Loading ...

Play interactive tourEdit tour

Analysis Report Neft.doc.exe

Overview

General Information

Sample Name:Neft.doc.exe
MD5:40e0d42ef3f741db6fd95f7348592022
SHA1:0aea861db73793e2b49769595bfedd8b044d1404
SHA256:0ab5b4ff5cf05168b0daad049ff80be8148edee8386e728505fff9a8a7c3add5

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Sigma detected: Suspicious Double Extension
Yara detected AgentTesla
.NET source code contains potential unpacker
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses netsh to modify the Windows network and firewall settings
AV process strings found (often used to terminate AV products)
Allocates a big amount of memory (probably used for heap spraying)
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Malware Configuration

Threatname: Agenttesla

{"Username: ": "6d6xo", "URL: ": "http://VwUKfUe9rR9qKa2dO.com", "To: ": "info@maquarie.net", "ByHost: ": "mail.privateemail.com:5878", "Password: ": "scwGPByzYwS", "From: ": "info@maquarie.net"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.622689515.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.543219313.0000000003D26000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.621876567.0000000003F17000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.541952241.0000000003A89000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.593689506.0000000003DF7000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 22 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Neft.doc.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              8.2.chrome.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                4.2.chrome.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                  Sigma Overview


                  System Summary:

                  barindex
                  Sigma detected: Capture Wi-Fi passwordShow sources
                  Source: Process startedAuthor: Joe Security: Data: Command: 'netsh' wlan show profile, CommandLine: 'netsh' wlan show profile, CommandLine|base64offset|contains: V, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: C:\Users\user\Desktop\Neft.doc.exe, ParentImage: C:\Users\user\Desktop\Neft.doc.exe, ParentProcessId: 948, ProcessCommandLine: 'netsh' wlan show profile, ProcessId: 4260
                  Sigma detected: Suspicious Double ExtensionShow sources
                  Source: Process startedAuthor: Florian Roth (rule), @blu3_team (idea): Data: Command: C:\Users\user\Desktop\Neft.doc.exe, CommandLine: C:\Users\user\Desktop\Neft.doc.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\Neft.doc.exe, NewProcessName: C:\Users\user\Desktop\Neft.doc.exe, OriginalFileName: C:\Users\user\Desktop\Neft.doc.exe, ParentCommandLine: 'C:\Users\user\Desktop\Neft.doc.exe' , ParentImage: C:\Users\user\Desktop\Neft.doc.exe, ParentProcessId: 4560, ProcessCommandLine: C:\Users\user\Desktop\Neft.doc.exe, ProcessId: 948

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: chrome.exe.4960.8.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "6d6xo", "URL: ": "http://VwUKfUe9rR9qKa2dO.com", "To: ": "info@maquarie.net", "ByHost: ": "mail.privateemail.com:5878", "Password: ": "scwGPByzYwS", "From: ": "info@maquarie.net"}
                  Multi AV Scanner detection for dropped fileShow sources
                  Source: C:\Users\user\chrome.exeVirustotal: Detection: 30%Perma Link
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: Neft.doc.exeVirustotal: Detection: 30%Perma Link
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\chrome.exeJoe Sandbox ML: detected
                  Machine Learning detection for sampleShow sources
                  Source: Neft.doc.exeJoe Sandbox ML: detected
                  Source: 2.2.Neft.doc.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: 4.2.chrome.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: 8.2.chrome.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

                  Source: chrome.exeMemory has grown: Private usage: 0MB later: 18MB
                  Source: C:\Users\user\chrome.exeCode function: 4x nop then inc dword ptr [ebp-14h]5_2_05114980

