Loading ...

Play interactive tourEdit tour

Analysis Report New Order ISI-Group India.exe

Overview

General Information

Sample Name:New Order ISI-Group India.exe
MD5:05e5477ba1019aecd8ec9db087d703d9
SHA1:d3781d6dde13a0783c84e74e7fc84ce3454671dc
SHA256:ba4c22cd68fe1d4fee2c9e47f1749b77e3295113d2f7ca8f50c03c61dc5cd23f

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected AgentTesla
Contains functionality to detect sleep reduction / modifications
Found API chain indicative of debugger detection
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses netsh to modify the Windows network and firewall settings
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality locales information (e.g. system language)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • New Order ISI-Group India.exe (PID: 3488 cmdline: 'C:\Users\user\Desktop\New Order ISI-Group India.exe' MD5: 05E5477BA1019AECD8EC9DB087D703D9)
    • New Order ISI-Group India.exe (PID: 4216 cmdline: 'C:\Users\user\Desktop\New Order ISI-Group India.exe' MD5: 05E5477BA1019AECD8EC9DB087D703D9)
      • netsh.exe (PID: 244 cmdline: 'netsh' wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
        • conhost.exe (PID: 2788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • bXENt.exe (PID: 5016 cmdline: 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe' MD5: 05E5477BA1019AECD8EC9DB087D703D9)
    • bXENt.exe (PID: 4988 cmdline: 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe' MD5: 05E5477BA1019AECD8EC9DB087D703D9)
  • bXENt.exe (PID: 5104 cmdline: 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe' MD5: 05E5477BA1019AECD8EC9DB087D703D9)
    • bXENt.exe (PID: 3268 cmdline: 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe' MD5: 05E5477BA1019AECD8EC9DB087D703D9)
      • netsh.exe (PID: 5112 cmdline: 'netsh' wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
        • conhost.exe (PID: 4516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "agSQZVd6Ed6Ll", "URL: ": "http://chsDQYwUkEehPjD.org", "To: ": "mngacct@tandempakistan.com", "ByHost: ": "mail.tandempakistan.com:587", "Password: ": "HosNMdzHJACL", "From: ": "mngacct@tandempakistan.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1190915218.00000000009A2000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000009.00000002.1190825517.0000000000952000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000008.00000002.904830531.0000000002743000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.1190662129.00000000008F0000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000005.00000002.906365169.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 31 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            9.2.bXENt.exe.600000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              9.2.bXENt.exe.600000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.New Order ISI-Group India.exe.9a0000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  5.2.bXENt.exe.720000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    5.2.bXENt.exe.21c0000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 18 entries

                      Sigma Overview


                      System Summary:

                      barindex
                      Sigma detected: Capture Wi-Fi passwordShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'netsh' wlan show profile, CommandLine: 'netsh' wlan show profile, CommandLine|base64offset|contains: V, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: 'C:\Users\user\Desktop\New Order ISI-Group India.exe' , ParentImage: C:\Users\user\Desktop\New Order ISI-Group India.exe, ParentProcessId: 4216, ProcessCommandLine: 'netsh' wlan show profile, ProcessId: 244

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: bXENt.exe.3268.9.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "agSQZVd6Ed6Ll", "URL: ": "http://chsDQYwUkEehPjD.org", "To: ": "mngacct@tandempakistan.com", "ByHost: ": "mail.tandempakistan.com:587", "Password: ": "HosNMdzHJACL", "From: ": "mngacct@tandempakistan.com"}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeVirustotal: Detection: 41%Perma Link
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeReversingLabs: Detection: 45%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: New Order ISI-Group India.exeVirustotal: Detection: 41%Perma Link
                      Source: New Order ISI-Group India.exeReversingLabs: Detection: 45%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeJoe Sandbox ML: detected
                      Machine Learning detection for sampleShow sources
                      Source: New Order ISI-Group India.exeJoe Sandbox ML: detected
                      Source: 2.2.New Order ISI-Group India.exe.9a0000.3.unpackAvira: Label: TR/Spy.Gen8
                      Source: 5.2.bXENt.exe.21c0000.3.unpackAvira: Label: TR/Spy.Gen8
                      Source: 0.2.New Order ISI-Group India.exe.2660000.2.unpackAvira: Label: TR/Patched.Ren.Gen
                      Source: 9.2.bXENt.exe.2160000.3.unpackAvira: Label: TR/Spy.Gen8
                      Source: 4.2.bXENt.exe.2690000.2.unpackAvira: Label: TR/Patched.Ren.Gen

