Loading ...

Play interactive tourEdit tour

Analysis Report OqAo0yWyQf.exe

Overview

General Information

Sample Name:OqAo0yWyQf.exe
Analysis ID:286547
MD5:259bc090bc0869af4808e185c8c3996b
SHA1:7586037d6edeb953d7be020c0d96b04db964fb5a
SHA256:2d49a640dbde3258ef60f5e04b847b1cf9d446703f79e07e6c8fa2ca7a87548d
Tags:AgentTeslaexe

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Contains functionality to detect sleep reduction / modifications
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • OqAo0yWyQf.exe (PID: 6356 cmdline: 'C:\Users\user\Desktop\OqAo0yWyQf.exe' MD5: 259BC090BC0869AF4808E185C8C3996B)
    • OqAo0yWyQf.exe (PID: 6384 cmdline: 'C:\Users\user\Desktop\OqAo0yWyQf.exe' MD5: 259BC090BC0869AF4808E185C8C3996B)
  • arinze.exe (PID: 6540 cmdline: 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe' MD5: 259BC090BC0869AF4808E185C8C3996B)
    • arinze.exe (PID: 6800 cmdline: 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe' MD5: 259BC090BC0869AF4808E185C8C3996B)
  • arinze.exe (PID: 6980 cmdline: 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe' MD5: 259BC090BC0869AF4808E185C8C3996B)
    • arinze.exe (PID: 7008 cmdline: 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe' MD5: 259BC090BC0869AF4808E185C8C3996B)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "gdPLX0", "URL: ": "https://WeTJy30m3KNAA6.org", "To: ": "arinze@asustech.ml", "ByHost: ": "bh-58.webhostbox.net:587", "Password: ": "nR52M5As", "From: ": "arinzelog@asustech.ml"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000001.189890752.0000000000498000.00000040.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000004.00000001.226733354.0000000000498000.00000040.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.244925591.00000000029E5000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.252187048.0000000002D11000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.248858398.0000000002242000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.OqAo0yWyQf.exe.41b0000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              4.2.arinze.exe.9a0000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.arinze.exe.4340000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  4.2.arinze.exe.2240000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    4.2.arinze.exe.9a0000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: arinze.exe.6800.4.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "gdPLX0", "URL: ": "https://WeTJy30m3KNAA6.org", "To: ": "arinze@asustech.ml", "ByHost: ": "bh-58.webhostbox.net:587", "Password: ": "nR52M5As", "From: ": "arinzelog@asustech.ml"}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeVirustotal: Detection: 29%Perma Link
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeMetadefender: Detection: 15%Perma Link
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeReversingLabs: Detection: 31%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: OqAo0yWyQf.exeVirustotal: Detection: 29%Perma Link
                      Source: OqAo0yWyQf.exeMetadefender: Detection: 15%Perma Link
                      Source: OqAo0yWyQf.exeReversingLabs: Detection: 31%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeJoe Sandbox ML: detected
                      Machine Learning detection for sampleShow sources
                      Source: OqAo0yWyQf.exeJoe Sandbox ML: detected
                      Source: 2.2.arinze.exe.42f0000.2.unpackAvira: Label: TR/Patched.Ren.Gen
                      Source: 0.2.OqAo0yWyQf.exe.41b0000.2.unpackAvira: Label: TR/Patched.Ren.Gen
                      Source: 4.2.arinze.exe.2240000.3.unpackAvira: Label: TR/Spy.Gen8
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00405C14 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00405C14
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_00405C14 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,2_2_00405C14
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_00405C14 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,5_2_00405C14
                      Source: global trafficTCP traffic: 192.168.2.5:49712 -> 199.79.63.24:587
                      Source: Joe Sandbox ViewIP Address: 199.79.63.24 199.79.63.24
                      Source: global trafficTCP traffic: 192.168.2.5:49712 -> 199.79.63.24:587
                      Source: unknownDNS traffic detected: queries for: bh-58.webhostbox.net
                      Source: arinze.exe, arinze.exe, 00000004.00000001.226733354.0000000000498000.00000040.00020000.sdmp, arinze.exe, 00000005.00000002.244925591.00000000029E5000.00000040.00000001.sdmpString found in binary or memory: http://127.0.0.1:
                      Source: arinze.exe, 00000004.00000002.251751644.0000000002B72000.00000004.00000001.sdmpString found in binary or memory: https://WeTJy30m3KNAA6.org
                      Source: arinze.exe, arinze.exe, 00000004.00000001.226733354.0000000000498000.00000040.00020000.sdmp, arinze.exe, 00000005.00000002.244925591.00000000029E5000.00000040.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
                      Source: OqAo0yWyQf.exe, arinze.exeString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/
                      Source: arinze.exe, arinze.exe, 00000005.00000002.244925591.00000000029E5000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: OqAo0yWyQf.exe, 00000000.00000002.193540687.0000000004275000.00000040.00000001.sdmp, OqAo0yWyQf.exe, 00000001.00000001.189890752.0000000000498000.00000040.00020000.sdmp, arinze.exe, 00000002.00000002.231782824.00000000043B5000.00000040.00000001.sdmp, arinze.exe, 00000004.00000001.226733354.0000000000498000.00000040.00020000.sdmp, arinze.exe, 00000005.00000002.244925591.00000000029E5000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/U
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_004225E4 GetObjectA,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,5_2_004225E4
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00430A94 GetKeyboardState,0_2_00430A94
                      Source: arinze.exe, 00000002.00000002.227083255.00000000007CA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeWindow created: window name: CLIPBRDWNDCLASS
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044E1DC NtdllDefWindowProc_A,0_2_0044E1DC
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00433944 NtdllDefWindowProc_A,GetCapture,0_2_00433944
