Windows Analysis Report
PO-10212024168877 PNG2023-W101.exe

Overview

General Information

Sample name: PO-10212024168877 PNG2023-W101.exe
Analysis ID: 1544856
MD5: e7504a48d78545ef459890b5c36b6b17
SHA1: 7dd9b7b12c2a58f83235edd771801bae8b94b6f3
SHA256: 7d0590445da76f1149aefce04bc517b15b330871cd3bd8c196a032e28588ee9e
Tags: exeuser-threatcat_ch
Infos:

Detection

GuLoader
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Machine Learning detection for sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CloudEyE, GuLoader CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: PO-10212024168877 PNG2023-W101.exe ReversingLabs: Detection: 52%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: PO-10212024168877 PNG2023-W101.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: PO-10212024168877 PNG2023-W101.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49977 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49983 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49984 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49985 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49987 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49990 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49995 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49997 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50008 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50009 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50010 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50027 version: TLS 1.2
Source: PO-10212024168877 PNG2023-W101.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_00406010 FindFirstFileA,FindClose, 0_2_00406010
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_004055AE
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_00402688 FindFirstFileA, 0_2_00402688
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49979 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49993 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49981 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49984 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49998 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50004 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50002 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49986 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49989 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49988 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49985 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49992 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49980 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50003 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49990 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49978 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49994 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49996 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49991 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49982 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50000 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49999 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49983 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49997 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50006 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49987 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49976 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50008 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50005 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50019 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50011 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50010 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50025 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50012 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50018 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50020 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50028 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50023 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50013 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50024 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50009 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50017 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50026 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50014 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50021 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50007 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50030 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50029 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49995 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50016 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49977 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50001 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50022 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50015 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50027 -> 62.215.181.250:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50031 -> 62.215.181.250:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
Source: global traffic DNS traffic detected: DNS query: designcirclekw.com
Source: PO-10212024168877 PNG2023-W101.exe, PO-10212024168877 PNG2023-W101.exe, 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000000.00000000.1445303761.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: PO-10212024168877 PNG2023-W101.exe, 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000000.00000000.1445303761.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.0000000000649000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.00000000005F2000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.00000000005F2000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070130873.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2970031415.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2890472384.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070453625.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353581442.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288465328.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/$
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249913342.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249753104.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2950356283.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2950463769.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/4
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/F
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328808939.00000000075B8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2832627511.00000000075DA000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2832535674.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2813443365.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2890472384.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin)
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin5
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binQ
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binTf
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249913342.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249753104.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2970031415.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3009043227.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288465328.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bind
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070130873.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3009043227.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070453625.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3100164919.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binlIa
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353581442.00000000075DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/dmin/controller/extension/extension/zXcMABFvBCAfEn173.binBFvBCAfEn173.bin
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/l
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3122796477.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3100164919.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/ler/extension/extension/zXcMABFvBCAfEn173.bin
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/t
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://designcirclekw.com/v
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.0000000000649000.00000008.00000001.01000000.00000006.sdmp String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49977 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49983 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49984 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49985 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49987 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49990 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49995 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49997 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50008 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50009 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50010 version: TLS 1.2
Source: unknown HTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50027 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_00405063 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405063
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process Stats: CPU usage > 49%
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004030EC
Detected potential crypto function
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_004048A2 0_2_004048A2
PE / OLE file has an invalid certificate
Source: PO-10212024168877 PNG2023-W101.exe Static PE information: invalid certificate
Uses 32bit PE files
Source: PO-10212024168877 PNG2023-W101.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal72.troj.evad.winEXE@3/11@1/1
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004030EC
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_0040432F GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_0040432F
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar, 0_2_0040205E
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe File created: C:\Users\user\AppData\Local\demarkerede Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe File created: C:\Users\user\AppData\Local\Temp\nsp7D8F.tmp Jump to behavior
Source: PO-10212024168877 PNG2023-W101.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: PO-10212024168877 PNG2023-W101.exe ReversingLabs: Detection: 52%
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe File read: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe" Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: PO-10212024168877 PNG2023-W101.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000006.00000002.3906224944.0000000003648000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2614036861.0000000006688000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 0_2_10001A5D
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_10002D20 push eax; ret 0_2_10002D4E
Drops PE files
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe File created: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe API/Special instruction interceptor: Address: 7056CCE
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe API/Special instruction interceptor: Address: 4016CCE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe RDTSC instruction interceptor: First address: 6FFA451 second address: 6FFA451 instructions: 0x00000000 rdtsc 0x00000002 test cx, dx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F2D3524E3E3h 0x00000009 test dh, ch 0x0000000b test ebx, eax 0x0000000d inc ebp 0x0000000e inc ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe RDTSC instruction interceptor: First address: 3FBA451 second address: 3FBA451 instructions: 0x00000000 rdtsc 0x00000002 test cx, dx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F2D34BE3023h 0x00000009 test dh, ch 0x0000000b test ebx, eax 0x0000000d inc ebp 0x0000000e inc ebx 0x0000000f rdtsc
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe TID: 6768 Thread sleep count: 55 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe TID: 6768 Thread sleep time: -550000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_00406010 FindFirstFileA,FindClose, 0_2_00406010
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_004055AE
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_00402688 FindFirstFileA, 0_2_00402688
Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181486135.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3122910329.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269183422.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220490283.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201099129.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3373052656.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3102891267.00000000075CB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe API call chain: ExitProcess graph end node
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 0_2_10001A5D
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Process created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe" Jump to behavior
Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe Code function: 0_2_00405D2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, 0_2_00405D2E
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544856 Sample: PO-10212024168877 PNG2023-W... Startdate: 29/10/2024 Architecture: WINDOWS Score: 72 15 designcirclekw.com 2->15 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected GuLoader 2->21 23 Machine Learning detection for sample 2->23 25 3 other signatures 2->25 7 PO-10212024168877 PNG2023-W101.exe 48 2->7         started        signatures3 process4 file5 13 C:\Users\user\AppData\Local\...\System.dll, PE32 7->13 dropped 10 PO-10212024168877 PNG2023-W101.exe 6 7->10         started        process6 dnsIp7 17 designcirclekw.com 62.215.181.250, 443, 49976, 49977 FAST-TELCOKW Kuwait 10->17
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
62.215.181.250
 designcirclekw.com Kuwait
21050 FAST-TELCOKW false

Contacted Domains

Name IP Active
designcirclekw.com 62.215.181.250 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin false
    		unknown