Loading ...

Play interactive tourEdit tour

Analysis Report URGENT TENDER#675320 (Covid19 kits).exe

Overview

General Information

Sample Name:URGENT TENDER#675320 (Covid19 kits).exe
MD5:bd2aeaab8f491a77f7c7ce59b027cf2c
SHA1:2a790244357f24b6145a43d35a3644728250e2dc
SHA256:5b37cc85fd190a6b4726ea57f2588b5a74acc2c51e2917363c226b73ac79118f

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla
.NET source code contains potential unpacker
Drops PE files to the user root directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses netsh to modify the Windows network and firewall settings
AV process strings found (often used to terminate AV products)
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • URGENT TENDER#675320 (Covid19 kits).exe (PID: 2332 cmdline: 'C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe' MD5: BD2AEAAB8F491A77F7C7CE59B027CF2C)
    • URGENT TENDER#675320 (Covid19 kits).exe (PID: 2976 cmdline: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe MD5: BD2AEAAB8F491A77F7C7CE59B027CF2C)
      • netsh.exe (PID: 5220 cmdline: 'netsh' wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
        • conhost.exe (PID: 5228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • appdata.exe (PID: 2608 cmdline: 'C:\Users\user\appdata.exe' MD5: BD2AEAAB8F491A77F7C7CE59B027CF2C)
    • appdata.exe (PID: 4296 cmdline: C:\Users\user\appdata.exe MD5: BD2AEAAB8F491A77F7C7CE59B027CF2C)
  • appdata.exe (PID: 4628 cmdline: 'C:\Users\user\appdata.exe' MD5: BD2AEAAB8F491A77F7C7CE59B027CF2C)
    • appdata.exe (PID: 3076 cmdline: C:\Users\user\appdata.exe MD5: BD2AEAAB8F491A77F7C7CE59B027CF2C)
      • netsh.exe (PID: 5524 cmdline: 'netsh' wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
        • conhost.exe (PID: 5532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "UsILn", "URL: ": "http://SrAofBZL3yXOpaN2T.net", "To: ": "", "ByHost: ": "twire.icu:5878", "Password: ": "=0ArGw5r16Mq", "From: ": ""}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.839715792.00000000040B0000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000006.00000002.867342189.0000000002722000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000003.00000002.840711268.0000000004352000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.1191619422.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.785458367.0000000003C50000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 20 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.appdata.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              7.2.appdata.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.URGENT TENDER#675320 (Covid19 kits).exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                  Sigma Overview


                  System Summary:

                  barindex
                  Sigma detected: Capture Wi-Fi passwordShow sources
                  Source: Process startedAuthor: Joe Security: Data: Command: 'netsh' wlan show profile, CommandLine: 'netsh' wlan show profile, CommandLine|base64offset|contains: V, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe, ParentImage: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe, ParentProcessId: 2976, ProcessCommandLine: 'netsh' wlan show profile, ProcessId: 5220

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: appdata.exe.3076.7.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "UsILn", "URL: ": "http://SrAofBZL3yXOpaN2T.net", "To: ": "", "ByHost: ": "twire.icu:5878", "Password: ": "=0ArGw5r16Mq", "From: ": ""}
                  Multi AV Scanner detection for dropped fileShow sources
                  Source: C:\Users\user\appdata.exeVirustotal: Detection: 75%Perma Link
                  Source: C:\Users\user\appdata.exeMetadefender: Detection: 18%Perma Link
                  Source: C:\Users\user\appdata.exeReversingLabs: Detection: 83%
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: URGENT TENDER#675320 (Covid19 kits).exeVirustotal: Detection: 75%Perma Link
                  Source: URGENT TENDER#675320 (Covid19 kits).exeMetadefender: Detection: 18%Perma Link
                  Source: URGENT TENDER#675320 (Covid19 kits).exeReversingLabs: Detection: 83%
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\appdata.exeJoe Sandbox ML: detected
                  Machine Learning detection for sampleShow sources
                  Source: URGENT TENDER#675320 (Covid19 kits).exeJoe Sandbox ML: detected
                  Source: 4.2.appdata.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: 7.2.appdata.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: 2.2.URGENT TENDER#675320 (Covid19 kits).exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 4x nop then inc dword ptr [ebp-14h]0_2_02AC9B60
                  Source: C:\Users\user\appdata.exeCode function: 4x nop then inc dword ptr [ebp-14h]3_2_02F89B60

