Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

Overview

General Information

Sample Name:Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
Analysis ID:625814
MD5:717fc8318eb370b1e8ae630af9fe431d
SHA1:842ee97ed218857603188de6831afcc9919addd6
SHA256:6035a6b2488b6c073d4b1cda9c9879e207b73e94c3551624667e59cc8719dd01
Tags:exeNanoCore
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Yara detected AntiVM3
Detected Nanocore Rat
Antivirus detection for URL or domain
Yara detected Nanocore RAT
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
.NET source code contains method to dynamically call methods (often used by packers)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses dynamic DNS services
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Creates processes with suspicious names
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Creates a process in suspended mode (likely to inject code)

Classification

  • System is w10x64
  • cleanup
{"Version": "1.2.2.0", "Mutex": "fe56abb4-cb76-44f1-89b4-7bb11730", "Group": "Default", "Domain1": "deranano2.ddns.net", "Port": 1187, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
SourceRuleDescriptionAuthorStrings
00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xff8d:$x1: NanoCore.ClientPluginHost
  • 0xffca:$x2: IClientNetworkHost
  • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfcf5:$a: NanoCore
    • 0xfd05:$a: NanoCore
    • 0xff39:$a: NanoCore
    • 0xff4d:$a: NanoCore
    • 0xff8d:$a: NanoCore
    • 0xfd54:$b: ClientPlugin
    • 0xff56:$b: ClientPlugin
    • 0xff96:$b: ClientPlugin
    • 0xfe7b:$c: ProjectData
    • 0x10882:$d: DESCrypto
    • 0x1824e:$e: KeepAlive
    • 0x1623c:$g: LogClientMessage
    • 0x12437:$i: get_Connected
    • 0x10bb8:$j: #=q
    • 0x10be8:$j: #=q
    • 0x10c04:$j: #=q
    • 0x10c34:$j: #=q
    • 0x10c50:$j: #=q
    • 0x10c6c:$j: #=q
    • 0x10c9c:$j: #=q
    • 0x10cb8:$j: #=q
    00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 19 entries
      SourceRuleDescriptionAuthorStrings
      0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe38d:$x1: NanoCore.ClientPluginHost
      • 0xe3ca:$x2: IClientNetworkHost
      • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe105:$x1: NanoCore Client.exe
      • 0xe38d:$x2: NanoCore.ClientPluginHost
      • 0xf9c6:$s1: PluginCommand
      • 0xf9ba:$s2: FileCommand
      • 0x1086b:$s3: PipeExists
      • 0x16622:$s4: PipeCreated
      • 0xe3b7:$s5: IClientLoggingHost
      0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
        • 0xe0f5:$x1: NanoCore Client
        • 0xe105:$x1: NanoCore Client
        • 0xe34d:$x2: NanoCore.ClientPlugin
        • 0xe38d:$x3: NanoCore.ClientPluginHost
        • 0xe342:$i1: IClientApp
        • 0xe363:$i2: IClientData
        • 0xe36f:$i3: IClientNetwork
        • 0xe37e:$i4: IClientAppHost
        • 0xe3a7:$i5: IClientDataHost
        • 0xe3b7:$i6: IClientLoggingHost
        • 0xe3ca:$i7: IClientNetworkHost
        • 0xe3dd:$i8: IClientUIHost
        • 0xe3eb:$i9: IClientNameObjectCollection
        • 0xe407:$i10: IClientReadOnlyNameObjectCollection
        • 0xe154:$s1: ClientPlugin
        • 0xe356:$s1: ClientPlugin
        • 0xe84a:$s2: EndPoint
        • 0xe853:$s3: IPAddress
        • 0xe85d:$s4: IPEndPoint
        • 0x10293:$s6: get_ClientSettings
        • 0x10837:$s7: get_Connected
        0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xe0f5:$a: NanoCore
        • 0xe105:$a: NanoCore
        • 0xe339:$a: NanoCore
        • 0xe34d:$a: NanoCore
        • 0xe38d:$a: NanoCore
        • 0xe154:$b: ClientPlugin
        • 0xe356:$b: ClientPlugin
        • 0xe396:$b: ClientPlugin
        • 0xe27b:$c: ProjectData
        • 0xec82:$d: DESCrypto
        • 0x1664e:$e: KeepAlive
        • 0x1463c:$g: LogClientMessage
        • 0x10837:$i: get_Connected
        • 0xefb8:$j: #=q
        • 0xefe8:$j: #=q
        • 0xf004:$j: #=q
        • 0xf034:$j: #=q
        • 0xf050:$j: #=q
        • 0xf06c:$j: #=q
        • 0xf09c:$j: #=q
        • 0xf0b8:$j: #=q
        Click to see the 40 entries