                  Source: global trafficTCP traffic: 192.168.2.7:49708 -> 198.54.122.60:587
                  Source: Joe Sandbox ViewIP Address: 198.54.122.60 198.54.122.60
                  Source: global trafficTCP traffic: 192.168.2.7:49708 -> 198.54.122.60:587
                  Source: unknownDNS traffic detected: queries for: mail.privateemail.com
                  Source: chrome.exe, 00000008.00000002.945229475.00000000031A0000.00000004.00000001.sdmpString found in binary or memory: http://VwUKfUe9rR9qKa2dO.com
                  Source: Neft.doc.exe, 00000002.00000002.945484158.00000000031DA000.00000004.00000001.sdmp, chrome.exe, 00000008.00000002.945628727.000000000330B000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                  Source: Neft.doc.exe, 00000002.00000002.945484158.00000000031DA000.00000004.00000001.sdmp, chrome.exe, 00000008.00000002.945628727.000000000330B000.00000004.00000001.sdmpString found in binary or memory: http://mail.privateemail.com
                  Source: Neft.doc.exe, 00000002.00000002.945484158.00000000031DA000.00000004.00000001.sdmp, chrome.exe, 00000008.00000002.945628727.000000000330B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                  Source: Neft.doc.exe, 00000002.00000002.945484158.00000000031DA000.00000004.00000001.sdmp, chrome.exe, 00000008.00000002.945628727.000000000330B000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0

                  Key, Mouse, Clipboard, Microphone and Screen Capturing:

                  barindex
                  Installs a global keyboard hookShow sources
                  Source: C:\Users\user\Desktop\Neft.doc.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Neft.doc.exeJump to behavior
                  Source: C:\Users\user\chrome.exeWindows user hook set: 0 keyboard low level C:\Users\user\chrome.exe
                  Source: Neft.doc.exe, 00000000.00000002.539348385.0000000000EE0000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                  Source: C:\Users\user\Desktop\Neft.doc.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                  Source: C:\Users\user\chrome.exeWindow created: window name: CLIPBRDWNDCLASS

                  System Summary:

                  barindex
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_00ECE6600_2_00ECE660
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_00ECE6500_2_00ECE650
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_00ECCC1C0_2_00ECCC1C
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_061333300_2_06133330
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_061300060_2_06130006
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_061300400_2_06130040
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030059D02_2_030059D0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030010602_2_03001060
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030007902_2_03000790
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03007E6B2_2_03007E6B
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03002C382_2_03002C38
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030004482_2_03000448
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030084A02_2_030084A0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030043162_2_03004316
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030043A02_2_030043A0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03004BCC2_2_03004BCC
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03004A092_2_03004A09
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030042472_2_03004247
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0300393C2_2_0300393C
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0300485C2_2_0300485C
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03003F482_2_03003F48
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03002C382_2_03002C38
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03003D292_2_03003D29
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030045472_2_03004547
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_030044BA2_2_030044BA
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059115482_2_05911548
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059144402_2_05914440
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059111A82_2_059111A8
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059151082_2_05915108
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_05919E502_2_05919E50
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059155302_2_05915530
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059115392_2_05911539
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059111992_2_05911199
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0591900C2_2_0591900C
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_059143912_2_05914391
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_05919E422_2_05919E42
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662F7F02_2_0662F7F0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_066247C02_2_066247C0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06623FB82_2_06623FB8
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06629CD02_2_06629CD0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662BD182_2_0662BD18
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06620DE82_2_06620DE8
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_066231D02_2_066231D0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662AE282_2_0662AE28
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662AE382_2_0662AE38
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_066247B32_2_066247B3
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_066224302_2_06622430
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662BD092_2_0662BD09
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06620DD82_2_06620DD8
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_066222A82_2_066222A8
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06622B202_2_06622B20
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06622B132_2_06622B13
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662A3A02_2_0662A3A0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0662A3902_2_0662A390
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_066200402_2_06620040
                  Source: C:\Users\user\chrome.exeCode function: 3_2_0123E6603_2_0123E660
                  Source: C:\Users\user\chrome.exeCode function: 3_2_0123E6503_2_0123E650
                  Source: C:\Users\user\chrome.exeCode function: 3_2_0123CC1C3_2_0123CC1C
                  Source: C:\Users\user\chrome.exeCode function: 3_2_062833303_2_06283330
                  Source: C:\Users\user\chrome.exeCode function: 3_2_062800073_2_06280007
                  Source: C:\Users\user\chrome.exeCode function: 3_2_062800403_2_06280040
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD44404_2_04FD4440
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD15484_2_04FD1548
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD11A84_2_04FD11A8
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD51084_2_04FD5108
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD9E504_2_04FD9E50
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD15394_2_04FD1539
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD55304_2_04FD5530
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD900C4_2_04FD900C
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD11A74_2_04FD11A7
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD43514_2_04FD4351
                  Source: C:\Users\user\chrome.exeCode function: 4_2_04FD9E414_2_04FD9E41
                  Source: C:\Users\user\chrome.exeCode function: 5_2_02AEE6605_2_02AEE660
                  Source: C:\Users\user\chrome.exeCode function: 5_2_02AEE6505_2_02AEE650
                  Source: C:\Users\user\chrome.exeCode function: 5_2_02AECC1C5_2_02AECC1C
                  Source: C:\Users\user\chrome.exeCode function: 5_2_02AE96A85_2_02AE96A8
                  Source: C:\Users\user\chrome.exeCode function: 5_2_051165795_2_05116579
                  Source: C:\Users\user\chrome.exeCode function: 5_2_051165885_2_05116588
                  Source: C:\Users\user\chrome.exeCode function: 5_2_0511E7805_2_0511E780
                  Source: C:\Users\user\chrome.exeCode function: 5_2_062433305_2_06243330
                  Source: C:\Users\user\chrome.exeCode function: 5_2_062400065_2_06240006
                  Source: C:\Users\user\chrome.exeCode function: 5_2_062400405_2_06240040
                  Source: Neft.doc.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: chrome.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: Neft.doc.exeBinary or memory string: OriginalFilename vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.538443097.00000000007D0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametPwVXcG.exe0 vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.546533790.0000000006010000.00000004.00000001.sdmpBinary or memory string: OriginalFilename26.dll4 vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.541952241.0000000003A89000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMYDLLSTUBSHARED.dll4 vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.541952241.0000000003A89000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamejZTIIkffusbfSGZKkTqBuhPKzh.exe4 vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.539348385.0000000000EE0000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.538275022.0000000000772000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameZImBOZX.dll< vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.540889602.0000000002C5F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUnhook.dll. vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000000.00000002.540460804.0000000002B4A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLOL.dllH vs Neft.doc.exe