                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00405064 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00405064
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00405064 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,4_2_00405064
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00405064 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,8_2_00405064

                      Source: Joe Sandbox ViewASN Name: unknown unknown
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0222A186 recv,2_2_0222A186
                      Source: unknownDNS traffic detected: queries for: mail.tandempakistan.com
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1195374303.0000000005560000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.c
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1195709434.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://cert.int-x3.letsencrypt.org/0
                      Source: bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1194053225.0000000002C28000.00000004.00000001.sdmpString found in binary or memory: http://chsDQYwUkEehPjD.org
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://chsDQYwUkEehPjD.orgxWT
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1193515892.0000000002A60000.00000004.00000001.sdmp, bXENt.exe, 00000009.00000002.1193633518.0000000002ABA000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.int-x3.letsencrypt.org0/

                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00406762 OpenClipboard,0_2_00406762
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004283BC GetClipboardData,GlobalFix,GlobalUnWire,0_2_004283BC
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00420B60 GetObjectA,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,8_2_00420B60
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00431400 GetKeyboardState,0_2_00431400
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary:

                      barindex
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: New Order ISI-Group India.exe
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044E840 NtdllDefWindowProc_A,0_2_0044E840
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00460885 NtCreateSection,0_2_00460885
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0045EE58 NtQueryInformationProcess,NtQueryInformationProcess,0_2_0045EE58
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0045EF9A NtMapViewOfSection,0_2_0045EF9A
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043431C NtdllDefWindowProc_A,GetCapture,0_2_0043431C
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044EFE8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0044EFE8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044F098 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_0044F098
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00443B6C GetSubMenu,SaveDC,RestoreDC,7337B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,0_2_00443B6C
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00427D2C NtdllDefWindowProc_A,0_2_00427D2C
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0045A159 NtCreateSection,2_2_0045A159
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0222B362 NtQuerySystemInformation,2_2_0222B362
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0222B331 NtQuerySystemInformation,2_2_0222B331
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044E840 NtdllDefWindowProc_A,4_2_0044E840
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00460885 NtCreateSection,4_2_00460885
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0045EE58 NtQueryInformationProcess,NtQueryInformationProcess,4_2_0045EE58
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0045EF9A NtMapViewOfSection,4_2_0045EF9A
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0043431C NtdllDefWindowProc_A,GetCapture,4_2_0043431C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044EFE8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,4_2_0044EFE8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044F098 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,4_2_0044F098
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00443B6C GetSubMenu,SaveDC,RestoreDC,7337B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,4_2_00443B6C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00427D2C NtdllDefWindowProc_A,4_2_00427D2C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044E840 NtdllDefWindowProc_A,8_2_0044E840
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00460885 NtCreateSection,8_2_00460885
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0045EE58 NtQueryInformationProcess,NtQueryInformationProcess,8_2_0045EE58
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0045EF9A NtMapViewOfSection,8_2_0045EF9A
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0043431C NtdllDefWindowProc_A,GetCapture,8_2_0043431C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044EFE8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,8_2_0044EFE8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044F098 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,8_2_0044F098
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00443B6C GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A,8_2_00443B6C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00427D2C NtdllDefWindowProc_A,8_2_00427D2C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_0045A159 NtCreateSection,9_2_0045A159
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_0224B362 NtQuerySystemInformation,9_2_0224B362
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_0224B331 NtQuerySystemInformation,9_2_0224B331
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00448D380_2_00448D38
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00443B6C0_2_00443B6C
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_004539762_2_00453976
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0045913D2_2_0045913D
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BA2182_2_023BA218
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B0EF82_2_023B0EF8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BA7812_2_023BA781
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B4C382_2_023B4C38
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BB06F2_2_023BB06F
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BAC402_2_023BAC40
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BB4E82_2_023BB4E8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B90C82_2_023B90C8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BC5C12_2_023BC5C1
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023BA20B2_2_023BA20B
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B966B2_2_023B966B
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B02602_2_023B0260
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B9EF02_2_023B9EF0
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B72E02_2_023B72E0