        AV Detection

        barindex
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, ProcessId: 6648, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud

        barindex
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, ProcessId: 6648, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information

        barindex
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, ProcessId: 6648, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality

        barindex
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, ProcessId: 6648, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Timestamp:192.168.2.3212.193.30.2044975411872025019 05/13/22-08:08:00.468391
        SID:2025019
        Source Port:49754
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044985411872025019 05/13/22-08:09:21.317521
        SID:2025019
        Source Port:49854
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044980111872025019 05/13/22-08:08:29.760918
        SID:2025019
        Source Port:49801
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044982111872025019 05/13/22-08:08:42.572616
        SID:2025019
        Source Port:49821
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:212.193.30.204192.168.2.31187497432841753 05/13/22-08:07:41.912295
        SID:2841753
        Source Port:1187
        Destination Port:49743
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975711872025019 05/13/22-08:08:08.371746
        SID:2025019
        Source Port:49757
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:212.193.30.204192.168.2.31187497542810290 05/13/22-08:08:01.239966
        SID:2810290
        Source Port:1187
        Destination Port:49754
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044982311872816766 05/13/22-08:08:50.618349
        SID:2816766
        Source Port:49823
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044974211872816766 05/13/22-08:07:36.524732
        SID:2816766
        Source Port:49742
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044985211872816766 05/13/22-08:09:10.204690
        SID:2816766
        Source Port:49852
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044974611872816766 05/13/22-08:07:48.002664
        SID:2816766
        Source Port:49746
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975811872816766 05/13/22-08:08:17.137563
        SID:2816766
        Source Port:49758
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044976811872816766 05/13/22-08:08:24.638697
        SID:2816766
        Source Port:49768
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044985311872816718 05/13/22-08:09:16.220396
        SID:2816718
        Source Port:49853
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044982311872025019 05/13/22-08:08:48.802408
        SID:2025019
        Source Port:49823
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044974611872025019 05/13/22-08:07:47.181678
        SID:2025019
        Source Port:49746
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044974211872025019 05/13/22-08:07:35.302011
        SID:2025019
        Source Port:49742
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044985211872025019 05/13/22-08:09:09.270895
        SID:2025019
        Source Port:49852
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044980111872816766 05/13/22-08:08:30.710594
        SID:2816766
        Source Port:49801
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975711872816766 05/13/22-08:08:10.114903
        SID:2816766
        Source Port:49757
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044983311872025019 05/13/22-08:08:55.683074
        SID:2025019
        Source Port:49833
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975411872816766 05/13/22-08:08:02.678142
        SID:2816766
        Source Port:49754
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044985311872025019 05/13/22-08:09:15.326471
        SID:2025019
        Source Port:49853
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044982111872816766 05/13/22-08:08:43.505269
        SID:2816766
        Source Port:49821
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044984811872816766 05/13/22-08:09:04.076097
        SID:2816766
        Source Port:49848
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044974311872025019 05/13/22-08:07:41.882179
        SID:2025019
        Source Port:49743
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044981511872816766 05/13/22-08:08:36.858197
        SID:2816766
        Source Port:49815
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044985311872816766 05/13/22-08:09:16.220396
        SID:2816766
        Source Port:49853
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975311872816766 05/13/22-08:07:55.099091
        SID:2816766
        Source Port:49753
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975311872025019 05/13/22-08:07:53.749457
        SID:2025019
        Source Port:49753
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044976811872025019 05/13/22-08:08:23.663433
        SID:2025019
        Source Port:49768
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044983311872816766 05/13/22-08:08:56.775852
        SID:2816766
        Source Port:49833
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975811872025019 05/13/22-08:08:15.665656
        SID:2025019
        Source Port:49758
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044975811872816718 05/13/22-08:08:16.194877
        SID:2816718
        Source Port:49758
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044981511872025019 05/13/22-08:08:36.042332
        SID:2025019
        Source Port:49815
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.3212.193.30.2044984811872025019 05/13/22-08:09:02.275060
        SID:2025019
        Source Port:49848
        Destination Port:1187
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpackMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "fe56abb4-cb76-44f1-89b4-7bb11730", "Group": "Default", "Domain1": "deranano2.ddns.net", "Port": 1187, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeVirustotal: Detection: 37%Perma Link
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeReversingLabs: Detection: 43%
        Source: deranano2.ddns.netAvira URL Cloud: Label: malware
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeJoe Sandbox ML: detected
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

