNetworkHost 0x94dfd:$i8: IClientUIHost 0x94e0b:$i9: IClientNameObjectCollection 0x94e27:$i10: IClientReadOnlyNameObjectCollection 0x94b74:$s1: ClientPlugin 0x94d76:$s1: ClientPlugin 0x9526a:$s2: EndPoint 0x95273:$s3: IPAddress 0x9527d:$s4: IPEndPoint 0x96cb3:$s6: get_ClientSettings 0x97257:$s7: get_Connected
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x94b15:$a: NanoCore 0x94b25:$a: NanoCore 0x94d59:$a: NanoCore 0x94d6d:$a: NanoCore 0x94dad:$a: NanoCore 0x94b74:$b: ClientPlugin 0x94d76:$b: ClientPlugin 0x94db6:$b: ClientPlugin 0x477b5:$c: ProjectData 0x94c9b:$c: ProjectData 0x956a2:$d: DESCrypto 0x9d06e:$e: KeepAlive 0x9b05c:$g: LogClientMessage 0x97257:$i: get_Connected 0x959d8:$j: #=q 0x95a08:$j: #=q 0x95a24:$j: #=q 0x95a54:$j: #=q 0x95a70:$j: #=q 0x95a8c:$j: #=q 0x95abc:$j: #=q
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x429ad:$x1: NanoCore.ClientPluginHost 0xe51ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x429ea:$x2: IClientNetworkHost 0xe51ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4651d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xe8d1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9819f:$s1: file:/// 0x980af:$s2: {11111-22222-10009-11112} 0x9812f:$s3: {11111-22222-50001-00000} 0x95b31:$s4: get_Module 0x95fa0:$s5: Reverse 0x1af6f:$s6: BlockCopy 0x4d78f:$s6: BlockCopy 0x97c82:$s6: BlockCopy 0xeff8f:$s6: BlockCopy 0x1af66:$s7: ReadByte 0x4d786:$s7: ReadByte 0xeff86:$s7: ReadByte 0x981b1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x42715:$x1: NanoCore Client 0x42725:$x1: NanoCore Client 0xe4f15:$x1: NanoCore Client 0xe4f25:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x4296d:$x2: NanoCore.ClientPlugin 0xe516d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x429ad:$x3: NanoCore.ClientPluginHost 0xe51ad:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x42962:$i1: IClientApp 0xe5162:$i1: IClientApp 0x10163:$i2: IClientData 0x42983:$i2: IClientData 0xe5183:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x4298f:$i3: IClientNetwork 0xe518f:$i3: IClientNetwork
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42715:$a: NanoCore 0x42725:$a: NanoCore 0x42959:$a: NanoCore 0x4296d:$a: NanoCore 0x429ad:$a: NanoCore 0xe4f15:$a: NanoCore 0xe4f25:$a: NanoCore 0xe5159:$a: NanoCore 0xe516d:$a: NanoCore 0xe51ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42774:$b: ClientPlugin 0x42976:$b: ClientPlugin 0x429b6:$b: ClientPlugin
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x449ad:$x1: NanoCore.ClientPluginHost 0x771cd:$x1: NanoCore.ClientPluginHost 0x1199cd:$x1: NanoCore.ClientPluginHost 0x449ea:$x2: IClientNetworkHost 0x7720a:$x2: IClientNetworkHost 0x119a0a:$x2: IClientNetworkHost 0x4851d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x7ad3d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x11d53d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xcc9bf:$s1: file:/// 0xcc8cf:$s2: {11111-22222-10009-11112} 0xcc94f:$s3: {11111-22222-50001-00000} 0xca351:$s4: get_Module 0xca7c0:$s5: Reverse 0x4f78f:$s6: BlockCopy 0x81faf:$s6: BlockCopy 0xcc4a2:$s6: BlockCopy 0x1247af:$s6: BlockCopy 0x4f786:$s7: ReadByte 0x81fa6:$s7: ReadByte 0x1247a6:$s7: ReadByte 0xcc9d1:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x44715:$x1: NanoCore Client 0x44725:$x1: NanoCore Client 0x76f35:$x1: NanoCore Client 0x76f45:$x1: NanoCore Client 0x119735:$x1: NanoCore Client 0x119745:$x1: NanoCore Client 0x4496d:$x2: NanoCore.ClientPlugin 0x7718d:$x2: NanoCore.ClientPlugin 0x11998d:$x2: NanoCore.ClientPlugin 0x449ad:$x3: NanoCore.ClientPluginHost 0x771cd:$x3: NanoCore.ClientPluginHost 0x1199cd:$x3: NanoCore.ClientPluginHost 0x44962:$i1: IClientApp 0x77182:$i1: IClientApp 0x119982:$i1: IClientApp 0x44983:$i2: IClientData 0x771a3:$i2: IClientData 0x1199a3:$i2: IClientData 0x4498f:$i3: IClientNetwork 0x771af:$i3: IClientNetwork 0x1199af:$i3: IClientNetwork
0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x44715:$a: NanoCore 0x44725:$a: NanoCore 0x44959:$a: NanoCore 0x4496d:$a: NanoCore 0x449ad:$a: NanoCore 0x76f35:$a: NanoCore 0x76f45:$a: NanoCore 0x77179:$a: NanoCore 0x7718d:$a: NanoCore 0x771cd:$a: NanoCore 0x119735:$a: NanoCore 0x119745:$a: NanoCore 0x119979:$a: NanoCore 0x11998d:$a: NanoCore 0x1199cd:$a: NanoCore 0x44774:$b: ClientPlugin 0x44976:$b: ClientPlugin 0x449b6:$b: ClientPlugin 0x76f94:$b: ClientPlugin 0x77196:$b: ClientPlugin 0x771d6:$b: ClientPlugin
Click to see the 40 entries

Sigma Signatures

AV Detection

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, ProcessId: 6648, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud

Sigma detected: NanoCore

Source: File created

Stealing of Sensitive Information

Sigma detected: NanoCore

Source: File created

Remote Access Functionality

Sigma detected: NanoCore

Source: File created

Snort Signatures

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975411872025019 05/13/22-08:08:00.468391
SID:	2025019
Source Port:	49754
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044985411872025019 05/13/22-08:09:21.317521
SID:	2025019
Source Port:	49854
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044980111872025019 05/13/22-08:08:29.760918
SID:	2025019
Source Port:	49801
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044982111872025019 05/13/22-08:08:42.572616
SID:	2025019
Source Port:	49821
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 212.193.30.204 - Destination IP: 192.168.2.3

Timestamp:	212.193.30.204192.168.2.31187497432841753 05/13/22-08:07:41.912295
SID:	2841753
Source Port:	1187
Destination Port:	49743
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975711872025019 05/13/22-08:08:08.371746
SID:	2025019
Source Port:	49757
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 212.193.30.204 - Destination IP: 192.168.2.3