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.5:49752 -> 198.54.120.244:587
                  Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.5:49755 -> 198.54.120.244:587
                  Source: global trafficTCP traffic: 192.168.2.5:49752 -> 198.54.120.244:587
                  Source: Joe Sandbox ViewASN Name: unknown unknown
                  Source: global trafficTCP traffic: 192.168.2.5:49752 -> 198.54.120.244:587
                  Source: unknownDNS traffic detected: queries for: cdn.onenote.net
                  Source: appdata.exe, 00000007.00000002.1195648014.0000000002C00000.00000004.00000001.sdmpString found in binary or memory: http://SrAofBZL3yXOpaN2T.net
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1195882919.0000000002B0A000.00000004.00000001.sdmp, appdata.exe, 00000007.00000002.1195648014.0000000002C00000.00000004.00000001.sdmpString found in binary or memory: http://twire.icu
                  Source: appdata.exe, appdata.exe, 00000007.00000000.864167255.0000000000622000.00000002.00020000.sdmp, URGENT TENDER#675320 (Covid19 kits).exeString found in binary or memory: https://www.pelock.com/api/aztec-decoder/v1

                  System Summary:

                  barindex
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC60080_2_02AC6008
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC81C80_2_02AC81C8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC6B730_2_02AC6B73
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC88380_2_02AC8838
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC93E00_2_02AC93E0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC7B800_2_02AC7B80
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC81B80_2_02AC81B8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC882B0_2_02AC882B
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02ACD3300_2_02ACD330
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02ACD3400_2_02ACD340
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02ACBAE00_2_02ACBAE0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02ACBAD00_2_02ACBAD0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_02AC5FF90_2_02AC5FF9
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_027320582_2_02732058
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_027309502_2_02730950
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_027371C02_2_027371C0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_027377F82_2_027377F8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02734D412_2_02734D41
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0273403D2_2_0273403D
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_027330862_2_02733086
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0273396D2_2_0273396D
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0273319A2_2_0273319A
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733E452_2_02733E45
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02732EE42_2_02732EE4
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733ED52_2_02733ED5
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733E8D2_2_02733E8D
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733F652_2_02733F65
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733F1D2_2_02733F1D
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733FF52_2_02733FF5
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02732FB52_2_02732FB5
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733FAD2_2_02733FAD
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_027320582_2_02732058
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733CFB2_2_02733CFB
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733D6D2_2_02733D6D
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733D252_2_02733D25
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733DFD2_2_02733DFD
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733DB52_2_02733DB5
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050494102_2_05049410
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0504F7682_2_0504F768
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050407E82_2_050407E8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050482482_2_05048248
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05040C302_2_05040C30
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05048E752_2_05048E75
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050448082_2_05044808
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05043B402_2_05043B40
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0504FAB02_2_0504FAB0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050494002_2_05049400
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050407D82_2_050407D8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050486782_2_05048678
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050486EC2_2_050486EC
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_050482382_2_05048238
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05044C302_2_05044C30
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05048A032_2_05048A03
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05043A502_2_05043A50
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0554E7082_2_0554E708
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_055489062_2_05548906
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0554A1002_2_0554A100
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05547DC02_2_05547DC0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_055481F02_2_055481F0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05547DB02_2_05547DB0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_055460002_2_05546000
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0554A0F12_2_0554A0F1
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05544B172_2_05544B17
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0554F7E82_2_0554F7E8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05541B902_2_05541B90
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05546BB82_2_05546BB8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05546BA92_2_05546BA9
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_055482002_2_05548200
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05544A982_2_05544A98
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05544A8B2_2_05544A8B
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05ED9DB82_2_05ED9DB8
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05ED61602_2_05ED6160
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05EDB2A02_2_05EDB2A0
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05EDA5402_2_05EDA540
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_05EDB9382_2_05EDB938
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F860083_2_02F86008
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F881C83_2_02F881C8
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F86B723_2_02F86B72
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F888383_2_02F88838
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F893E03_2_02F893E0
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F87B803_2_02F87B80
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F881B83_2_02F881B8
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F8882A3_2_02F8882A
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F8D3403_2_02F8D340
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F8D3303_2_02F8D330
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F8BAE03_2_02F8BAE0
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F8BAD03_2_02F8BAD0
                  Source: C:\Users\user\appdata.exeCode function: 3_2_02F85FF93_2_02F85FF9
                  Source: C:\Users\user\appdata.exeCode function: 4_2_027B09504_2_027B0950