        Networking

        barindex
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49742 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49742 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49743 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 212.193.30.204:1187 -> 192.168.2.3:49743
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49746 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49746 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49753 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49754 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 212.193.30.204:1187 -> 192.168.2.3:49754
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49754 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49757 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49757 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49758 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49758 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49758 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49768 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49768 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49801 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49801 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49815 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49815 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49821 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49821 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49823 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49823 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49833 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49833 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49848 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49848 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49852 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49852 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49853 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49853 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49853 -> 212.193.30.204:1187
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49854 -> 212.193.30.204:1187
        Source: Malware configuration extractorURLs:
        Source: Malware configuration extractorURLs: deranano2.ddns.net
        Source: unknownDNS query: name: deranano2.ddns.net
        Source: Joe Sandbox ViewASN Name: SPD-NETTR SPD-NETTR
        Source: Joe Sandbox ViewIP Address: 212.193.30.204 212.193.30.204
        Source: global trafficTCP traffic: 192.168.2.3:49742 -> 212.193.30.204:1187
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252732703.0000000005E06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersB
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comFgN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsd
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comasva0N
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comdko
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comessedqN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comgrita
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comnN7
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comoJN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255061936.0000000005E08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn=
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn?
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.264426212.0000000005E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/n
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/&N
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/)N
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/CN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/JN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/gN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/;N
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/nN7
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/qN
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com=
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.come
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comiv;b
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comt
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: unknownDNS traffic detected: queries for: deranano2.ddns.net

        E-Banking Fraud

        barindex
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR

        System Summary

        barindex
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeCode function: 0_2_053B1308
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeCode function: 0_2_053B1302
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000000.249181724.0000000000A9A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.292518005.0000000007700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000004.00000000.277265474.00000000000DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000005.00000000.283423330.0000000000F4A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeBinary or memory string: OriginalFilenameObjectHolderL.exe8 vs Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeVirustotal: Detection: 37%
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeReversingLabs: Detection: 43%
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile read: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeJump to behavior
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: unknownProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe "C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe"
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.logJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@5/5@17/2
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeMutant created: \Sessions\1\BaseNamedObjects\Global\{fe56abb4-cb76-44f1-89b4-7bb11730ab9d}
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

        Data Obfuscation

        barindex
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 0.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.a10000.0.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.a10000.0.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.2.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.1.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.3.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 4.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.0.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 4.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.50000.0.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.2.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.5.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.0.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.7.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.9.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.3.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.13.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.ec0000.11.unpack, Main.cs.Net Code: LateBinding.LateCall(V_0, null, "Invoke", new object[] { null, new object[] { "49456E756D556E6B6E", "6642354E56715A62", "TexasHoldem" } }, null, null)
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeCode function: 0_2_053B0006 push edx; retf 0002h
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeCode function: 0_2_053B6D70 pushfd ; retf
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeCode function: 0_2_053B6DB4 pushfd ; retf
        Source: initial sampleStatic PE information: section name: .text entropy: 7.91713576226
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile created: \circular pssb parts disc credit term (dlr) may12 2022 (1).exe