Timestamp:	212.193.30.204192.168.2.31187497542810290 05/13/22-08:08:01.239966
SID:	2810290
Source Port:	1187
Destination Port:	49754
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044982311872816766 05/13/22-08:08:50.618349
SID:	2816766
Source Port:	49823
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044974211872816766 05/13/22-08:07:36.524732
SID:	2816766
Source Port:	49742
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044985211872816766 05/13/22-08:09:10.204690
SID:	2816766
Source Port:	49852
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044974611872816766 05/13/22-08:07:48.002664
SID:	2816766
Source Port:	49746
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975811872816766 05/13/22-08:08:17.137563
SID:	2816766
Source Port:	49758
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044976811872816766 05/13/22-08:08:24.638697
SID:	2816766
Source Port:	49768
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044985311872816718 05/13/22-08:09:16.220396
SID:	2816718
Source Port:	49853
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044982311872025019 05/13/22-08:08:48.802408
SID:	2025019
Source Port:	49823
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044974611872025019 05/13/22-08:07:47.181678
SID:	2025019
Source Port:	49746
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044974211872025019 05/13/22-08:07:35.302011
SID:	2025019
Source Port:	49742
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044985211872025019 05/13/22-08:09:09.270895
SID:	2025019
Source Port:	49852
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044980111872816766 05/13/22-08:08:30.710594
SID:	2816766
Source Port:	49801
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975711872816766 05/13/22-08:08:10.114903
SID:	2816766
Source Port:	49757
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044983311872025019 05/13/22-08:08:55.683074
SID:	2025019
Source Port:	49833
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975411872816766 05/13/22-08:08:02.678142
SID:	2816766
Source Port:	49754
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044985311872025019 05/13/22-08:09:15.326471
SID:	2025019
Source Port:	49853
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044982111872816766 05/13/22-08:08:43.505269
SID:	2816766
Source Port:	49821
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044984811872816766 05/13/22-08:09:04.076097
SID:	2816766
Source Port:	49848
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044974311872025019 05/13/22-08:07:41.882179
SID:	2025019
Source Port:	49743
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044981511872816766 05/13/22-08:08:36.858197
SID:	2816766
Source Port:	49815
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044985311872816766 05/13/22-08:09:16.220396
SID:	2816766
Source Port:	49853
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975311872816766 05/13/22-08:07:55.099091
SID:	2816766
Source Port:	49753
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975311872025019 05/13/22-08:07:53.749457
SID:	2025019
Source Port:	49753
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044976811872025019 05/13/22-08:08:23.663433
SID:	2025019
Source Port:	49768
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044983311872816766 05/13/22-08:08:56.775852
SID:	2816766
Source Port:	49833
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975811872025019 05/13/22-08:08:15.665656
SID:	2025019
Source Port:	49758
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044975811872816718 05/13/22-08:08:16.194877
SID:	2816718
Source Port:	49758
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044981511872025019 05/13/22-08:08:36.042332
SID:	2025019
Source Port:	49815
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 212.193.30.204

Timestamp:	192.168.2.3212.193.30.2044984811872025019 05/13/22-08:09:02.275060
SID:	2025019
Source Port:	49848
Destination Port:	1187
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "fe56abb4-cb76-44f1-89b4-7bb11730", "Group": "Default", "Domain1": "deranano2.ddns.net", "Port": 1187, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Multi AV Scanner detection for submitted file

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Virustotal: Detection: 37%			Perma Link
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	ReversingLabs: Detection: 43%

Antivirus detection for URL or domain

Source: deranano2.ddns.net

Avira URL Cloud: Label: malware

Yara detected Nanocore RAT

Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR

Machine Learning detection for sample

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Joe Sandbox ML: detected

Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	Avira: Label: TR/Dropper.MSIL.Gen7

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49742 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49742 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49743 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 212.193.30.204:1187 -> 192.168.2.3:49743
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49746 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49746 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49753 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49754 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 212.193.30.204:1187 -> 192.168.2.3:49754
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49754 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49757 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49757 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49758 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49758 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49758 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49768 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49768 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49801 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49801 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49815 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49815 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49821 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49821 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49823 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49823 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49833 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49833 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49848 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49848 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49852 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49852 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49853 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49853 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49853 -> 212.193.30.204:1187
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49854 -> 212.193.30.204:1187

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs:
Source: Malware configuration extractor	URLs: deranano2.ddns.net

Uses dynamic DNS services

Source: unknown

DNS query: name: deranano2.ddns.net

Source: Joe Sandbox View

ASN Name: SPD-NETTR SPD-NETTR

Source: Joe Sandbox View

IP Address: 212.193.30.204 212.193.30.204

Source: global traffic

TCP traffic: 192.168.2.3:49742 -> 212.193.30.204:1187

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252732703.0000000005E06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://en.w
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersB
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFgN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comalsd
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comasva0N
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdko
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comessedqN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comgrita
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comnN7
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.como
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comoJN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255061936.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn=
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn?
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.264426212.0000000005E30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/n
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/&N
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/)N
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/CN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/JN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/gN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/;N
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/nN7
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/qN
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com=
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.come
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.comiv;b
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.comt
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: unknown

DNS traffic detected: queries for: deranano2.ddns.net

E-Banking Fraud

Yara detected Nanocore RAT

Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Code function: 0_2_053B1308		0_2_053B1308
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Code function: 0_2_053B1302		0_2_053B1302

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000000.249181724.0000000000A9A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.292518005.0000000007700000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000004.00000000.277265474.00000000000DA000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000005.00000000.283423330.0000000000F4A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Binary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Virustotal: Detection: 37%
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	ReversingLabs: Detection: 43%

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

File read: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Jump to behavior

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe "C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe"
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@5/5@17/2

Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Mutant created: \Sessions\1\BaseNamedObjects\Global\{fe56abb4-cb76-44f1-89b4-7bb11730ab9d}

Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation

.NET source code contains potential unpacker

Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

.NET source code contains method to dynamically call methods (often used by packers)

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 0.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.a10000.0.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.a10000.0.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.2.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.1.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.3.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 4.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.0.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.0.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.2.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.5.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.0.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.7.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.9.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.3.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.13.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.11.unpack, Main.cs	.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Code function: 0_2_053B0006 push edx; retf 0002h	0_2_053B009E
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Code function: 0_2_053B6D70 pushfd ; retf	0_2_053B6D79
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Code function: 0_2_053B6DB4 pushfd ; retf	0_2_053B6D79

Source: initial sample

Static PE information: section name: .text entropy: 7.91713576226

Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	File created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	File created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	File created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	File created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

File opened: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe TID: 6320	Thread sleep time: -45733s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe TID: 6336	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe TID: 6812	Thread sleep time: -15679732462653109s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Window / User API: threadDelayed 5856	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Window / User API: threadDelayed 3169	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Window / User API: foregroundWindowGot 770	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Window / User API: foregroundWindowGot 845	Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Thread delayed: delay time: 45733	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe			Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Process created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe			Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Nanocore RAT

Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR

Remote Access Functionality

Detected Nanocore Rat

Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost

Yara detected Nanocore RAT

Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	Path Interception	11 Process Injection	1 Masquerading	OS Credential Dumping	111 Security Software Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Remote Access Software	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	21 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Hidden Files and Directories	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	2 Obfuscated Files or Information	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	23 Software Packing	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	38%	Virustotal		Browse
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	44%	ReversingLabs	ByteCode-MSIL.Trojan.FormBook
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File