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051094104_2_05109410
                  Source: C:\Users\user\appdata.exeCode function: 4_2_0510F7684_2_0510F768
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051007E84_2_051007E8
                  Source: C:\Users\user\appdata.exeCode function: 4_2_0510306F4_2_0510306F
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05100C304_2_05100C30
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05108E754_2_05108E75
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051048084_2_05104808
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05103B404_2_05103B40
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05104A9E4_2_05104A9E
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051094004_2_05109400
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051086784_2_05108678
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051086EC4_2_051086EC
                  Source: C:\Users\user\appdata.exeCode function: 4_2_051082384_2_05108238
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05104C304_2_05104C30
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05108A034_2_05108A03
                  Source: C:\Users\user\appdata.exeCode function: 4_2_05103A504_2_05103A50
                  Source: C:\Users\user\appdata.exeCode function: 4_2_0510FAB04_2_0510FAB0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA20507_2_00EA2050
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA71A87_2_00EA71A8
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA77E07_2_00EA77E0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA09507_2_00EA0950
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA4DE37_2_00EA4DE3
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA307E7_2_00EA307E
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA40357_2_00EA4035
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA31927_2_00EA3192
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA20507_2_00EA2050
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EAF8807_2_00EAF880
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA39657_2_00EA3965
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3CE67_2_00EA3CE6
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3DF57_2_00EA3DF5
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3DAD7_2_00EA3DAD
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3D657_2_00EA3D65
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3D1D7_2_00EA3D1D
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3ECD7_2_00EA3ECD
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA2EDC7_2_00EA2EDC
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3E857_2_00EA3E85
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3E3D7_2_00EA3E3D
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3FED7_2_00EA3FED
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA2FAD7_2_00EA2FAD
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3FA57_2_00EA3FA5
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3F5D7_2_00EA3F5D
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA3F157_2_00EA3F15
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052994107_2_05299410
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0529F7687_2_0529F768
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052907E87_2_052907E8
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05290C307_2_05290C30
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052948087_2_05294808
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05293B407_2_05293B40
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0529FAB07_2_0529FAB0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052994007_2_05299400
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052907D87_2_052907D8
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052986787_2_05298678
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052986EC7_2_052986EC
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0529D1707_2_0529D170
                  Source: C:\Users\user\appdata.exeCode function: 7_2_052982387_2_05298238
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05290C217_2_05290C21
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05294C307_2_05294C30
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05298E757_2_05298E75
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05293B327_2_05293B32
                  Source: C:\Users\user\appdata.exeCode function: 7_2_05298A037_2_05298A03
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060686687_2_06068668
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060677B07_2_060677B0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06063C187_2_06063C18
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060604C07_2_060604C0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606A5607_2_0606A560
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606C5F07_2_0606C5F0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060682287_2_06068228
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06064A987_2_06064A98
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606EB687_2_0606EB68
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060693907_2_06069390
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060609087_2_06060908
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060621C87_2_060621C8
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060686587_2_06068658
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060697357_2_06069735
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606C7767_2_0606C776
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060657C67_2_060657C6
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060657F37_2_060657F3
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06066C8C7_2_06066C8C
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606A5457_2_0606A545
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606A54F7_2_0606A54F
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06068D6E7_2_06068D6E
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060682187_2_06068218
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06064A8B7_2_06064A8B
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06064B177_2_06064B17
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606EB667_2_0606EB66
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060693807_2_06069380
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06061B907_2_06061B90
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060660007_2_06066000
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060670107_2_06067010
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060670207_2_06067020
                  Source: C:\Users\user\appdata.exeCode function: 7_2_060608F97_2_060608F9
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062B9E707_2_062B9E70
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062BCFA07_2_062BCFA0
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062BA8807_2_062BA880
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062BBD687_2_062BBD68
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062BB0087_2_062BB008
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062BC4007_2_062BC400
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062B00067_2_062B0006
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062B00407_2_062B0040
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\appdata.exe 5B37CC85FD190A6B4726EA57F2588B5A74ACC2C51E2917363C226B73AC79118F