        Hooking and other Techniques for Hiding and Protection

        barindex
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeFile opened: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe:Zone.Identifier read attributes | delete
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Source: Yara matchFile source: 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe TID: 6320Thread sleep time: -45733s >= -30000s
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe TID: 6336Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe TID: 6812Thread sleep time: -15679732462653109s >= -30000s
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWindow / User API: threadDelayed 5856
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWindow / User API: threadDelayed 3169
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWindow / User API: foregroundWindowGot 770
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWindow / User API: foregroundWindowGot 845
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeThread delayed: delay time: 45733
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeThread delayed: delay time: 922337203685477
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeMemory allocated: page read and write | page guard
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeProcess created: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40f52c0.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40a4ec0.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.40706a0.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6316, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe PID: 6648, type: MEMORYSTR
        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Windows Management Instrumentation
        Path Interception11
        Process Injection
        1
        Masquerading
        OS Credential Dumping111
        Security Software Discovery
        Remote Services11
        Archive Collected Data
        Exfiltration Over Other Network Medium1
        Encrypted Channel
        Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools
        LSASS Memory1
        Process Discovery
        Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
        Non-Standard Port
        Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
        Virtualization/Sandbox Evasion
        Security Account Manager21
        Virtualization/Sandbox Evasion
        SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
        Remote Access Software
        Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
        Process Injection
        NTDS1
        Application Window Discovery
        Distributed Component Object ModelInput CaptureScheduled Transfer1
        Non-Application Layer Protocol
        SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information
        LSA Secrets12
        System Information Discovery
        SSHKeyloggingData Transfer Size Limits21
        Application Layer Protocol
        Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common1
        Hidden Files and Directories
        Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup Items2
        Obfuscated Files or Information
        DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job23
        Software Packing
        Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe38%VirustotalBrowse
        Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe44%ReversingLabsByteCode-MSIL.Trojan.FormBook
        Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe100%Joe Sandbox ML
        No Antivirus matches
        SourceDetectionScannerLabelLinkDownload
        5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        5.0.Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        SourceDetectionScannerLabelLink
        deranano2.ddns.net4%VirustotalBrowse
        SourceDetectionScannerLabelLink
        0%Avira URL Cloudsafe
        http://www.sajatypeworks.comiv;b0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn?0%URL Reputationsafe
        http://www.sajatypeworks.com=0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.fontbureau.comdko0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn=0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/;N0%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/&N0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.fontbureau.comgrita0%URL Reputationsafe
        http://www.galapagosdesign.com/n0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/CN0%Avira URL Cloudsafe
        http://www.fontbureau.comessedqN0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.fontbureau.comasva0N0%Avira URL Cloudsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.fontbureau.comoJN0%Avira URL Cloudsafe
        http://www.sajatypeworks.come0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/qN0%Avira URL Cloudsafe
        http://www.fontbureau.comalsd0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/gN0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/)N0%Avira URL Cloudsafe
        http://www.fontbureau.comF0%URL Reputationsafe
        http://www.fontbureau.comnN70%Avira URL Cloudsafe
        http://www.sajatypeworks.comt0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://en.w0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.fontbureau.comFgN0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        deranano2.ddns.net100%Avira URL Cloudmalware
        http://www.jiyu-kobo.co.jp/nN70%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/JN0%Avira URL Cloudsafe
        NameIPActiveMaliciousAntivirus DetectionReputation
        deranano2.ddns.net
        212.193.30.204
        truetrueunknown
        NameMaliciousAntivirus DetectionReputation
        true
        • Avira URL Cloud: safe
        low
        deranano2.ddns.nettrue
        • Avira URL Cloud: malware
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        http://www.fontbureau.com/designersGCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
          high
          http://www.sajatypeworks.comiv;bCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          low
          http://www.fontbureau.com/designers/?Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://www.founder.com.cn/cn/bTheCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            unknown
            http://www.fontbureau.com/designers?Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              http://www.fontbureau.com/designersBCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                http://www.founder.com.cn/cn?Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                http://www.sajatypeworks.com=Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                low
                http://www.tiro.comCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                http://www.fontbureau.comdkoCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.fontbureau.com/designersCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  http://www.founder.com.cn/cn=Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255166513.0000000005E07000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.goodfont.co.krCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.jiyu-kobo.co.jp/jp/;NCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.sajatypeworks.comCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.typography.netDCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.founder.com.cn/cn/cTheCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.jiyu-kobo.co.jp/&NCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.galapagosdesign.com/staff/dennis.htmCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://fontfabrik.comCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.fontbureau.comgritaCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.galapagosdesign.com/nCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.264426212.0000000005E30000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.jiyu-kobo.co.jp/CNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.fontbureau.comessedqNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.galapagosdesign.com/DPleaseCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.fonts.comCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    http://www.sandoll.co.krCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.urwpp.deDPleaseCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.fontbureau.comasva0NCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.zhongyicts.com.cnCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.fontbureau.comoJNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.sajatypeworks.comeCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253293625.