Domains

Source	Detection	Scanner	Label	Link
deranano2.ddns.net	4%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
	0%	Avira URL Cloud	safe
http://www.sajatypeworks.comiv;b	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn?	0%	URL Reputation	safe
http://www.sajatypeworks.com=	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.comdko	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn=	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/;N	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/&N	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.fontbureau.comgrita	0%	URL Reputation	safe
http://www.galapagosdesign.com/n	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/CN	0%	Avira URL Cloud	safe
http://www.fontbureau.comessedqN	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.fontbureau.comasva0N	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.fontbureau.comoJN	0%	Avira URL Cloud	safe
http://www.sajatypeworks.come	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/qN	0%	Avira URL Cloud	safe
http://www.fontbureau.comalsd	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/gN	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/)N	0%	Avira URL Cloud	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.fontbureau.comnN7	0%	Avira URL Cloud	safe
http://www.sajatypeworks.comt	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://en.w	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.comFgN	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
deranano2.ddns.net	100%	Avira URL Cloud	malware
http://www.jiyu-kobo.co.jp/nN7	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.como	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/JN	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
deranano2.ddns.net	212.193.30.204	true	true	4%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
	true	Avira URL Cloud: safe	low
deranano2.ddns.net	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sajatypeworks.comiv;b	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designers/?	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersB	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn?	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com=	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.tiro.com	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comdko	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn=	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/jp/;N	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/&N	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comgrita	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/n	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.264426212.0000000005E30000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/CN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comessedqN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comasva0N	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cn	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comoJN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.come	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/qN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comalsd	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/gN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/)N	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comF	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comnN7	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.comt	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/jp/	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://en.w	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252732703.0000000005E06000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comFgN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255061936.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/nN7	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.como	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/JN	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
212.193.30.204	deranano2.ddns.net	Russian Federation		57844	SPD-NETTR	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	625814
Start date and time: 13/05/202208:06:10	2022-05-13 08:06:10 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@5/5@17/2
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 0.1% (good quality ratio 0.1%) Quality average: 62% Quality standard deviation: 8.5%
HCA Information:	Successful, ratio: 99% Number of executed functions: 18 Number of non-executed functions: 2
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Execution Graph export aborted for target Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, PID 6632 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:07:24	API Interceptor	880x Sleep call for process: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
212.193.30.204	MARIAM HONAINE'S CV.exe	Get hash	malicious	Browse
	QUOTATION.exe	Get hash	malicious	Browse
	2020574185.exe	Get hash	malicious	Browse
	ORDER.exe	Get hash	malicious	Browse
	POP.exe	Get hash	malicious	Browse
	Bill Of Lading.exe	Get hash	malicious	Browse
	900010225 CON.LUMES JAIPUR 05.02.2022.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
deranano2.ddns.net	MARIAM HONAINE'S CV.exe	Get hash	malicious	Browse	212.193.30.204
	QUOTATION.exe	Get hash	malicious	Browse	212.193.30.204
	2020574185.exe	Get hash	malicious	Browse	212.193.30.204
	ORDER.exe	Get hash	malicious	Browse	212.193.30.204
	POP.exe	Get hash	malicious	Browse	212.193.30.204
	Bill Of Lading.exe	Get hash	malicious	Browse	212.193.30.204
	900010225 CON.LUMES JAIPUR 05.02.2022.exe	Get hash	malicious	Browse	212.193.30.204
	FYI.exe	Get hash	malicious	Browse	194.31.98.18
	FYI.exe	Get hash	malicious	Browse	194.31.98.18
	VOLGOIL LLC SOFT CORPORATE OFFER VESSEL TO TANK.exe	Get hash	malicious	Browse	194.31.98.18
	product specification and detailspdf.exe	Get hash	malicious	Browse	194.31.98.18

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
SPD-NETTR	New Purchase Order 4522028497676.xlsx	Get hash	malicious	Browse	212.193.30.214
	MARIAM HONAINE'S CV.exe	Get hash	malicious	Browse	212.193.30.204
	QUOTATION.exe	Get hash	malicious	Browse	212.193.30.204
	Resetter.exe	Get hash	malicious	Browse	212.193.30.29
	SecuriteInfo.com.Trojan.PackedNET.331.26146.exe	Get hash	malicious	Browse	212.193.30.38
	hdk8Z67C7x.exe	Get hash	malicious	Browse	212.193.30.29
	CHANGE OF ACCOUNT RUSH TO DESK.exe	Get hash	malicious	Browse	212.193.30.101
	2020574185.exe	Get hash	malicious	Browse	212.193.30.204
	ORDER.exe	Get hash	malicious	Browse	212.193.30.204
	ckc238HATk.exe	Get hash	malicious	Browse	212.193.30.45
	ckc238HATk.exe	Get hash	malicious	Browse	212.193.30.45
	TjDCLiM89x.exe	Get hash	malicious	Browse	212.193.30.45
	POP.exe	Get hash	malicious	Browse	212.193.30.204
	AFAC7896CF21983233C533EEAEC870610856969D98218.exe	Get hash	malicious	Browse	212.193.30.29
	E4FB57012D7A31E6511C4BAC952323093E8BB51F13884.exe	Get hash	malicious	Browse	212.193.30.29
	E2E7294A6FEE9EF6372897F3BEBFFB0D17BC31B9CF8C6.exe	Get hash	malicious	Browse	212.193.30.29
	Bill Of Lading.exe	Get hash	malicious	Browse	212.193.30.204
	900010225 CON.LUMES JAIPUR 05.02.2022.exe	Get hash	malicious	Browse	212.193.30.204
	7nSmJgc4Js.exe	Get hash	malicious	Browse	212.193.30.45
	arm7-20220427-0150	Get hash	malicious	Browse	185.118.141.120

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.log

Download File

Process:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.345811588615766
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4FsXE8:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHJ
MD5:	EA78C102145ED608EF0E407B978AF339
SHA1:	66C9179ED9675B9271A97AB1FC878077E09AB731
SHA-256:	8BF01E0C445BD07C0B4EDC7199B7E17DAF1CA55CA52D4A6EAC4EF211C2B1A73E
SHA-512:	8C04139A1FC3C3BDACB680EC443615A43EB18E73B5A0CFCA644CB4A5E71746B275B3E238DD1A5A205405313E457BB75F9BBB93277C67AFA5D78DCFA30E5DA02B
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

Download File

Process:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	7.024371743172393
Encrypted:	false
SSDEEP:	6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9
MD5:	32D0AAE13696FF7F8AF33B2D22451028
SHA1:	EF80C4E0DB2AE8EF288027C9D3518E6950B583A4
SHA-256:	5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29
SHA-512:	1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Download File

Process:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:LNln:LNl
MD5:	56ADDD7A30A64177C4CC87D0A61A3AEE
SHA1:	B857C6B80C8CC5D8FB92257F99398297103C6745
SHA-256:	2F0841CD881476437CBC932BBA028152B03666132DF48410C7DE4FAA183389F6
SHA-512:	A0A3CC6798AB662BBF2146ECD0653505BBF414F487C2AC37EAD1BB5CB68727A4FA0F8EEBA7BB000ECD788CED641C65DAD08AFBC13FE6270ABD1405CEDE84B918
Malicious:	true
Reputation:	low
Preview:	..dN.4.H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin

Download File

Process:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	5.153055907333276
Encrypted:	false
SSDEEP:	3:9bzY6oRDT6P2bfVn1:RzWDT621
MD5:	4E5E92E2369688041CC82EF9650EDED2
SHA1:	15E44F2F3194EE232B44E9684163B6F66472C862
SHA-256:	F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
SHA-512:	1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	9iH...}Z.4..f.~a........~.~.......3.U.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat

Download File

Process:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
File Type:	data
Category:	dropped
Size (bytes):	327432
Entropy (8bit):	7.99938831605763
Encrypted:	true
SSDEEP:	6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
MD5:	7E8F4A764B981D5B82D1CC49D341E9C6
SHA1:	D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
SHA-256:	0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
SHA-512:	880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...\|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.).....{B.[...y%...i.Q.<..xt.X..H.. ..HF7g...I.3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.\|i4...i...;O...n.?.,. ....v?.5}.OY@.dG\|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...\|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`\|.B....3.....I..o...u1..8i=.z.W..7