                  Source: URGENT TENDER#675320 (Covid19 kits).exeBinary or memory string: OriginalFilename vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.784090655.0000000002CE5000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLOL.dllH vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.784090655.0000000002CE5000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUnhook.dll. vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.783802814.0000000002C50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameZImBOZX.dll< vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.785417616.0000000002FAF000.00000004.00000001.sdmpBinary or memory string: OriginalFilename26.dll4 vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.785417616.0000000002FAF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRcamjXoBSptTgrUZcBnJIX.exe4 vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.785458367.0000000003C50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMYDLLSTUBSHARED.dll4 vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000000.770228488.0000000000952000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameklash.exe, vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exeBinary or memory string: OriginalFilename vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1197740770.0000000004E40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1191761360.000000000044C000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameRcamjXoBSptTgrUZcBnJIX.exe4 vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1199110036.0000000005D10000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1191879138.0000000000512000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameklash.exe, vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1192157260.0000000000938000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1199412813.0000000005D90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, 00000002.00000002.1199446314.0000000005DA0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exeBinary or memory string: OriginalFilenameklash.exe, vs URGENT TENDER#675320 (Covid19 kits).exe
                  Source: URGENT TENDER#675320 (Covid19 kits).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: appdata.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, EaIk.csCryptographic APIs: 'CreateDecryptor'
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: appdata.exe.0.dr, EaIk.csCryptographic APIs: 'CreateDecryptor'
                  Source: appdata.exe.0.dr, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: appdata.exe.0.dr, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, EaIk.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.0.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, EaIk.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.0.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.0.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, EaIk.csCryptographic APIs: 'TransformFinalBlock'
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/4@3/1
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile created: C:\Users\user\appdata.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5532:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5228:120:WilError_01
                  Source: URGENT TENDER#675320 (Covid19 kits).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\appdata.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\appdata.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\appdata.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\appdata.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e7364da399b604ae01baff696551080\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\appdata.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\appdata.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\appdata.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\appdata.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\appdata.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: URGENT TENDER#675320 (Covid19 kits).exeVirustotal: Detection: 75%
                  Source: URGENT TENDER#675320 (Covid19 kits).exeMetadefender: Detection: 18%
                  Source: URGENT TENDER#675320 (Covid19 kits).exeReversingLabs: Detection: 83%
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile read: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe 'C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe'
                  Source: unknownProcess created: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe
                  Source: unknownProcess created: C:\Users\user\appdata.exe 'C:\Users\user\appdata.exe'
                  Source: unknownProcess created: C:\Users\user\appdata.exe C:\Users\user\appdata.exe
                  Source: unknownProcess created: C:\Users\user\appdata.exe 'C:\Users\user\appdata.exe'
                  Source: unknownProcess created: C:\Users\user\appdata.exe C:\Users\user\appdata.exe
                  Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                  Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
                  Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess created: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exe C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profileJump to behavior
                  Source: C:\Users\user\appdata.exeProcess created: C:\Users\user\appdata.exe C:\Users\user\appdata.exeJump to behavior
                  Source: C:\Users\user\appdata.exeProcess created: C:\Users\user\appdata.exe C:\Users\user\appdata.exeJump to behavior
                  Source: C:\Users\user\appdata.exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profileJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: URGENT TENDER#675320 (Covid19 kits).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: URGENT TENDER#675320 (Covid19 kits).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: Binary string: Unhook.pdb source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.784090655.0000000002CE5000.00000004.00000001.sdmp, appdata.exe, 00000003.00000002.838500094.0000000003144000.00000004.00000001.sdmp, appdata.exe, 00000006.00000002.867744024.00000000027A4000.00000004.00000001.sdmp
                  Source: Binary string: 26.pdb source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.785417616.0000000002FAF000.00000004.00000001.sdmp, appdata.exe, 00000003.00000002.839665838.000000000340C000.00000004.00000001.sdmp, appdata.exe, 00000006.00000002.869294525.0000000002A80000.00000004.00000001.sdmp
                  Source: Binary string: LOL.pdb source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.784090655.0000000002CE5000.00000004.00000001.sdmp, appdata.exe, 00000003.00000002.838310947.00000000030C2000.00000004.00000001.sdmp, appdata.exe, 00000006.00000002.867744024.00000000027A4000.00000004.00000001.sdmp
                  Source: Binary string: C:\Users\Raz\Documents\Visual Studio 2015\Projects\STUB214\ClassLibrary1\obj\Debug\ZImBOZX.pdbP-j- \-_CorDllMainmscoree.dll source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.783802814.0000000002C50000.00000004.00000001.sdmp, appdata.exe, 00000003.00000002.838284860.00000000030B0000.00000004.00000001.sdmp, appdata.exe, 00000006.00000002.867290000.0000000002710000.00000004.00000001.sdmp
                  Source: Binary string: 26.pdbx source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.785417616.0000000002FAF000.00000004.00000001.sdmp, appdata.exe, 00000003.00000002.839665838.000000000340C000.00000004.00000001.sdmp, appdata.exe, 00000006.00000002.869294525.0000000002A80000.00000004.00000001.sdmp
                  Source: Binary string: C:\Users\Raz\Documents\Visual Studio 2015\Projects\STUB214\ClassLibrary1\obj\Debug\ZImBOZX.pdb source: URGENT TENDER#675320 (Covid19 kits).exe, 00000000.00000002.783802814.0000000002C50000.00000004.00000001.sdmp, appdata.exe, 00000003.00000002.838284860.00000000030B0000.00000004.00000001.sdmp, appdata.exe, 00000006.00000002.867290000.0000000002710000.00000004.00000001.sdmp