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.sakkal.comCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.jiyu-kobo.co.jp/qNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.fontbureau.comalsdCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.jiyu-kobo.co.jp/gNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.apache.org/licenses/LICENSE-2.0Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://www.fontbureau.comCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.290816211.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.285453674.0000000005E00000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://www.jiyu-kobo.co.jp/)NCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.fontbureau.comFCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.fontbureau.comnN7Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.sajatypeworks.comtCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254274458.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255379018.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253520475.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253049894.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256782451.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253950954.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253752654.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256189334.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256383761.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252570710.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255631178.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256829217.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.256297123.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254074228.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255734900.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.254016281.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252501913.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253223324.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255015275.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252817530.0000000005E1B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.253605803.0000000005E1B000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.jiyu-kobo.co.jp/jp/Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://en.wCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.252732703.0000000005E06000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.carterandcone.comlCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.fontbureau.comFgNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.fontbureau.com/designers/cabarga.htmlNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://www.founder.com.cn/cnCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.255061936.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://www.fontbureau.com/designers/frere-jones.htmlCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.jiyu-kobo.co.jp/nN7Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.jiyu-kobo.co.jp/Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.fontbureau.comoCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262012669.0000000005E07000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.268407700.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.262424109.0000000005E08000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.fontbureau.com/designers8Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000002.291332241.0000000007102000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://www.jiyu-kobo.co.jp/JNCircular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257663249.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, 00000000.00000003.257825537.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              212.193.30.204
                              deranano2.ddns.netRussian Federation
                              57844SPD-NETTRtrue
                              IP
                              192.168.2.1
                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:625814
                              Start date and time: 13/05/202208:06:102022-05-13 08:06:10 +02:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 10m 18s
                              Hypervisor based Inspection enabled:false
                              Report type:light
                              Sample file name:Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:29
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@5/5@17/2
                              EGA Information:
                              • Successful, ratio: 50%
                              HDC Information:
                              • Successful, ratio: 0.1% (good quality ratio 0.1%)
                              • Quality average: 62%
                              • Quality standard deviation: 8.5%
                              HCA Information:
                              • Successful, ratio: 99%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Adjust boot time
                              • Enable AMSI
                              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                              • TCP Packets have been reduced to 100
                              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                              • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                              • Execution Graph export aborted for target Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe, PID 6632 because there are no executed function
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              TimeTypeDescription
                              08:07:24API Interceptor880x Sleep call for process: Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe modified
                              No context
                              No context
                              No context
                              No context
                              No context
                              Process:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1308
                              Entropy (8bit):5.345811588615766
                              Encrypted:false
                              SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4FsXE8:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHJ
                              MD5:EA78C102145ED608EF0E407B978AF339
                              SHA1:66C9179ED9675B9271A97AB1FC878077E09AB731
                              SHA-256:8BF01E0C445BD07C0B4EDC7199B7E17DAF1CA55CA52D4A6EAC4EF211C2B1A73E
                              SHA-512:8C04139A1FC3C3BDACB680EC443615A43EB18E73B5A0CFCA644CB4A5E71746B275B3E238DD1A5A205405313E457BB75F9BBB93277C67AFA5D78DCFA30E5DA02B
                              Malicious:true
                              Reputation:moderate, very likely benign file
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                              Process:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              File Type:data
                              Category:dropped
                              Size (bytes):232
                              Entropy (8bit):7.024371743172393
                              Encrypted:false
                              SSDEEP:6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9
                              MD5:32D0AAE13696FF7F8AF33B2D22451028
                              SHA1:EF80C4E0DB2AE8EF288027C9D3518E6950B583A4
                              SHA-256:5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29
                              SHA-512:1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.
                              Process:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              File Type:Non-ISO extended-ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):8
                              Entropy (8bit):3.0
                              Encrypted:false
                              SSDEEP:3:LNln:LNl
                              MD5:56ADDD7A30A64177C4CC87D0A61A3AEE
                              SHA1:B857C6B80C8CC5D8FB92257F99398297103C6745
                              SHA-256:2F0841CD881476437CBC932BBA028152B03666132DF48410C7DE4FAA183389F6
                              SHA-512:A0A3CC6798AB662BBF2146ECD0653505BBF414F487C2AC37EAD1BB5CB68727A4FA0F8EEBA7BB000ECD788CED641C65DAD08AFBC13FE6270ABD1405CEDE84B918