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.908482488052613
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
File size:	555520
MD5:	717fc8318eb370b1e8ae630af9fe431d
SHA1:	842ee97ed218857603188de6831afcc9919addd6
SHA256:	6035a6b2488b6c073d4b1cda9c9879e207b73e94c3551624667e59cc8719dd01
SHA512:	bcfcf0b516ada1d2d1eb7c4e50b99b060bfa1f3fa7e14e36541fb1106242afc2c6ea2921dc11992d0c5c00fc66cbe7600cd07d64f94cbaebc52e70d1a0c091f0
SSDEEP:	12288:Pp/rlgHiwwUkLzPOca+3Jr/m/O4EBSMF5puoyOkWKZWhJlQ:5p8ErNt/Wcu+kWtHlQ
TLSH:	46C4121B22A82BB2D1BA6BF920F2305603F2A5371523FF9D4DD930DA6D55B580710F2B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}b..............0..p............... ........@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x488e0e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x627D08B8 [Thu May 12 13:16:40 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x88dbc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8a000	0x5c4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x86e14	0x87000	False	0.930960648148	data	7.91713576226	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x8a000	0x5c4	0x600	False	0.42578125	data	4.13420959753	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8c000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x8a090	0x334	data
RT_MANIFEST	0x8a3d4	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2017
Assembly Version	1.0.0.0
InternalName	ObjectHolderL.exe
FileVersion	1.0.0.0
CompanyName
LegalTrademarks
Comments
ProductName	TexasHoldem
ProductVersion	1.0.0.0
FileDescription	TexasHoldem
OriginalFilename	ObjectHolderL.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.3212.193.30.2044975411872025019 05/13/22-08:08:00.468391	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49754	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044985411872025019 05/13/22-08:09:21.317521	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49854	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044980111872025019 05/13/22-08:08:29.760918	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49801	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044982111872025019 05/13/22-08:08:42.572616	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49821	1187	192.168.2.3	212.193.30.204
212.193.30.204192.168.2.31187497432841753 05/13/22-08:07:41.912295	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	1187	49743	212.193.30.204	192.168.2.3
192.168.2.3212.193.30.2044975711872025019 05/13/22-08:08:08.371746	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49757	1187	192.168.2.3	212.193.30.204
212.193.30.204192.168.2.31187497542810290 05/13/22-08:08:01.239966	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	1187	49754	212.193.30.204	192.168.2.3
192.168.2.3212.193.30.2044982311872816766 05/13/22-08:08:50.618349	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49823	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044974211872816766 05/13/22-08:07:36.524732	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49742	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044985211872816766 05/13/22-08:09:10.204690	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49852	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044974611872816766 05/13/22-08:07:48.002664	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49746	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975811872816766 05/13/22-08:08:17.137563	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49758	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044976811872816766 05/13/22-08:08:24.638697	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49768	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044985311872816718 05/13/22-08:09:16.220396	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49853	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044982311872025019 05/13/22-08:08:48.802408	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49823	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044974611872025019 05/13/22-08:07:47.181678	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49746	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044974211872025019 05/13/22-08:07:35.302011	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49742	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044985211872025019 05/13/22-08:09:09.270895	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49852	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044980111872816766 05/13/22-08:08:30.710594	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49801	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975711872816766 05/13/22-08:08:10.114903	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49757	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044983311872025019 05/13/22-08:08:55.683074	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49833	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975411872816766 05/13/22-08:08:02.678142	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49754	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044985311872025019 05/13/22-08:09:15.326471	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49853	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044982111872816766 05/13/22-08:08:43.505269	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49821	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044984811872816766 05/13/22-08:09:04.076097	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49848	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044974311872025019 05/13/22-08:07:41.882179	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49743	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044981511872816766 05/13/22-08:08:36.858197	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49815	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044985311872816766 05/13/22-08:09:16.220396	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49853	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975311872816766 05/13/22-08:07:55.099091	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49753	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975311872025019 05/13/22-08:07:53.749457	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49753	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044976811872025019 05/13/22-08:08:23.663433	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49768	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044983311872816766 05/13/22-08:08:56.775852	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49833	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975811872025019 05/13/22-08:08:15.665656	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49758	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044975811872816718 05/13/22-08:08:16.194877	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49758	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044981511872025019 05/13/22-08:08:36.042332	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49815	1187	192.168.2.3	212.193.30.204
192.168.2.3212.193.30.2044984811872025019 05/13/22-08:09:02.275060	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49848	1187	192.168.2.3	212.193.30.204