                  Data Obfuscation:

                  barindex
                  .NET source code contains potential unpackerShow sources
                  Source: URGENT TENDER#675320 (Covid19 kits).exe, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: appdata.exe.0.dr, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.2.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.0.URGENT TENDER#675320 (Covid19 kits).exe.950000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 2.2.URGENT TENDER#675320 (Covid19 kits).exe.510000.1.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 2.0.URGENT TENDER#675320 (Covid19 kits).exe.510000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 3.2.appdata.exe.da0000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 3.0.appdata.exe.da0000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 4.0.appdata.exe.5d0000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 4.2.appdata.exe.5d0000.1.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 6.0.appdata.exe.3d0000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 6.2.appdata.exe.3d0000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 7.0.appdata.exe.620000.0.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 7.2.appdata.exe.620000.1.unpack, ciBE.cs.Net Code: NZBd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_00957515 push esi; ret 0_2_00957525
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 0_2_00956069 push 7D07029Dh; retf 0000h0_2_0095606E
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_00517515 push esi; ret 2_2_00517525
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_00516069 push 7D07029Dh; retf 0000h2_2_0051606E
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0273CADB pushad ; retf 2_2_0273CADE
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_02733C8E pushfd ; iretd 2_2_02733C91
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0273D597 push edi; retn 0000h2_2_0273D599
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0504C8FB push E801005Eh; retf 2_2_0504C901
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_0554294B push 8BAC4589h; retf 2_2_05542978
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeCode function: 2_2_055405C8 push eax; retf 2_2_055405D6
                  Source: C:\Users\user\appdata.exeCode function: 3_2_00DA7515 push esi; ret 3_2_00DA7525
                  Source: C:\Users\user\appdata.exeCode function: 3_2_00DA6069 push 7D07029Dh; retf 0000h3_2_00DA606E
                  Source: C:\Users\user\appdata.exeCode function: 4_2_005D7515 push esi; ret 4_2_005D7525
                  Source: C:\Users\user\appdata.exeCode function: 4_2_005D6069 push 7D07029Dh; retf 0000h4_2_005D606E
                  Source: C:\Users\user\appdata.exeCode function: 4_2_027B0402 push FFFFFFB8h; ret 4_2_027B0419
                  Source: C:\Users\user\appdata.exeCode function: 6_2_003D6069 push 7D07029Dh; retf 0000h6_2_003D606E
                  Source: C:\Users\user\appdata.exeCode function: 6_2_003D7515 push esi; ret 6_2_003D7525
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00626069 push 7D07029Dh; retf 0000h7_2_0062606E
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00627515 push esi; ret 7_2_00627525
                  Source: C:\Users\user\appdata.exeCode function: 7_2_00EA4DBD push ebx; retf 001Dh7_2_00EA4DBE
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0529C902 push E801005Eh; ret 7_2_0529C909
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606DF51 push es; iretd 7_2_0606DF5C
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606DF6E push es; iretd 7_2_0606DF5C
                  Source: C:\Users\user\appdata.exeCode function: 7_2_0606AFB3 pushfd ; ret 7_2_0606AFB9
                  Source: C:\Users\user\appdata.exeCode function: 7_2_06061B28 push es; ret 7_2_06061B5C
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062B4ECD push es; iretd 7_2_062B4F08
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062B575A push E904FA8Ah; retf 0005h7_2_062B575F
                  Source: C:\Users\user\appdata.exeCode function: 7_2_062B53C2 push 8BFFFFFFh; retf 7_2_062B53C8
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.80940184151
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.80940184151

                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile created: C:\Users\user\appdata.exeJump to dropped file
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile created: C:\Users\user\appdata.exeJump to dropped file

                  Boot Survival:

                  barindex
                  Drops PE files to the user root directoryShow sources
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeFile created: C:\Users\user\appdata.exeJump to dropped file
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run appdataJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run appdataJump to behavior

                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\URGENT TENDER#675320 (Covid19 kits).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\appdata.exeProcess information set: NOOPENFILEERRORBOX