                              Malicious:true
                              Reputation:low
                              Preview:..dN.4.H
                              Process:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              File Type:data
                              Category:dropped
                              Size (bytes):40
                              Entropy (8bit):5.153055907333276
                              Encrypted:false
                              SSDEEP:3:9bzY6oRDT6P2bfVn1:RzWDT621
                              MD5:4E5E92E2369688041CC82EF9650EDED2
                              SHA1:15E44F2F3194EE232B44E9684163B6F66472C862
                              SHA-256:F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
                              SHA-512:1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:9iH...}Z.4..f.~a........~.~.......3.U.
                              Process:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              File Type:data
                              Category:dropped
                              Size (bytes):327432
                              Entropy (8bit):7.99938831605763
                              Encrypted:true
                              SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
                              MD5:7E8F4A764B981D5B82D1CC49D341E9C6
                              SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
                              SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
                              SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):7.908482488052613
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                              • Win32 Executable (generic) a (10002005/4) 49.78%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              • DOS Executable Generic (2002/1) 0.01%
                              File name:Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              File size:555520
                              MD5:717fc8318eb370b1e8ae630af9fe431d
                              SHA1:842ee97ed218857603188de6831afcc9919addd6
                              SHA256:6035a6b2488b6c073d4b1cda9c9879e207b73e94c3551624667e59cc8719dd01
                              SHA512:bcfcf0b516ada1d2d1eb7c4e50b99b060bfa1f3fa7e14e36541fb1106242afc2c6ea2921dc11992d0c5c00fc66cbe7600cd07d64f94cbaebc52e70d1a0c091f0
                              SSDEEP:12288:Pp/rlgHiwwUkLzPOca+3Jr/m/O4EBSMF5puoyOkWKZWhJlQ:5p8ErNt/Wcu+kWtHlQ
                              TLSH:46C4121B22A82BB2D1BA6BF920F2305603F2A5371523FF9D4DD930DA6D55B580710F2B
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}b..............0..p............... ........@.. ....................................@................................
                              Icon Hash:00828e8e8686b000
                              Entrypoint:0x488e0e
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                              Time Stamp:0x627D08B8 [Thu May 12 13:16:40 2022 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:v4.0.30319
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x88dbc0x4f.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x8a0000x5c4.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x8c0000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000x86e140x87000False0.930960648148data7.91713576226IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                              .rsrc0x8a0000x5c40x600False0.42578125data4.13420959753IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x8c0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                              NameRVASizeTypeLanguageCountry
                              RT_VERSION0x8a0900x334data
                              RT_MANIFEST0x8a3d40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                              DLLImport
                              mscoree.dll_CorExeMain
                              DescriptionData
                              Translation0x0000 0x04b0
                              LegalCopyrightCopyright 2017
                              Assembly Version1.0.0.0
                              InternalNameObjectHolderL.exe
                              FileVersion1.0.0.0
                              CompanyName
                              LegalTrademarks
                              Comments
                              ProductNameTexasHoldem
                              ProductVersion1.0.0.0
                              FileDescriptionTexasHoldem
                              OriginalFilenameObjectHolderL.exe
                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                              192.168.2.3212.193.30.2044975411872025019 05/13/22-08:08:00.468391TCP2025019ET TROJAN Possible NanoCore C2 60B497541187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044985411872025019 05/13/22-08:09:21.317521TCP2025019ET TROJAN Possible NanoCore C2 60B498541187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044980111872025019 05/13/22-08:08:29.760918TCP2025019ET TROJAN Possible NanoCore C2 60B498011187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044982111872025019 05/13/22-08:08:42.572616TCP2025019ET TROJAN Possible NanoCore C2 60B498211187192.168.2.3212.193.30.204
                              212.193.30.204192.168.2.31187497432841753 05/13/22-08:07:41.912295TCP2841753ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)118749743212.193.30.204192.168.2.3
                              192.168.2.3212.193.30.2044975711872025019 05/13/22-08:08:08.371746TCP2025019ET TROJAN Possible NanoCore C2 60B497571187192.168.2.3212.193.30.204
                              212.193.30.204192.168.2.31187497542810290 05/13/22-08:08:01.239966TCP2810290ETPRO TROJAN NanoCore RAT Keepalive Response 1118749754212.193.30.204192.168.2.3
                              192.168.2.3212.193.30.2044982311872816766 05/13/22-08:08:50.618349TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498231187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044974211872816766 05/13/22-08:07:36.524732TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497421187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044985211872816766 05/13/22-08:09:10.204690TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498521187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044974611872816766 05/13/22-08:07:48.002664TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497461187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975811872816766 05/13/22-08:08:17.137563TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497581187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044976811872816766 05/13/22-08:08:24.638697TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497681187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044985311872816718 05/13/22-08:09:16.220396TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon498531187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044982311872025019 05/13/22-08:08:48.802408TCP2025019ET TROJAN Possible NanoCore C2 60B498231187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044974611872025019 05/13/22-08:07:47.181678TCP2025019ET TROJAN Possible NanoCore C2 60B497461187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044974211872025019 05/13/22-08:07:35.302011TCP2025019ET TROJAN Possible NanoCore C2 60B497421187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044985211872025019 05/13/22-08:09:09.270895TCP2025019ET TROJAN Possible NanoCore C2 60B498521187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044980111872816766 05/13/22-08:08:30.710594TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498011187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975711872816766 05/13/22-08:08:10.114903TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497571187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044983311872025019 05/13/22-08:08:55.683074TCP2025019ET TROJAN Possible NanoCore C2 60B498331187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975411872816766 05/13/22-08:08:02.678142TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497541187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044985311872025019 05/13/22-08:09:15.326471TCP2025019ET TROJAN Possible NanoCore C2 60B498531187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044982111872816766 05/13/22-08:08:43.505269TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498211187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044984811872816766 