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 13, 2022 08:07:35.189085960 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.217052937 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.217293024 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.302011013 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.371608973 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.395320892 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.424401999 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.529284000 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.615108013 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.788824081 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.886101007 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.947149038 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.947220087 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.947247028 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.947273970 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.947276115 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.947316885 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.975105047 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975169897 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975209951 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975250959 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975294113 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975332022 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975341082 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.975372076 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975394011 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:35.975410938 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:35.975564957 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.002994061 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003063917 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003103018 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003142118 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003170967 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003181934 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003217936 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003221035 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003262043 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003300905 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003305912 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003344059 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003365993 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003382921 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003422022 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003453016 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003460884 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003500938 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003514051 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003540039 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003577948 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003611088 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.003618002 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.003671885 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032332897 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032407999 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032450914 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032495022 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032526016 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032567024 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032609940 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032645941 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032650948 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032690048 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032691956 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032728910 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032768011 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032800913 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032805920 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032846928 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032857895 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032886982 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032898903 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.032926083 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.032967091 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033003092 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033011913 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033041954 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033067942 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033081055 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033118963 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033149004 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033157110 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033195019 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033207893 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033233881 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033277035 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033309937 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033313990 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033353090 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033375978 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033391953 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033430099 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033461094 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033468008 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033508062 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033530951 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033548117 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033587933 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033626080 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.033646107 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.033677101 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.061475039 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061539888 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061584949 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061625004 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061640978 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.061667919 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061709881 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061719894 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.061750889 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061779976 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.061791897 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061830997 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061862946 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.061872959 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061913967 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061928988 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.061956882 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.061996937 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062017918 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062038898 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062077045 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062091112 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062118053 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062156916 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062192917 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062196016 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062236071 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062248945 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062278032 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062318087 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062350035 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062356949 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062395096 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062407970 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062433958 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062472105 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062506914 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062511921 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062553883 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062562943 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062592030 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062630892 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062664986 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062669992 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062707901 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062721014 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062748909 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062787056 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062819958 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062827110 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062868118 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062877893 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062906981 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062946081 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.062978983 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.062985897 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063023090 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063038111 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.063061953 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063100100 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063133001 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.063141108 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063182116 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063194036 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.063220978 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063260078 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063277006 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.063343048 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063380957 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063412905 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.063421011 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.063561916 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091145039 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091207027 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091244936 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091315985 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091356993 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091376066 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091393948 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091408968 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091434002 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091451883 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091473103 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091511011 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091545105 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091550112 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091588974 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091603994 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091628075 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091669083 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091701031 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091706038 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091744900 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091758966 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091784954 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091824055 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091856956 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091865063 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091902971 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091918945 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.091943026 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091984034 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.091996908 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092021942 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092062950 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092076063 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092102051 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092139959 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092154980 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092178106 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092217922 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092251062 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092257977 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092299938 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092310905 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092339039 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092376947 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092410088 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092416048 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092453003 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092474937 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092526913 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092569113 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092583895 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092606068 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092644930 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092655897 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092685938 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092722893 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092746973 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092761993 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092801094 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092802048 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092839003 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092889071 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092891932 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092906952 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092947006 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.092961073 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.092984915 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.093022108 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.093038082 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.093060970 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.093116999 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120256901 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120332003 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120371103 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120407104 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120409966 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120449066 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120460987 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120520115 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120562077 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120572090 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120604038 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120641947 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120660067 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120681047 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120721102 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120754957 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120758057 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120798111 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120815992 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120886087 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120910883 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120951891 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.120956898 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.120999098 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121011972 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121041059 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121082067 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121095896 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121136904 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121177912 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121179104 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121220112 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121258974 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121275902 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121304035 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121344090 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121385098 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121428013 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121467113 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121485949 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121500015 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121501923 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121517897 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121539116 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121579885 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121611118 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121619940 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121659994 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121694088 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121700048 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121746063 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121753931 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121786118 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121824980 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121838093 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121865034 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121912956 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121927023 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.121936083 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121975899 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.121988058 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.122015953 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122055054 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122088909 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.122095108 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122134924 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122157097 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.122184038 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122224092 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122237921 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.122265100 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.122327089 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.149714947 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.149780035 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.149823904 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.149837971 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.149879932 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.149916887 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.149924994 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.149956942 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.149996996 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150028944 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150034904 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150077105 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150084972 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150125027 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150161982 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150182962 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150201082 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150239944 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150243998 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150279045 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150321960 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150333881 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150369883 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150393009 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150413036 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150433064 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150471926 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150511980 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150512934 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150554895 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150588989 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150598049 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150640011 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150650978 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150677919 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150717974 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150728941 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150758028 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150796890 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150806904 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150836945 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150876045 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150898933 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.150913954 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150960922 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.150984049 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151000023 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151038885 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151072025 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151077986 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151114941 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151128054 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151154995 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151194096 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151226044 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151232958 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151273012 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151299000 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151314020 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151354074 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151386976 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151391983 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151429892 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151442051 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151472092 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151496887 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151526928 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151536942 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151576042 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151606083 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151612997 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151650906 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151665926 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151690006 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151729107 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151757956 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151768923 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151828051 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.151885033 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151930094 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151968002 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.151978016 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.152007103 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152046919 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152060032 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.152086020 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152126074 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152137995 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.152168989 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152208090 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152221918 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.152245998 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152288914 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152298927 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.152328014 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:36.152379990 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.524732113 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:36.601154089 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:37.250981092 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:37.333664894 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:37.527476072 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:37.543832064 CEST	1187	49742	212.193.30.204	192.168.2.3
May 13, 2022 08:07:37.543998003 CEST	49742	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:41.851166010 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:41.878602028 CEST	1187	49743	212.193.30.204	192.168.2.3
May 13, 2022 08:07:41.881591082 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:41.882179022 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:41.912295103 CEST	1187	49743	212.193.30.204	192.168.2.3
May 13, 2022 08:07:41.962075949 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:41.989156961 CEST	1187	49743	212.193.30.204	192.168.2.3
May 13, 2022 08:07:42.004565954 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:42.033258915 CEST	1187	49743	212.193.30.204	192.168.2.3
May 13, 2022 08:07:42.090475082 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:42.569004059 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:42.589651108 CEST	49743	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.142143965 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.169976950 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:47.170093060 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.181678057 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.251987934 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:47.252329111 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.280294895 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:47.384391069 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.659348011 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:47.739785910 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:47.970566988 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:48.002664089 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.030539989 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:48.087547064 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.315069914 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.396322012 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:48.396409035 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.424818993 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:48.587584019 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.617888927 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:48.775103092 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.791431904 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.880423069 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:48.887944937 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:48.974519014 CEST	1187	49746	212.193.30.204	192.168.2.3
May 13, 2022 08:07:49.207058907 CEST	49746	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:53.721395969 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:53.748831034 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:53.749036074 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:53.749456882 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:53.803994894 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:53.804265976 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:53.833164930 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:53.884916067 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.020106077 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.100018978 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.100265026 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.192826033 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.292644978 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.295058966 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.332011938 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.333169937 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.361139059 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.374428034 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.403599977 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.447468996 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:54.608795881 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:54.650667906 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:55.011168003 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:55.098963976 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:55.099091053 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:07:55.177109003 CEST	1187	49753	212.193.30.204	192.168.2.3
May 13, 2022 08:07:56.057840109 CEST	49753	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.437861919 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.467808008 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:00.467948914 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.468390942 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.538621902 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:00.539258003 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.567104101 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:00.619916916 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.791508913 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:00.869036913 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:01.029218912 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:01.073080063 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:01.104187965 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:01.133006096 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:01.209665060 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:01.212287903 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:01.239965916 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:01.241260052 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:01.269443989 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:01.323048115 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:01.647434950 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:01.739928961 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:02.678142071 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:02.729430914 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:02.791969061 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:02.867244959 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:02.943248987 CEST	1187	49754	212.193.30.204	192.168.2.3
May 13, 2022 08:08:03.943905115 CEST	49754	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.343358994 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.370965004 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:08.371071100 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.371746063 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.421261072 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:08.491285086 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.520407915 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:08.589385033 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.711447954 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:08.786880970 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:08.971767902 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:09.050249100 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:09.052457094 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:09.080949068 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:09.082478046 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:09.110742092 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:09.110883951 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:09.138528109 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:09.276889086 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:10.114902973 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:10.192846060 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:10.344990015 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:10.427067995 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:10.836469889 CEST	1187	49757	212.193.30.204	192.168.2.3
May 13, 2022 08:08:10.886492014 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:11.027652979 CEST	49757	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:15.637177944 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:15.665009975 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:15.665623903 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:15.665656090 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:15.719175100 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:15.719624043 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:15.747514009 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:15.838274002 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:16.113182068 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:16.192917109 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:16.194876909 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:16.271138906 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:16.360537052 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:16.378336906 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:16.408068895 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:16.526808023 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:16.555278063 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:16.571094036 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:16.599770069 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:16.777503967 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:17.137562990 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:17.223952055 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:17.631160975 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:17.710031033 CEST	1187	49758	212.193.30.204	192.168.2.3
May 13, 2022 08:08:18.168596029 CEST	49758	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:23.631201982 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:23.660567045 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:23.661932945 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:23.663433075 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:23.702959061 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:23.703449965 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:23.731332064 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:23.965653896 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.376827002 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.452557087 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:24.638696909 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.640796900 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:24.666389942 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:24.666559935 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.730182886 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:24.876085043 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.906709909 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:24.907434940 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.937108994 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:24.938060999 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:24.971827984 CEST	1187	49768	212.193.30.204	192.168.2.3
May 13, 2022 08:08:25.153306007 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:25.624880075 CEST	49768	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:29.732378006 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:29.760006905 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:29.760154963 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:29.760917902 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:29.809751987 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:29.810332060 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:29.839529037 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:29.888010025 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:30.710593939 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:30.813860893 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.059535027 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.145905972 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.331316948 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.340989113 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.369456053 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.370953083 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.400460958 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.400602102 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.430212975 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.481884956 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.666104078 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.716737986 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:31.740858078 CEST	1187	49801	212.193.30.204	192.168.2.3
May 13, 2022 08:08:31.740998030 CEST	49801	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.013355017 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.040678978 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:36.041775942 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.042331934 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.109175920 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:36.109441996 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.137221098 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:36.294753075 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.628711939 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.708581924 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:36.858196974 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.904139042 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:36.905523062 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:36.934679031 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:36.936089993 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:37.240354061 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:37.240488052 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:37.294864893 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:37.322946072 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:37.794924021 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:37.826499939 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:37.828713894 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:37.904269934 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:37.931931973 CEST	1187	49815	212.193.30.204	192.168.2.3
May 13, 2022 08:08:38.091800928 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:38.153107882 CEST	49815	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:42.544550896 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:42.571962118 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:42.572179079 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:42.572616100 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:42.634898901 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:42.637363911 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:42.665213108 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:42.795373917 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:43.505269051 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:43.583250999 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:43.877108097 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:43.958750010 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:44.158596992 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:44.160392046 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:44.188862085 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:44.232937098 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:44.287873983 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:44.315614939 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:44.320405006 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:44.350920916 CEST	1187	49821	212.193.30.204	192.168.2.3
May 13, 2022 08:08:44.404797077 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:44.553883076 CEST	49821	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:48.760473013 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:48.787889004 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:48.788100958 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:48.802407980 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:48.867459059 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:48.867882967 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:48.896356106 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:48.952085972 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:49.199434996 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:49.286973000 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:49.498456955 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:49.499983072 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:49.527398109 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:49.577157021 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:49.590707064 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:49.677100897 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:49.906238079 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:49.952167988 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:49.979484081 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:49.987601995 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:50.015779972 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:50.015937090 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:50.044250965 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:50.092840910 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:50.161704063 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:50.255510092 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:50.618349075 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:50.708394051 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:51.381386042 CEST	1187	49823	212.193.30.204	192.168.2.3
May 13, 2022 08:08:51.436732054 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:51.598146915 CEST	49823	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:55.654515982 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:55.682387114 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:55.682493925 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:55.683073997 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:55.737241983 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:55.737346888 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:55.834041119 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:55.834141016 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:55.861922026 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:55.905817032 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.042253971 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.130184889 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:56.330420017 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:56.332377911 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.359503984 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:56.363461971 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.391335011 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:56.391509056 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.421319008 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:56.426351070 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.506810904 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:56.775851965 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:08:56.849323988 CEST	1187	49833	212.193.30.204	192.168.2.3
May 13, 2022 08:08:58.168776989 CEST	49833	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:02.244868040 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:02.274483919 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:02.274580956 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:02.275059938 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:02.328269005 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:02.328628063 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:02.356767893 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:02.437696934 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.063185930 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.148144960 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.158971071 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.253868103 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.432281971 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.433285952 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.462435007 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.489253998 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.517210007 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.517484903 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.545717955 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.545809031 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:03.575727940 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:03.625287056 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:04.076097012 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:04.160180092 CEST	1187	49848	212.193.30.204	192.168.2.3
May 13, 2022 08:09:05.070554018 CEST	49848	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.242080927 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.269586086 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:09.269704103 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.270895004 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.333878040 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:09.334153891 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.365652084 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:09.406985998 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.709724903 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:09.785592079 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:10.012810946 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:10.013854027 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:10.044502020 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:10.045578957 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:10.073350906 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:10.073484898 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:10.106957912 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:10.107069016 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:10.194484949 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:10.204689980 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:10.287734032 CEST	1187	49852	212.193.30.204	192.168.2.3
May 13, 2022 08:09:11.204633951 CEST	49852	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.293801069 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.323955059 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.324074030 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.326471090 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.375271082 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.375718117 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.404839039 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.454324961 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.646147966 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.725939035 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.915699005 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.917701006 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.944910049 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.945952892 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:15.976754904 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:15.976939917 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:16.007033110 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:16.007148027 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:16.097681999 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:16.220396042 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:16.300637960 CEST	1187	49853	212.193.30.204	192.168.2.3
May 13, 2022 08:09:17.252583027 CEST	49853	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.289084911 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.316781998 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.316896915 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.317521095 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.365655899 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.365951061 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.393781900 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.394961119 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.488895893 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.687370062 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.688379049 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.717691898 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.718967915 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.747786045 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.747960091 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:21.779926062 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:21.830079079 CEST	49854	1187	192.168.2.3	212.193.30.204
May 13, 2022 08:09:23.841430902 CEST	1187	49854	212.193.30.204	192.168.2.3
May 13, 2022 08:09:23.892607927 CEST	49854	1187	192.168.2.3	212.193.30.204