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B6AC22_2_023B6AC2
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B23BD2_2_023B23BD
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B73BC2_2_023B73BC
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B0EF82_2_023B0EF8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B8C282_2_023B8C28
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B04692_2_023B0469
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B90462_2_023B9046
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B90C42_2_023B90C4
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B85782_2_023B8578
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B29992_2_023B2999
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B89832_2_023B8983
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_023B99CE2_2_023B99CE
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAE9302_2_04BAE930
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAF1102_2_04BAF110
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BA00142_2_04BA0014
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAF53A2_2_04BAF53A
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAF87A2_2_04BAF87A
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAF5AC2_2_04BAF5AC
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAE9202_2_04BAE920
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_04BAF1022_2_04BAF102
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_057300702_2_05730070
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_057317FB2_2_057317FB
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_05730CE02_2_05730CE0
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_05732D682_2_05732D68
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_057305FD2_2_057305FD
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_05730CD02_2_05730CD0
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_057323002_2_05732300
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_057300072_2_05730007
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00448D384_2_00448D38
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00443B6C4_2_00443B6C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_004539765_2_00453976
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_0045913D5_2_0045913D
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_025D046F5_2_025D046F
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_025D02605_2_025D0260
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBE9305_2_04BBE930
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BB00185_2_04BB0018
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBF1105_2_04BBF110
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBF53A5_2_04BBF53A
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBF87A5_2_04BBF87A
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBF5AC5_2_04BBF5AC
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBE9205_2_04BBE920
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 5_2_04BBF1035_2_04BBF103
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00448D388_2_00448D38
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00443B6C8_2_00443B6C
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_004539769_2_00453976
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_0045913D9_2_0045913D
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EBA689_2_024EBA68
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E96789_2_024E9678
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EA2189_2_024EA218
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E0EF89_2_024E0EF8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EAC409_2_024EAC40
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E4C389_2_024E4C38
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E90C89_2_024E90C8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EB4E89_2_024EB4E8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EC5C19_2_024EC5C1
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E41A99_2_024E41A9
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E96689_2_024E9668
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E02609_2_024E0260
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EA2099_2_024EA209
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E72E09_2_024E72E0
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E0EF89_2_024E0EF8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EA7809_2_024EA780
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E73BC9_2_024E73BC
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E23BD9_2_024E23BD
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E00069_2_024E0006
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E8C289_2_024E8C28
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E90C09_2_024E90C0
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E61569_2_024E6156
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EC17E9_2_024EC17E
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E85789_2_024E8578
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E99CE9_2_024E99CE
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E89839_2_024E8983
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E29999_2_024E2999
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024EC1909_2_024EC190
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_024E59BD9_2_024E59BD
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBE9309_2_04BBE930
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBF1109_2_04BBF110
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BB00069_2_04BB0006
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBF53A9_2_04BBF53A
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBF87A9_2_04BBF87A
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBF5AC9_2_04BBF5AC
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBE9209_2_04BBE920
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_04BBF1029_2_04BBF102
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_05632D689_2_05632D68
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056300709_2_05630070
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_05630CE09_2_05630CE0
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056300079_2_05630007
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_05630CD29_2_05630CD2
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056306949_2_05630694
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056AA1589_2_056AA158
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056AB9509_2_056AB950
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056AC4209_2_056AC420
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056AD3489_2_056AD348
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056A9B089_2_056A9B08
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056ABF809_2_056ABF80
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056A92589_2_056A9258
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_056AEB009_2_056AEB00