                  Source: Neft.doc.exeBinary or memory string: OriginalFilename vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.949028797.00000000066B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.943251397.0000000000DB2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameZImBOZX.dll< vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.943470092.0000000000FB7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000000.537839179.0000000000E10000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametPwVXcG.exe0 vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.948757887.0000000006630000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.943173621.000000000044E000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamejZTIIkffusbfSGZKkTqBuhPKzh.exe4 vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.947815861.0000000005880000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs Neft.doc.exe
                  Source: Neft.doc.exe, 00000002.00000002.949068096.00000000066C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs Neft.doc.exe
                  Source: Neft.doc.exeBinary or memory string: OriginalFilenameZImBOZX.dll< vs Neft.doc.exe
                  Source: Neft.doc.exeBinary or memory string: OriginalFilenametPwVXcG.exe0 vs Neft.doc.exe
                  Source: Neft.doc.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: chrome.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/2@3/1
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile created: C:\Users\user\chrome.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4636:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1628:120:WilError_01
                  Source: Neft.doc.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Neft.doc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\chrome.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\chrome.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\chrome.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\chrome.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\Neft.doc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\chrome.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\chrome.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\chrome.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Neft.doc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\chrome.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\chrome.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Neft.doc.exeVirustotal: Detection: 30%
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile read: C:\Users\user\Desktop\Neft.doc.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Neft.doc.exe 'C:\Users\user\Desktop\Neft.doc.exe'
                  Source: unknownProcess created: C:\Users\user\Desktop\Neft.doc.exe C:\Users\user\Desktop\Neft.doc.exe
                  Source: unknownProcess created: C:\Users\user\chrome.exe 'C:\Users\user\chrome.exe'
                  Source: unknownProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exe
                  Source: unknownProcess created: C:\Users\user\chrome.exe 'C:\Users\user\chrome.exe'
                  Source: unknownProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exe
                  Source: unknownProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exe
                  Source: unknownProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exe
                  Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                  Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                  Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess created: C:\Users\user\Desktop\Neft.doc.exe C:\Users\user\Desktop\Neft.doc.exeJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profileJump to behavior
                  Source: C:\Users\user\chrome.exeProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exeJump to behavior
                  Source: C:\Users\user\chrome.exeProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exeJump to behavior
                  Source: C:\Users\user\chrome.exeProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exeJump to behavior
                  Source: C:\Users\user\chrome.exeProcess created: C:\Users\user\chrome.exe C:\Users\user\chrome.exeJump to behavior
                  Source: C:\Users\user\chrome.exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                  Source: C:\Users\user\Desktop\Neft.doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Neft.doc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Neft.doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: Binary string: Unhook.pdb source: Neft.doc.exe, 00000000.00000002.540889602.0000000002C5F000.00000004.00000001.sdmp, chrome.exe, 00000003.00000002.592145196.0000000002DBC000.00000004.00000001.sdmp, chrome.exe, 00000005.00000002.619967683.0000000002EDE000.00000004.00000001.sdmp
                  Source: Binary string: 26.pdb source: Neft.doc.exe, 00000000.00000002.546533790.0000000006010000.00000004.00000001.sdmp, chrome.exe, 00000003.00000002.592821592.0000000002F4F000.00000004.00000001.sdmp, chrome.exe, 00000005.00000002.620857610.0000000003076000.00000004.00000001.sdmp
                  Source: Binary string: LOL.pdb source: Neft.doc.exe, 00000000.00000002.540460804.0000000002B4A000.00000004.00000001.sdmp, chrome.exe, 00000003.00000002.591113738.0000000002BE0000.00000004.00000001.sdmp, chrome.exe, 00000005.00000002.619556343.0000000002DCA000.00000004.00000001.sdmp
                  Source: Binary string: C:\Users\Raz\Documents\Visual Studio 2015\Projects\STUB214\ClassLibrary1\obj\Debug\ZImBOZX.pdb<2V2 H2_CorDllMainmscoree.dll source: Neft.doc.exe
                  Source: Binary string: 26.pdbx source: Neft.doc.exe, 00000000.00000002.546533790.0000000006010000.00000004.00000001.sdmp, chrome.exe, 00000003.00000002.592821592.0000000002F4F000.00000004.00000001.sdmp, chrome.exe, 00000005.00000002.620857610.0000000003076000.00000004.00000001.sdmp
                  Source: Binary string: C:\Users\Raz\Documents\Visual Studio 2015\Projects\STUB214\ClassLibrary1\obj\Debug\ZImBOZX.pdb source: chrome.exe, chrome.exe, 00000006.00000000.614521359.00000000000C2000.00000002.00020000.sdmp, chrome.exe, 00000007.00000000.615591181.0000000000092000.00000002.00020000.sdmp, chrome.exe, 00000008.00000000.616480293.0000000000ED2000.00000002.00020000.sdmp, Neft.doc.exe