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 13, 2022 08:07:35.158261061 CEST	64851	53	192.168.2.3	8.8.8.8
May 13, 2022 08:07:35.179594040 CEST	53	64851	8.8.8.8	192.168.2.3
May 13, 2022 08:07:41.831705093 CEST	49316	53	192.168.2.3	8.8.8.8
May 13, 2022 08:07:41.849618912 CEST	53	49316	8.8.8.8	192.168.2.3
May 13, 2022 08:07:47.056458950 CEST	55923	53	192.168.2.3	8.8.8.8
May 13, 2022 08:07:47.077611923 CEST	53	55923	8.8.8.8	192.168.2.3
May 13, 2022 08:07:53.702831984 CEST	57421	53	192.168.2.3	8.8.8.8
May 13, 2022 08:07:53.720316887 CEST	53	57421	8.8.8.8	192.168.2.3
May 13, 2022 08:08:00.358644009 CEST	65358	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:00.378106117 CEST	53	65358	8.8.8.8	192.168.2.3
May 13, 2022 08:08:08.322488070 CEST	65266	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:08.341821909 CEST	53	65266	8.8.8.8	192.168.2.3
May 13, 2022 08:08:15.610367060 CEST	63332	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:15.630654097 CEST	53	63332	8.8.8.8	192.168.2.3
May 13, 2022 08:08:23.610284090 CEST	52985	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:23.629914999 CEST	53	52985	8.8.8.8	192.168.2.3
May 13, 2022 08:08:29.710989952 CEST	60640	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:29.730588913 CEST	53	60640	8.8.8.8	192.168.2.3
May 13, 2022 08:08:35.992012024 CEST	61877	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:36.011658907 CEST	53	61877	8.8.8.8	192.168.2.3
May 13, 2022 08:08:42.522573948 CEST	64412	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:42.542064905 CEST	53	64412	8.8.8.8	192.168.2.3
May 13, 2022 08:08:48.737997055 CEST	51779	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:48.757751942 CEST	53	51779	8.8.8.8	192.168.2.3
May 13, 2022 08:08:55.632879972 CEST	50608	53	192.168.2.3	8.8.8.8
May 13, 2022 08:08:55.652250051 CEST	53	50608	8.8.8.8	192.168.2.3
May 13, 2022 08:09:02.216834068 CEST	54205	53	192.168.2.3	8.8.8.8
May 13, 2022 08:09:02.237754107 CEST	53	54205	8.8.8.8	192.168.2.3
May 13, 2022 08:09:09.219763041 CEST	62756	53	192.168.2.3	8.8.8.8
May 13, 2022 08:09:09.241046906 CEST	53	62756	8.8.8.8	192.168.2.3
May 13, 2022 08:09:15.269599915 CEST	58497	53	192.168.2.3	8.8.8.8
May 13, 2022 08:09:15.292433977 CEST	53	58497	8.8.8.8	192.168.2.3
May 13, 2022 08:09:21.268994093 CEST	62701	53	192.168.2.3	8.8.8.8
May 13, 2022 08:09:21.288356066 CEST	53	62701	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 13, 2022 08:07:35.158261061 CEST	192.168.2.3	8.8.8.8	0x845a	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:07:41.831705093 CEST	192.168.2.3	8.8.8.8	0xff8a	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:07:47.056458950 CEST	192.168.2.3	8.8.8.8	0xac45	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:07:53.702831984 CEST	192.168.2.3	8.8.8.8	0x78a3	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:00.358644009 CEST	192.168.2.3	8.8.8.8	0x5137	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:08.322488070 CEST	192.168.2.3	8.8.8.8	0xf172	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:15.610367060 CEST	192.168.2.3	8.8.8.8	0x9690	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:23.610284090 CEST	192.168.2.3	8.8.8.8	0x5d87	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:29.710989952 CEST	192.168.2.3	8.8.8.8	0x302	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:35.992012024 CEST	192.168.2.3	8.8.8.8	0x21ab	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:42.522573948 CEST	192.168.2.3	8.8.8.8	0x792	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:48.737997055 CEST	192.168.2.3	8.8.8.8	0x5d0d	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:08:55.632879972 CEST	192.168.2.3	8.8.8.8	0xde0	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:09:02.216834068 CEST	192.168.2.3	8.8.8.8	0x1c63	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:09:09.219763041 CEST	192.168.2.3	8.8.8.8	0x700	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:09:15.269599915 CEST	192.168.2.3	8.8.8.8	0x45e2	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)
May 13, 2022 08:09:21.268994093 CEST	192.168.2.3	8.8.8.8	0xaedd	Standard query (0)	deranano2.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
May 13, 2022 08:07:35.179594040 CEST	8.8.8.8	192.168.2.3	0x845a	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:07:41.849618912 CEST	8.8.8.8	192.168.2.3	0xff8a	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:07:47.077611923 CEST	8.8.8.8	192.168.2.3	0xac45	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:07:53.720316887 CEST	8.8.8.8	192.168.2.3	0x78a3	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:00.378106117 CEST	8.8.8.8	192.168.2.3	0x5137	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:08.341821909 CEST	8.8.8.8	192.168.2.3	0xf172	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:15.630654097 CEST	8.8.8.8	192.168.2.3	0x9690	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:23.629914999 CEST	8.8.8.8	192.168.2.3	0x5d87	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:29.730588913 CEST	8.8.8.8	192.168.2.3	0x302	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:36.011658907 CEST	8.8.8.8	192.168.2.3	0x21ab	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:42.542064905 CEST	8.8.8.8	192.168.2.3	0x792	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:48.757751942 CEST	8.8.8.8	192.168.2.3	0x5d0d	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:08:55.652250051 CEST	8.8.8.8	192.168.2.3	0xde0	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:09:02.237754107 CEST	8.8.8.8	192.168.2.3	0x1c63	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:09:09.241046906 CEST	8.8.8.8	192.168.2.3	0x700	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:09:15.292433977 CEST	8.8.8.8	192.168.2.3	0x45e2	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)
May 13, 2022 08:09:21.288356066 CEST	8.8.8.8	192.168.2.3	0xaedd	No error (0)	deranano2.ddns.net	212.193.30.204	A (IP address)	IN (0x0001)