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044E958 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0044E958
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044EA08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_0044EA08
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00442DCC GetSubMenu,SaveDC,RestoreDC,7344B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,0_2_00442DCC
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0042906C NtdllDefWindowProc_A,0_2_0042906C
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044E1DC NtdllDefWindowProc_A,2_2_0044E1DC
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_00433944 NtdllDefWindowProc_A,GetCapture,2_2_00433944
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044E958 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,2_2_0044E958
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044EA08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,2_2_0044EA08
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_00442DCC GetSubMenu,SaveDC,RestoreDC,7344B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,2_2_00442DCC
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0042906C NtdllDefWindowProc_A,2_2_0042906C
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_0046E159 NtCreateSection,4_2_0046E159
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_022EB362 NtQuerySystemInformation,4_2_022EB362
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_022EB331 NtQuerySystemInformation,4_2_022EB331
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044E1DC NtdllDefWindowProc_A,5_2_0044E1DC
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_00433944 NtdllDefWindowProc_A,GetCapture,5_2_00433944
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044E958 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,5_2_0044E958
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044EA08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,5_2_0044EA08
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_00442DCC GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A,5_2_00442DCC
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0042906C NtdllDefWindowProc_A,5_2_0042906C
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004488B00_2_004488B0
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00442DCC0_2_00442DCC
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040BF040_2_0040BF04
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_004488B02_2_004488B0
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_00442DCC2_2_00442DCC
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0040BF042_2_0040BF04
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_004679764_2_00467976
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_0046D13D4_2_0046D13D
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_004488B05_2_004488B0
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_00442DCC5_2_00442DCC
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0040BF045_2_0040BF04
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: String function: 00403A80 appears 33 times
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: String function: 00406A4C appears 57 times
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: String function: 004044A4 appears 78 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 0040680C appears 32 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 0040C5A8 appears 36 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 004036CC appears 47 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 00403A80 appears 66 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 004044C8 appears 34 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 00406A4C appears 114 times
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: String function: 004044A4 appears 156 times
                      Source: OqAo0yWyQf.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: OqAo0yWyQf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: arinze.exe.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: arinze.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: OqAo0yWyQf.exe, 00000000.00000002.191237476.0000000002250000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs OqAo0yWyQf.exe
                      Source: OqAo0yWyQf.exe, 00000000.00000002.193456288.0000000004262000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameBrGRwzpXHhzxRyrMPprjnKHYNU.exe4 vs OqAo0yWyQf.exe
                      Source: OqAo0yWyQf.exeBinary or memory string: OriginalFilename vs OqAo0yWyQf.exe
                      Source: OqAo0yWyQf.exe, 00000001.00000001.189890752.0000000000498000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameBrGRwzpXHhzxRyrMPprjnKHYNU.exe4 vs OqAo0yWyQf.exe
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@3/2
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00420B00 GetLastError,FormatMessageA,0_2_00420B00
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_022EB1E6 AdjustTokenPrivileges,4_2_022EB1E6
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 4_2_022EB1AF AdjustTokenPrivileges,4_2_022EB1AF
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00408B94 GetDiskFreeSpaceA,0_2_00408B94
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00413F78 FindResourceA,0_2_00413F78
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile created: C:\Users\user\AppData\Local\Temp\arinzeJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: OqAo0yWyQf.exeVirustotal: Detection: 29%
                      Source: OqAo0yWyQf.exeMetadefender: Detection: 15%
                      Source: OqAo0yWyQf.exeReversingLabs: Detection: 31%
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile read: C:\Users\user\Desktop\OqAo0yWyQf.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\OqAo0yWyQf.exe 'C:\Users\user\Desktop\OqAo0yWyQf.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\OqAo0yWyQf.exe 'C:\Users\user\Desktop\OqAo0yWyQf.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe'
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess created: C:\Users\user\Desktop\OqAo0yWyQf.exe 'C:\Users\user\Desktop\OqAo0yWyQf.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe 'C:\Users\user\AppData\Local\Temp\arinze\arinze.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior

                      Data Obfuscation:

                      barindex
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeUnpacked PE file: 4.2.arinze.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Detected unpacking (creates a PE file in dynamic memory)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeUnpacked PE file: 4.2.arinze.exe.2240000.3.unpack
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeUnpacked PE file: 4.2.arinze.exe.400000.0.unpack
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00452708 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00452708
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0043ACEC push 0043AD79h; ret 0_2_0043AD71
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00452168 push 004521D4h; ret 0_2_004521CC
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040C126 pushfd ; iretd 0_2_0040C1C1
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040C1D4 push 0040C350h; ret 0_2_0040C348
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040C352 push 0040C3C3h; ret 0_2_0040C3BB
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040C354 push 0040C3C3h; ret 0_2_0040C3BB
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00450328 push 00450382h; ret 0_2_0045037A
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00452338 push 00452364h; ret 0_2_0045235C
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00410468 push 004104C9h; ret 0_2_004104C1
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040C432 push 0040C460h; ret 0_2_0040C458
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040C434 push 0040C460h; ret 0_2_0040C458
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004104CC push 004106CDh; ret 0_2_004106C5
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00458640 push 0045866Ch; ret 0_2_00458664
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00452668 push 00452694h; ret 0_2_0045268C
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0042A6C0 push 0042A72Ah; ret 0_2_0042A722
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004066CA push 0040671Dh; ret 0_2_00406715
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004066CC push 0040671Dh; ret 0_2_00406715
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004106D0 push 0041080Ch; ret 0_2_00410804
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004086FC push ecx; mov dword ptr [esp], ecx0_2_00408701
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004626A8 push 004626E0h; ret 0_2_004626D8
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0045075C push 00450788h; ret 0_2_00450780
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0045470C push 00454738h; ret 0_2_00454730
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0042A72C push 0042A796h; ret 0_2_0042A78E
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004107E0 push 0041080Ch; ret 0_2_00410804
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004507AC push 004507EFh; ret 0_2_004507E7
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00430834 push ecx; mov dword ptr [esp], ecx0_2_00430838
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0040689C push 004068C8h; ret 0_2_004068C0
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00406914 push 00406940h; ret 0_2_00406938
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0045C930 push 0045C97Ch; ret 0_2_0045C974
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00454B08 push 00454B4Bh; ret 0_2_00454B43
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00462BC0 push 00462BECh; ret 0_2_00462BE4
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile created: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeJump to dropped file
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run arinzeJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run arinzeJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeFile opened: C:\Users\user\AppData\Local\Temp\arinze\arinze.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044E264 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,0_2_0044E264
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004361A4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,0_2_004361A4
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044E958 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0044E958
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044EA08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_0044EA08
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00435018 IsIconic,GetCapture,0_2_00435018
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_0044B358 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,0_2_0044B358
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004257A4 IsIconic,GetWindowPlacement,GetWindowRect,0_2_004257A4
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_004358C0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,0_2_004358C0
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044E264 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0044E264
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_004361A4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_004361A4
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044E958 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,2_2_0044E958
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044EA08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,2_2_0044EA08
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_00435018 IsIconic,GetCapture,2_2_00435018
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_0044B358 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_0044B358
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_004257A4 IsIconic,GetWindowPlacement,GetWindowRect,2_2_004257A4
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 2_2_004358C0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_004358C0
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044E264 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,5_2_0044E264
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_004361A4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,5_2_004361A4
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044E958 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,5_2_0044E958
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044EA08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,5_2_0044EA08
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_00435018 IsIconic,GetCapture,5_2_00435018
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_0044B358 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,5_2_0044B358
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_004257A4 IsIconic,GetWindowPlacement,GetWindowRect,5_2_004257A4
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeCode function: 5_2_004358C0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,5_2_004358C0
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeCode function: 0_2_00452708 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00452708
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\OqAo0yWyQf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\arinze\arinze.exeProcess information set: NOOPENFILEERRORBOX