                  Data Obfuscation:

                  barindex
                  .NET source code contains potential unpackerShow sources
                  Source: Neft.doc.exe, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: chrome.exe.0.dr, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.2.Neft.doc.exe.770000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.0.Neft.doc.exe.770000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 2.0.Neft.doc.exe.db0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 2.2.Neft.doc.exe.db0000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 3.0.chrome.exe.8a0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 3.2.chrome.exe.8a0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 4.0.chrome.exe.470000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 4.2.chrome.exe.470000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.2.chrome.exe.860000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.0.chrome.exe.860000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 6.2.chrome.exe.c0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 6.0.chrome.exe.c0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 7.2.chrome.exe.90000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 7.0.chrome.exe.90000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 8.2.chrome.exe.ed0000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 8.0.chrome.exe.ed0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.cs.Net Code: TDhQ System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: Neft.doc.exeStatic PE information: real checksum: 0x6c430 should be: 0x7da72
                  Source: chrome.exe.0.drStatic PE information: real checksum: 0x6c430 should be: 0x7da72
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_06135649 push es; iretd 0_2_06135678
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_0613455E pushfd ; ret 0_2_06134565
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 0_2_06133DDD push ds; retf 0_2_06133DE3
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0300D2A3 push esp; retf 2_2_0300D2AD
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_03003695 push 8BFFFFFCh; retf 2_2_030036A0
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_0300DCC7 push edi; retn 0000h2_2_0300DCC9
                  Source: C:\Users\user\Desktop\Neft.doc.exeCode function: 2_2_06628532 push es; ret 2_2_0662862C
                  Source: C:\Users\user\chrome.exeCode function: 3_2_06285649 push es; iretd 3_2_06285678
                  Source: C:\Users\user\chrome.exeCode function: 3_2_0628455E pushfd ; ret 3_2_06284565
                  Source: C:\Users\user\chrome.exeCode function: 5_2_06245649 push es; iretd 5_2_06245678
                  Source: C:\Users\user\chrome.exeCode function: 5_2_0624455E pushfd ; ret 5_2_06244565
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.76173983305
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.76173983305
                  Source: Neft.doc.exe, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: Neft.doc.exe, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: chrome.exe.0.dr, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: chrome.exe.0.dr, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 0.2.Neft.doc.exe.770000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 0.2.Neft.doc.exe.770000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 0.0.Neft.doc.exe.770000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 0.0.Neft.doc.exe.770000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 2.0.Neft.doc.exe.db0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 2.0.Neft.doc.exe.db0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 2.2.Neft.doc.exe.db0000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 2.2.Neft.doc.exe.db0000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 3.0.chrome.exe.8a0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 3.0.chrome.exe.8a0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 3.2.chrome.exe.8a0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 3.2.chrome.exe.8a0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 4.0.chrome.exe.470000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 4.0.chrome.exe.470000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 4.2.chrome.exe.470000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 4.2.chrome.exe.470000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 5.2.chrome.exe.860000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 5.2.chrome.exe.860000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 5.0.chrome.exe.860000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 5.0.chrome.exe.860000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 6.2.chrome.exe.c0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 6.2.chrome.exe.c0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 6.0.chrome.exe.c0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 6.0.chrome.exe.c0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 7.2.chrome.exe.90000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 7.2.chrome.exe.90000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 7.0.chrome.exe.90000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 7.0.chrome.exe.90000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 8.2.chrome.exe.ed0000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 8.2.chrome.exe.ed0000.1.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'
                  Source: 8.0.chrome.exe.ed0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/BaTp.csHigh entropy of concatenated method names: '.ctor', 'NeUu', 'PRhh', 'MkCi', 'AVNY', 'ALNT', 'JPQx', 'QlyL', 'aVOu', 'wLGW'
                  Source: 8.0.chrome.exe.ed0000.0.unpack, gwJIPCYZDFQjoeUEZEeGxLSHtFOD/xqsd.csHigh entropy of concatenated method names: 'uMoS', 'ScTx', 'IdLm', 'hKiu', 'CUkf', 'BBmg', 'ULHH', 'aekg', 'TvTZ', 'oekr'

                  Source: C:\Users\user\Desktop\Neft.doc.exeFile created: C:\Users\user\chrome.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile created: C:\Users\user\chrome.exeJump to dropped file

                  Boot Survival:

                  barindex
                  Drops PE files to the user root directoryShow sources
                  Source: C:\Users\user\Desktop\Neft.doc.exeFile created: C:\Users\user\chrome.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Neft.doc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run chromeJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run chromeJump to behavior

                  Hooking and other Techniques for Hiding and Protection:

                  barindex
                  Uses an obfuscated file name to hide its real file extension (double extension)Show sources
                  Source: Possible double extension: doc.exeStatic PE information: Neft.doc.exe
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Neft.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\chrome.exeProcess information set