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 0045336B appears 32 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 00406024 appears 124 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 00403FE0 appears 40 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 00403FBC appears 140 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 0040D8B8 appears 42 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 00453F3C appears 36 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 00405D28 appears 32 times
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: String function: 004035F8 appears 44 times
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: String function: 00406024 appears 62 times
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: String function: 00403FBC appears 70 times
                      Source: New Order ISI-Group India.exeStatic PE information: Resource name: RT_CURSOR type: DOS executable (COM)
                      Source: New Order ISI-Group India.exeStatic PE information: Resource name: RT_CURSOR type: COM executable for DOS
                      Source: New Order ISI-Group India.exeStatic PE information: Resource name: RT_CURSOR type: COM executable for DOS
                      Source: New Order ISI-Group India.exeStatic PE information: Resource name: RT_CURSOR type: COM executable for DOS
                      Source: New Order ISI-Group India.exeStatic PE information: Resource name: RT_CURSOR type: DOS executable (COM, 0x8C-variant)
                      Source: bXENt.exe.2.drStatic PE information: Resource name: RT_CURSOR type: DOS executable (COM)
                      Source: bXENt.exe.2.drStatic PE information: Resource name: RT_CURSOR type: COM executable for DOS
                      Source: bXENt.exe.2.drStatic PE information: Resource name: RT_CURSOR type: COM executable for DOS
                      Source: bXENt.exe.2.drStatic PE information: Resource name: RT_CURSOR type: COM executable for DOS
                      Source: bXENt.exe.2.drStatic PE information: Resource name: RT_CURSOR type: DOS executable (COM, 0x8C-variant)
                      Source: New Order ISI-Group India.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: bXENt.exe.2.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: New Order ISI-Group India.exe, 00000000.00000002.771902845.00000000026EE000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameRFxWAMXUZAXzYVEnvvFpsLXNDNMC.exe4 vs New Order ISI-Group India.exe
                      Source: New Order ISI-Group India.exeBinary or memory string: OriginalFilename vs New Order ISI-Group India.exe
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1190874007.000000000098E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRFxWAMXUZAXzYVEnvvFpsLXNDNMC.exe4 vs New Order ISI-Group India.exe
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1195627578.00000000056E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs New Order ISI-Group India.exe
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1194920075.0000000005080000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs New Order ISI-Group India.exe
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1192261160.0000000002560000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs New Order ISI-Group India.exe
                      Source: New Order ISI-Group India.exe, 00000002.00000002.1195743750.0000000005720000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs New Order ISI-Group India.exe
                      Source: 0.2.New Order ISI-Group India.exe.26a0000.3.unpack, qdf.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.New Order ISI-Group India.exe.26a0000.3.unpack, qdf.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 2.2.New Order ISI-Group India.exe.9a0000.3.unpack, qdf.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.New Order ISI-Group India.exe.9a0000.3.unpack, qdf.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 2.2.New Order ISI-Group India.exe.940000.2.unpack, qdf.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.New Order ISI-Group India.exe.940000.2.unpack, qdf.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 2.2.New Order ISI-Group India.exe.400000.0.unpack, qdf.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.New Order ISI-Group India.exe.400000.0.unpack, qdf.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/2@2/1
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0041DBB8 GetLastError,FormatMessageA,0_2_0041DBB8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0222B1E6 AdjustTokenPrivileges,2_2_0222B1E6
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 2_2_0222B1AF AdjustTokenPrivileges,2_2_0222B1AF
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_0224B1E6 AdjustTokenPrivileges,9_2_0224B1E6
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 9_2_0224B1AF AdjustTokenPrivileges,9_2_0224B1AF
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0040845E GetDiskFreeSpaceA,0_2_0040845E
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0045F373 VirtualAlloc,CreateToolhelp32Snapshot,Process32FirstW,0_2_0045F373
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00416014 FreeResource,0_2_00416014
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile created: C:\Users\user\AppData\Roaming\bXENtJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4516:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2788:120:WilError_01
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\497ab1dd171eeef956401f1aeb0b9fec\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\497ab1dd171eeef956401f1aeb0b9fec\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\497ab1dd171eeef956401f1aeb0b9fec\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: New Order ISI-Group India.exeVirustotal: Detection: 41%
                      Source: New Order ISI-Group India.exeReversingLabs: Detection: 45%
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile read: C:\Users\user\Desktop\New Order ISI-Group India.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\New Order ISI-Group India.exe 'C:\Users\user\Desktop\New Order ISI-Group India.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\New Order ISI-Group India.exe 'C:\Users\user\Desktop\New Order ISI-Group India.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe'
                      Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe'
                      Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess created: C:\Users\user\Desktop\New Order ISI-Group India.exe 'C:\Users\user\Desktop\New Order ISI-Group India.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profileJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeProcess created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeProcess created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe 'C:\Users\user\AppData\Roaming\bXENt\bXENt.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profileJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior

                      Data Obfuscation:

                      barindex
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeUnpacked PE file: 2.2.New Order ISI-Group India.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeUnpacked PE file: 5.2.bXENt.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeUnpacked PE file: 9.2.bXENt.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Detected unpacking (creates a PE file in dynamic memory)Show sources
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeUnpacked PE file: 9.2.bXENt.exe.2160000.3.unpack
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeUnpacked PE file: 2.2.New Order ISI-Group India.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeUnpacked PE file: 5.2.bXENt.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeUnpacked PE file: 9.2.bXENt.exe.400000.0.unpack
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043B0A4 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode,0_2_0043B0A4
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043B6D4 push 0043B761h; ret 0_2_0043B759
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043E0A4 push 0043E0D0h; ret 0_2_0043E0C8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004660AC push 004660D2h; ret 0_2_004660CA
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0042816C push 004281AFh; ret 0_2_004281A7
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004281E4 push 00428210h; ret 0_2_00428208
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00426240 push 0042628Fh; ret 0_2_00426287
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0042A270 push 0042A29Ch; ret 0_2_0042A294
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004262E8 push 00426314h; ret 0_2_0042630C
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0045E2B4 push 0045E2E0h; ret 0_2_0045E2D8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004262B0 push 004262DCh; ret 0_2_004262D4
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00424344 push 00424370h; ret 0_2_00424368
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00426358 push 00426384h; ret 0_2_0042637C
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00426320 push 0042634Ch; ret 0_2_00426344
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004263C8 push 004263F4h; ret 0_2_004263EC
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0042A3D8 push 0042A404h; ret 0_2_0042A3FC
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00424384 push 004243B0h; ret 0_2_004243A8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00426390 push 004263BCh; ret 0_2_004263B4
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00426474 push 004264A0h; ret 0_2_00426498
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043C404 push ecx; mov dword ptr [esp], edx0_2_0043C408
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00426434 push 00426460h; ret 0_2_00426458
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004264AC push 004264D8h; ret 0_2_004264D0
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0041054E push 004105C6h; ret 0_2_004105BE
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00410550 push 004105C6h; ret 0_2_004105BE
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004105C8 push 00410670h; ret 0_2_00410668
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0041A5D6 push 0041A683h; ret 0_2_0041A67B
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0041A5D8 push 0041A683h; ret 0_2_0041A67B
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00410672 push 004107B0h; ret 0_2_004107A8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00444620 push 0044468Bh; ret 0_2_00444683
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0041A688 push 0041A718h; ret 0_2_0041A710
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043C6A4 push ecx; mov dword ptr [esp], edx0_2_0043C6A8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0041A71A push 0041AA08h; ret 0_2_0041AA00

                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile created: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeJump to dropped file

                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bXENtJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bXENtJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeFile opened: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeFile opened: C:\Users\user\AppData\Roaming\bXENt\bXENt.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044E8C8 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,0_2_0044E8C8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_004362F4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,0_2_004362F4
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00436C18 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,0_2_00436C18
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044EFE8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0044EFE8
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044F098 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_0044F098
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0044B8F0 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,0_2_0044B8F0
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00435A40 IsIconic,GetCapture,0_2_00435A40
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_00423DFC IsIconic,GetWindowPlacement,GetWindowRect,0_2_00423DFC
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044E8C8 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,4_2_0044E8C8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_004362F4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,4_2_004362F4
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00436C18 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,4_2_00436C18
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044EFE8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,4_2_0044EFE8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044F098 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,4_2_0044F098
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_0044B8F0 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,4_2_0044B8F0
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00435A40 IsIconic,GetCapture,4_2_00435A40
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 4_2_00423DFC IsIconic,GetWindowPlacement,GetWindowRect,4_2_00423DFC
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044E8C8 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,8_2_0044E8C8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_004362F4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,8_2_004362F4
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00436C18 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,8_2_00436C18
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044EFE8 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,8_2_0044EFE8
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044F098 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,8_2_0044F098
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_0044B8F0 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,8_2_0044B8F0
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00435A40 IsIconic,GetCapture,8_2_00435A40
                      Source: C:\Users\user\AppData\Roaming\bXENt\bXENt.exeCode function: 8_2_00423DFC IsIconic,GetWindowPlacement,GetWindowRect,8_2_00423DFC
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeCode function: 0_2_0043B0A4 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode,0_2_0043B0A4
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\New Order ISI-Group India.exe