05/13/22-08:09:04.076097TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498481187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044974311872025019 05/13/22-08:07:41.882179TCP2025019ET TROJAN Possible NanoCore C2 60B497431187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044981511872816766 05/13/22-08:08:36.858197TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498151187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044985311872816766 05/13/22-08:09:16.220396TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498531187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975311872816766 05/13/22-08:07:55.099091TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497531187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975311872025019 05/13/22-08:07:53.749457TCP2025019ET TROJAN Possible NanoCore C2 60B497531187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044976811872025019 05/13/22-08:08:23.663433TCP2025019ET TROJAN Possible NanoCore C2 60B497681187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044983311872816766 05/13/22-08:08:56.775852TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498331187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975811872025019 05/13/22-08:08:15.665656TCP2025019ET TROJAN Possible NanoCore C2 60B497581187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044975811872816718 05/13/22-08:08:16.194877TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon497581187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044981511872025019 05/13/22-08:08:36.042332TCP2025019ET TROJAN Possible NanoCore C2 60B498151187192.168.2.3212.193.30.204
                              192.168.2.3212.193.30.2044984811872025019 05/13/22-08:09:02.275060TCP2025019ET TROJAN Possible NanoCore C2 60B498481187192.168.2.3212.193.30.204
                              TimestampSource PortDest PortSource IPDest IP
                              May 13, 2022 08:07:35.189085960 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.217052937 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.217293024 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.302011013 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.371608973 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.395320892 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.424401999 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.529284000 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.615108013 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.788824081 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.886101007 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.947149038 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.947220087 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.947247028 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.947273970 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.947276115 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.947316885 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.975105047 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975169897 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975209951 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975250959 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975294113 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975332022 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975341082 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.975372076 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975394011 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:35.975410938 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:35.975564957 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.002994061 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003063917 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003103018 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003142118 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003170967 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003181934 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003217936 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003221035 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003262043 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003300905 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003305912 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003344059 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003365993 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003382921 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003422022 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003453016 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003460884 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003500938 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003514051 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003540039 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003577948 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003611088 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.003618002 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.003671885 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032332897 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032407999 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032450914 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032495022 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032526016 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032567024 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032609940 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032645941 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032650948 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032690048 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032691956 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032728910 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032768011 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032800913 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032805920 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032846928 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032857895 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032886982 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032898903 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.032926083 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.032967091 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033003092 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033011913 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033041954 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033067942 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033081055 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033118963 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033149004 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033157110 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033195019 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033207893 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033233881 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033277035 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033309937 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033313990 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033353090 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033375978 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033391953 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033430099 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033461094 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033468008 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033508062 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033530951 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033548117 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033587933 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033626080 CEST118749742212.193.30.204192.168.2.3
                              May 13, 2022 08:07:36.033646107 CEST497421187192.168.2.3212.193.30.204
                              May 13, 2022 08:07:36.033677101 CEST497421187192.168.2.3212.193.30.204
                              TimestampSource PortDest PortSource IPDest IP
                              May 13, 2022 08:07:35.158261061 CEST6485153192.168.2.38.8.8.8
                              May 13, 2022 08:07:35.179594040 CEST53648518.8.8.8192.168.2.3