Target ID:	0
Start time:	08:07:13
Start date:	13/05/2022
Path:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe"
Imagebase:	0xa10000
File size:	555520 bytes
MD5 hash:	717FC8318EB370B1E8AE630AF9FE431D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Target ID:	4
Start time:	08:07:26
Start date:	13/05/2022
Path:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Imagebase:	0x50000
File size:	555520 bytes
MD5 hash:	717FC8318EB370B1E8AE630AF9FE431D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	5
Start time:	08:07:28
Start date:	13/05/2022
Path:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Imagebase:	0xec0000
File size:	555520 bytes
MD5 hash:	717FC8318EB370B1E8AE630AF9FE431D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Execution Graph

Execution Coverage:	15%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	186
Total number of Limit Nodes:	10

Executed Functions

Function 013BE2A1 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 013BE310
GetCurrentThread.KERNEL32 ref: 013BE34D
GetCurrentProcess.KERNEL32 ref: 013BE38A
GetCurrentThreadId.KERNEL32 ref: 013BE3E3

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8028fd92fcb2498e9aaae2257bcc815ed0a939eb4e30e45c8d83c00246966637
Instruction ID: 87a3669183d426e27ff8a1a5af6138ef39c368037a14373c043ec7974a5a1e46
Opcode Fuzzy Hash: 8028fd92fcb2498e9aaae2257bcc815ed0a939eb4e30e45c8d83c00246966637
Instruction Fuzzy Hash: 385194B0D042488FDB24CFA9DA88BDEBBF1EF48308F248569E549A7350D7755888CF65

Uniqueness

Uniqueness Score: -1.00%

Function 013BE2B0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 013BE310
GetCurrentThread.KERNEL32 ref: 013BE34D
GetCurrentProcess.KERNEL32 ref: 013BE38A
GetCurrentThreadId.KERNEL32 ref: 013BE3E3

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: a1baaf97c826f1500014df2670e8caac0e7a539e8553a834bd9f1d55607eb5bc
Instruction ID: fa5d4af1db7b5c31d5c05df26e52f0a1edd319c35018dc60783cb8c7abbb7f02
Opcode Fuzzy Hash: a1baaf97c826f1500014df2670e8caac0e7a539e8553a834bd9f1d55607eb5bc
Instruction Fuzzy Hash: A75174B4D042498FDB24CFA9D688BDEBBF0EF48308F248469E559A7350D7749888CF65

Uniqueness

Uniqueness Score: -1.00%

Function 013BBFB8 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 013BC20E

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2e8554a23544196cdb4644befe6da3631ebf60054c47deca80c451b7921085d2
Instruction ID: 0b401dd8f0cfc3206bd8450cab7ee513be9730895983725159ed04be364c217c
Opcode Fuzzy Hash: 2e8554a23544196cdb4644befe6da3631ebf60054c47deca80c451b7921085d2
Instruction Fuzzy Hash: 2D813A70A00B058FD724CF69C48079ABBF1BF49208F008A2ED556D7A50E775E845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 053B2A78 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 053B2B8A

Memory Dump Source

Source File: 00000000.00000002.289790878.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: c0ed12fd2717a1b7d600a872d94411ea93f59b48b3066d894054155d93c0154a
Instruction ID: 757e1a720ca4f53a4d5b8b92154a8c2a12ee1da21243e615dfc20870224f9946
Opcode Fuzzy Hash: c0ed12fd2717a1b7d600a872d94411ea93f59b48b3066d894054155d93c0154a
Instruction Fuzzy Hash: C641C2B5D043099FDF14CF99C884ADEBBB5BF48310F24862AE919AB210D7B49885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 013B5364 Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 013B5421

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1c80ad774eb44a4c6c1c7364679bbade3e73215658b11b77ff0a2f24dd2b9bb5
Instruction ID: 83eb0fa2273d3e0826af521d11bf2f1b109b66b7409f3d0773ecd8a7f91b274b
Opcode Fuzzy Hash: 1c80ad774eb44a4c6c1c7364679bbade3e73215658b11b77ff0a2f24dd2b9bb5
Instruction Fuzzy Hash: 1F41E071D04718CFDB24CFA9C9847CEBBB5BF89308F24806AD519AB250DB75694ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 053B0824 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 053B50F1

Memory Dump Source

Source File: 00000000.00000002.289790878.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: f41813c781434616e2bc95cbb6e5fbad8c80daa8c34e92a990ef910aa84adea9
Instruction ID: 3112e35077f102bbb1fbc0a7e39d14d0e5a83ea206a81c60b157c35d0bb36fbf
Opcode Fuzzy Hash: f41813c781434616e2bc95cbb6e5fbad8c80daa8c34e92a990ef910aa84adea9
Instruction Fuzzy Hash: 29415AB8A002059FDB14CF89C488BAAFBF5FF88314F15C859D919A7721D3B5A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 013B3E08 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 013B5421

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a6d53e6e8c5fdbef43c02e12178a5f927a04136979d2242046e35fb857ca09dc
Instruction ID: 6c5a61a3a116183076b8177bb6bc0857408d0ad88cf2277a4773578fa794faf9
Opcode Fuzzy Hash: a6d53e6e8c5fdbef43c02e12178a5f927a04136979d2242046e35fb857ca09dc
Instruction Fuzzy Hash: C741D170D04718CBDB24CFA9C984BCEBBB5BF49308F248069D519BB251EBB56949CF90

Uniqueness

Uniqueness Score: -1.00%

Function 013BE8D8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013BE967

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5c0381046d2895ee369761ab7d679274c5b93f574ef9dc5254310af8eb4cb1e9
Instruction ID: b3b3b5ba0f610957d5b30428220fb562a2e1d584b954a2ed5d3ee2969c1c9c28
Opcode Fuzzy Hash: 5c0381046d2895ee369761ab7d679274c5b93f574ef9dc5254310af8eb4cb1e9
Instruction Fuzzy Hash: 6621E6B5D00208AFDB10CF99D584ADEFBF8FB48324F14852AE955A3310D379A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 013BE8E0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013BE967