                              May 13, 2022 08:07:41.831705093 CEST4931653192.168.2.38.8.8.8
                              May 13, 2022 08:07:41.849618912 CEST53493168.8.8.8192.168.2.3
                              May 13, 2022 08:07:47.056458950 CEST5592353192.168.2.38.8.8.8
                              May 13, 2022 08:07:47.077611923 CEST53559238.8.8.8192.168.2.3
                              May 13, 2022 08:07:53.702831984 CEST5742153192.168.2.38.8.8.8
                              May 13, 2022 08:07:53.720316887 CEST53574218.8.8.8192.168.2.3
                              May 13, 2022 08:08:00.358644009 CEST6535853192.168.2.38.8.8.8
                              May 13, 2022 08:08:00.378106117 CEST53653588.8.8.8192.168.2.3
                              May 13, 2022 08:08:08.322488070 CEST6526653192.168.2.38.8.8.8
                              May 13, 2022 08:08:08.341821909 CEST53652668.8.8.8192.168.2.3
                              May 13, 2022 08:08:15.610367060 CEST6333253192.168.2.38.8.8.8
                              May 13, 2022 08:08:15.630654097 CEST53633328.8.8.8192.168.2.3
                              May 13, 2022 08:08:23.610284090 CEST5298553192.168.2.38.8.8.8
                              May 13, 2022 08:08:23.629914999 CEST53529858.8.8.8192.168.2.3
                              May 13, 2022 08:08:29.710989952 CEST6064053192.168.2.38.8.8.8
                              May 13, 2022 08:08:29.730588913 CEST53606408.8.8.8192.168.2.3
                              May 13, 2022 08:08:35.992012024 CEST6187753192.168.2.38.8.8.8
                              May 13, 2022 08:08:36.011658907 CEST53618778.8.8.8192.168.2.3
                              May 13, 2022 08:08:42.522573948 CEST6441253192.168.2.38.8.8.8
                              May 13, 2022 08:08:42.542064905 CEST53644128.8.8.8192.168.2.3
                              May 13, 2022 08:08:48.737997055 CEST5177953192.168.2.38.8.8.8
                              May 13, 2022 08:08:48.757751942 CEST53517798.8.8.8192.168.2.3
                              May 13, 2022 08:08:55.632879972 CEST5060853192.168.2.38.8.8.8
                              May 13, 2022 08:08:55.652250051 CEST53506088.8.8.8192.168.2.3
                              May 13, 2022 08:09:02.216834068 CEST5420553192.168.2.38.8.8.8
                              May 13, 2022 08:09:02.237754107 CEST53542058.8.8.8192.168.2.3
                              May 13, 2022 08:09:09.219763041 CEST6275653192.168.2.38.8.8.8
                              May 13, 2022 08:09:09.241046906 CEST53627568.8.8.8192.168.2.3
                              May 13, 2022 08:09:15.269599915 CEST5849753192.168.2.38.8.8.8
                              May 13, 2022 08:09:15.292433977 CEST53584978.8.8.8192.168.2.3
                              May 13, 2022 08:09:21.268994093 CEST6270153192.168.2.38.8.8.8
                              May 13, 2022 08:09:21.288356066 CEST53627018.8.8.8192.168.2.3
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              May 13, 2022 08:07:35.158261061 CEST192.168.2.38.8.8.80x845aStandard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:07:41.831705093 CEST192.168.2.38.8.8.80xff8aStandard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:07:47.056458950 CEST192.168.2.38.8.8.80xac45Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:07:53.702831984 CEST192.168.2.38.8.8.80x78a3Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:00.358644009 CEST192.168.2.38.8.8.80x5137Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:08.322488070 CEST192.168.2.38.8.8.80xf172Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:15.610367060 CEST192.168.2.38.8.8.80x9690Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:23.610284090 CEST192.168.2.38.8.8.80x5d87Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:29.710989952 CEST192.168.2.38.8.8.80x302Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:35.992012024 CEST192.168.2.38.8.8.80x21abStandard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:42.522573948 CEST192.168.2.38.8.8.80x792Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:48.737997055 CEST192.168.2.38.8.8.80x5d0dStandard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:08:55.632879972 CEST192.168.2.38.8.8.80xde0Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:09:02.216834068 CEST192.168.2.38.8.8.80x1c63Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:09:09.219763041 CEST192.168.2.38.8.8.80x700Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:09:15.269599915 CEST192.168.2.38.8.8.80x45e2Standard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              May 13, 2022 08:09:21.268994093 CEST192.168.2.38.8.8.80xaeddStandard query (0)deranano2.ddns.netA (IP address)IN (0x0001)
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              May 13, 2022 08:07:35.179594040 CEST8.8.8.8192.168.2.30x845aNo error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:07:41.849618912 CEST8.8.8.8192.168.2.30xff8aNo error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:07:47.077611923 CEST8.8.8.8192.168.2.30xac45No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:07:53.720316887 CEST8.8.8.8192.168.2.30x78a3No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:00.378106117 CEST8.8.8.8192.168.2.30x5137No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:08.341821909 CEST8.8.8.8192.168.2.30xf172No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:15.630654097 CEST8.8.8.8192.168.2.30x9690No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:23.629914999 CEST8.8.8.8192.168.2.30x5d87No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:29.730588913 CEST8.8.8.8192.168.2.30x302No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:36.011658907 CEST8.8.8.8192.168.2.30x21abNo error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:42.542064905 CEST8.8.8.8192.168.2.30x792No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:48.757751942 CEST8.8.8.8192.168.2.30x5d0dNo error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:08:55.652250051 CEST8.8.8.8192.168.2.30xde0No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:09:02.237754107 CEST8.8.8.8192.168.2.30x1c63No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:09:09.241046906 CEST8.8.8.8192.168.2.30x700No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:09:15.292433977 CEST8.8.8.8192.168.2.30x45e2No error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)
                              May 13, 2022 08:09:21.288356066 CEST8.8.8.8192.168.2.30xaeddNo error (0)deranano2.ddns.net212.193.30.204A (IP address)IN (0x0001)

                              Click to jump to process

                              Target ID:0
                              Start time:08:07:13
                              Start date:13/05/2022
                              Path:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe"
                              Imagebase:0xa10000
                              File size:555520 bytes
                              MD5 hash:717FC8318EB370B1E8AE630AF9FE431D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.287715667.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.287825585.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.289011583.0000000003FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              Target ID:4
                              Start time:08:07:26
                              Start date:13/05/2022
                              Path:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              Wow64 process (32bit):false
                              Commandline:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              Imagebase:0x50000
                              File size:555520 bytes
                              MD5 hash:717FC8318EB370B1E8AE630AF9FE431D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Target ID:5
                              Start time:08:07:28
                              Start date:13/05/2022
                              Path:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
                              Imagebase:0xec0000
                              File size:555520 bytes
                              MD5 hash:717FC8318EB370B1E8AE630AF9FE431D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000005.00000000.283132677.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000005.00000000.282158079.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000005.00000000.282584225.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000005.00000000.283785839.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              No disassembly