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: af4cadf1977e3000deaf40040ebb67bd510f6c9306bc5c5e3e78f2eb7dfbeada
Instruction ID: bdc57c172ec0c078705667a87230c6e442b70d9006bf9376e014d9695343af9d
Opcode Fuzzy Hash: af4cadf1977e3000deaf40040ebb67bd510f6c9306bc5c5e3e78f2eb7dfbeada
Instruction Fuzzy Hash: 1021D8B5D042089FDB10CF99D584ADEFBF9FB48324F14841AE955A3310D378A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 013BC429 Relevance: 1.6, APIs: 1, Instructions: 56
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,013BC289,00000800,00000000,00000000), ref: 013BC49A

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 15875c1ec9fa011fce3ba751735aed7ce74c7377d3aff1ce1e2d49a910a7ee76
Instruction ID: a130a039df2179c67bfaf208f1356a88a4403db0fc4d58f7c9a116e0e6f2a3ce
Opcode Fuzzy Hash: 15875c1ec9fa011fce3ba751735aed7ce74c7377d3aff1ce1e2d49a910a7ee76
Instruction Fuzzy Hash: 631117B5D042089FDB20CFA9D484BEEFBF4AB48314F14852ED955B7600C379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013BB340 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,013BC289,00000800,00000000,00000000), ref: 013BC49A

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 47e1f0e9e7105e483394e8769cb8eb80912bc32eca0e367837809f36c8518411
Instruction ID: 72dc08917ec1e7fa6469cdf4495b611b3786a513278cc21cbee076a380e3c68a
Opcode Fuzzy Hash: 47e1f0e9e7105e483394e8769cb8eb80912bc32eca0e367837809f36c8518411
Instruction Fuzzy Hash: E91106B59042089FDB20CF9AD484BEEFBF8AB88314F14842AD955B7600D378A645CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013BC1A8 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 013BC20E

Memory Dump Source

Source File: 00000000.00000002.286935227.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 63f638da43f29bcb2d07eaf76d5c1fa993c9caa83579f3810046b4ed84053499
Instruction ID: 5ecea6e5b6e5a4f5a1266441243cc4679cd101f263805896798cb95b5a499dee
Opcode Fuzzy Hash: 63f638da43f29bcb2d07eaf76d5c1fa993c9caa83579f3810046b4ed84053499
Instruction Fuzzy Hash: CC1102B5D002498FDB20CF9AD444BDEFBF8AB88224F14842AD919A7600D374A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 053B2CB9 Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowLongW.USER32(?,?,?), ref: 053B2D1D

Memory Dump Source

Source File: 00000000.00000002.289790878.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 39d8e9a64bf1d6183e7f6a1059209353adbf584b8cf2238975f5b26f0ecc8e1b
Instruction ID: 0eba5f55f876e04d114b7b6f7b86ade38098a5e25754df44951e3ac08d42019e
Opcode Fuzzy Hash: 39d8e9a64bf1d6183e7f6a1059209353adbf584b8cf2238975f5b26f0ecc8e1b
Instruction Fuzzy Hash: F01118B59042498FDB20CF99D584BDFBBF8EF88324F14851AE955A7700C3B4A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 053B2CC0 Relevance: 1.5, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowLongW.USER32(?,?,?), ref: 053B2D1D

Memory Dump Source

Source File: 00000000.00000002.289790878.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 5e7e422edfad9dfe3ac5bd75d80c9aade6e081bba2871febda095def438a6264
Instruction ID: 540959a7caf9b4eb5ae2f50e3e014108c63a0e0b7431b141f41f174bad12e14f
Opcode Fuzzy Hash: 5e7e422edfad9dfe3ac5bd75d80c9aade6e081bba2871febda095def438a6264
Instruction Fuzzy Hash: B211D3B59042099FDB10CF99D584BDEBBF8EB48324F14851AE955A7700C3B4A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0135D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.286820192.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_135d000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b87d95fe2242fdb607f2627c4403f086dae91c1fb1efe9821ae4c5525e88ed71
Instruction ID: 8eba9bdc51defaf5a0351a9a9169b04db1e7dfbb5b3896b6a3bdfc4374d5bd15
Opcode Fuzzy Hash: b87d95fe2242fdb607f2627c4403f086dae91c1fb1efe9821ae4c5525e88ed71
Instruction Fuzzy Hash: 3F2122B5508204EFDB41CF94D9C0F26BBA5FB84768F24CA6DED094B242C336D846CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0135D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.286820192.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_135d000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f6d59377eb4cec3abfdc9142adb3547070b79068b4e6dd3f2e70725d0187258
Instruction ID: 77676d828b72ded2eb2bb6d3aeac3ba24c6c3555ef88268f76848d301b0c7dca
Opcode Fuzzy Hash: 7f6d59377eb4cec3abfdc9142adb3547070b79068b4e6dd3f2e70725d0187258
Instruction Fuzzy Hash: 272130B4508204DFCB50CF94D8C0F26BB65FB84768F24C969ED0A4B246C33AD846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0135D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.286820192.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_135d000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847d21315161970f8b4243043daccdbd09c1f14298f94b1571dd323cfa0b7f02
Instruction ID: 9330e42f20a76d80698089ad5eda8ebe1f4cb2cffb4e2352e4cfff5c85c96ca9
Opcode Fuzzy Hash: 847d21315161970f8b4243043daccdbd09c1f14298f94b1571dd323cfa0b7f02
Instruction Fuzzy Hash: E221A1755093808FDB03CF24D990B15BF71EB46218F28C5EAD8498B697C33AD84ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0135D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.286820192.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_135d000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 419e88c0e41451e1777907f29bf01e173359922e2c53350f3ed2aa1ddc1fa567
Instruction ID: e7173be50949acb5021bee655f400113d964159c6c25f6d48fc8e1eff3b28131
Opcode Fuzzy Hash: 419e88c0e41451e1777907f29bf01e173359922e2c53350f3ed2aa1ddc1fa567
Instruction Fuzzy Hash: 0011BB75904280DFCB42CF54D5C0B15BBB1FB84628F28C6ADDC494B656C33AD44ACB61

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 053B1308 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.289790878.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c5fc5a6b1ce96761ef1a8aeb3e60e841d5ecc4e351f6d77afcd5a340f1abee
Instruction ID: 31110a019514aa82019dc4daa4c1ff8200ae223bcc5a641e9e76cedccd4623a2
Opcode Fuzzy Hash: 19c5fc5a6b1ce96761ef1a8aeb3e60e841d5ecc4e351f6d77afcd5a340f1abee
Instruction Fuzzy Hash: 4A1291F1ED17469AD310CF65E8983A93BA1B7443ACBD0CB08D2621BAD1D7B4196ECF44

Uniqueness

Uniqueness Score: -1.00%

Function 053B1302 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.289790878.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53b0000_Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8a1025cda8873f7280dfa6a5be854464aa302832f6942c04f4d6b22f48227e
Instruction ID: 4bc6b7001556912d901b814e7d9e746e22fb2adb660d376fa6fcce6d5550016b
Opcode Fuzzy Hash: cb8a1025cda8873f7280dfa6a5be854464aa302832f6942c04f4d6b22f48227e
Instruction Fuzzy Hash: 36C11AB1E917458AD710CF65E8883993BB1BB843ACF91CB08D1622FAD1D7B4186ECF44

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: NanoCore

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

AV Detection

E-Banking Fraud

Stealing of Sensitive Information

Remote Access Functionality

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.log

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Windows Analysis Report
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Function 013BE2A1 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Function 013BE2B0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Function 013BBFB8 Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Function 053B2A78 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Function 013B5364 Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Function 053B0824 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Function 013B3E08 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 013BE8D8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Function 013BE8E0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 013BC429 Relevance: 1.6, APIs: 1, Instructions: 56
libraryCOMMON

Function 013BB340 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 013BC1A8 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Function 053B2CB9 Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Function 053B2CC0 Relevance: 1.5, APIs: 1, Instructions: 44
COMMON