Loading ...

Play interactive tourEdit tour

Analysis Report RFQ_CONTACTOR-LG. SSMAC21642.exe

Overview

General Information

Sample Name:RFQ_CONTACTOR-LG. SSMAC21642.exe
Analysis ID:278352
MD5:6c2dd31fafeb289082e26903f97dfb99
SHA1:6ac970e04b3ca52056b3fbab45e211f136386a9b
SHA256:337c48bb28381345b02514cec70019ee58f9489bd8cff53bb911b7d34f56e4b3

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Agent Tesla Trojan
Yara detected AgentTesla
Yara detected GuLoader
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to detect sleep reduction / modifications
Hides threads from debuggers
Machine Learning detection for sample
Maps a DLL or memory area into another process
May check the online IP address of the machine
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected VB6 Downloader Generic
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "", "URL: ": "", "To: ": "finance@enmark.com.my", "ByHost: ": "mail.enmark.com.my:587", "Password: ": " 9zVMSGx", "From: ": "finance@enmark.com.my"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.293409156.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    00000010.00000002.463482125.0000000000459000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000010.00000002.465373327.0000000000960000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.298625439.000000001F7C9000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.298568324.000000001F772000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.960000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              3.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.1f770000.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.960000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.2200000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.2160000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus / Scanner detection for submitted sampleShow sources
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeAvira: detected
                      Found malware configurationShow sources
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe.6940.16.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "", "URL: ": "", "To: ": "finance@enmark.com.my", "ByHost: ": "mail.enmark.com.my:587", "Password: ": " 9zVMSGx", "From: ": "finance@enmark.com.my"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeVirustotal: Detection: 47%Perma Link
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeReversingLabs: Detection: 29%
                      Machine Learning detection for sampleShow sources
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeJoe Sandbox ML: detected
                      Source: 16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.2160000.2.unpackAvira: Label: TR/Spy.Agent.lkofd
                      Source: 16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.2200000.3.unpackAvira: Label: TR/Spy.Agent.lkofd
                      Source: 16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.400000.0.unpackAvira: Label: TR/Spy.Agent.lkofd
                      Source: 3.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.1f770000.4.unpackAvira: Label: TR/Spy.Agent.lkofd
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004087DC FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_004087DC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004088DC FindFirstFileA,GetLastError,0_2_004088DC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00405394 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00405394
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then push 00000000h0_2_004721DC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then push 00000000h0_2_004721DC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov esi, dword ptr [ebp-10h]0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov dl, byte ptr [eax]0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov ebx, dword ptr [ebp+ecx*4-0000041Ch]0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then and edx, 000000FFh0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov edx, dword ptr [ebp+esi*4-0000041Ch]0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then inc eax0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov esi, dword ptr [ebp-00000424h]0_2_00471E18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov edi, dword ptr [ebp+20h]1_2_01FD08EF
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov ecx, dword ptr [edi+00000808h]1_2_01FD08EF
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov ecx, dword ptr [edi+00000808h]1_2_01FD0BC1
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov ecx, dword ptr [edi+00000808h]3_2_00560BC1
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov edi, dword ptr [ebp+20h]3_2_005608EF
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 4x nop then mov ecx, dword ptr [edi+00000808h]3_2_005608EF

                      Networking:

                      barindex
                      May check the online IP address of the machineShow sources
                      Source: unknownDNS query: name: checkip.amazonaws.com
                      Source: unknownDNS query: name: checkip.amazonaws.com
                      Source: global trafficTCP traffic: 192.168.2.5:49732 -> 110.4.45.145:587
                      Source: Joe Sandbox ViewIP Address: 216.58.205.225 216.58.205.225
                      Source: Joe Sandbox ViewASN Name: EXABYTES-AS-APExaBytesNetworkSdnBhdMY EXABYTES-AS-APExaBytesNetworkSdnBhdMY
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: global trafficTCP traffic: 192.168.2.5:49732 -> 110.4.45.145:587
                      Source: unknownDNS traffic detected: queries for: doc-0c-3k-docs.googleusercontent.com
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471133230.00000000029E6000.00000004.00000001.sdmpString found in binary or memory: http://checkip.amazonaws.com
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.470386083.00000000028A0000.00000004.00000001.sdmpString found in binary or memory: http://checkip.amazonaws.com/
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471133230.00000000029E6000.00000004.00000001.sdmpString found in binary or memory: http://checkip.amazonaws.comx&lqL
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471184246.0000000002A06000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.464930364.0000000000812000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471184246.0000000002A06000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471184246.0000000002A06000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294061210.0000000000985000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294180812.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294180812.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.464930364.0000000000812000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.co
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471184246.0000000002A06000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294180812.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294180812.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294180812.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.470386083.00000000028A0000.00000004.00000001.sdmp, RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471051759.00000000029C0000.00000004.00000001.sdmp, RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471088361.00000000029D8000.00000004.00000001.sdmpString found in binary or memory: https://X2inUrSZGpvbunaG9E9a.org
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.470386083.00000000028A0000.00000004.00000001.sdmpString found in binary or memory: https://X2inUrSZGpvbunaG9E9a.org8
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.463865123.0000000000585000.00000004.00000020.sdmpString found in binary or memory: https://X2inUrSZGpvbunaG9E9a.orgrocServer32B2A6676
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293966548.000000000096A000.00000004.00000020.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293812566.0000000000957000.00000004.00000020.sdmpString found in binary or memory: https://doc-0c-3k-docs.googleusercontent.com/
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293966548.000000000096A000.00000004.00000020.sdmp, RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294061210.0000000000985000.00000004.00000020.sdmpString found in binary or memory: https://doc-0c-3k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/km1vc7d6
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294061210.0000000000985000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.c
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293718323.0000000000928000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293718323.0000000000928000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/#
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294061210.0000000000985000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293409156.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1H5J20cDnop7M6bMvKPeXGm49G-GMKovF
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293718323.0000000000928000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1H5J20cDnop7M6bMvKPeXGm49G-GMKovFKt
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.293718323.0000000000928000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1H5J20cDnop7M6bMvKPeXGm49G-GMKovFat
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.294180812.00000000009B3000.00000004.00000001.sdmpString found in binary or memory: https://pki.goog/repository/0
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.471184246.0000000002A06000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0042533C GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader,0_2_0042533C
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00446450 GetKeyboardState,0_2_00446450

                      System Summary:

                      barindex
                      Malicious sample detected (through community Yara rule)Show sources
                      Source: 00000010.00000002.470386083.00000000028A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
                      Source: Process Memory Space: RFQ_CONTACTOR-LG. SSMAC21642.exe PID: 6940, type: MEMORYMatched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
                      Yara detected Agent Tesla TrojanShow sources
                      Source: Yara matchFile source: 00000010.00000002.470386083.00000000028A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ_CONTACTOR-LG. SSMAC21642.exe PID: 6940, type: MEMORY
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004643B0 NtdllDefWindowProc_A,0_2_004643B0
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004493CC NtdllDefWindowProc_A,GetCapture,0_2_004493CC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0042E528 NtdllDefWindowProc_A,0_2_0042E528
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00464B58 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_00464B58
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00464C08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_00464C08
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004596D4 GetSubMenu,SaveDC,RestoreDC,7344B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,0_2_004596D4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD2D90 NtResumeThread,1_2_01FD2D90
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD0F8C NtWriteVirtualMemory,1_2_01FD0F8C
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD2A10 NtProtectVirtualMemory,1_2_01FD2A10
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD2DCC NtResumeThread,1_2_01FD2DCC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD2D96 NtResumeThread,1_2_01FD2D96
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD1167 NtWriteVirtualMemory,1_2_01FD1167
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD0F5E NtWriteVirtualMemory,1_2_01FD0F5E
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00561471 NtProtectVirtualMemory,3_2_00561471
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00560D7C CreateThread,TerminateThread,NtProtectVirtualMemory,3_2_00560D7C
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00562A10 NtProtectVirtualMemory,3_2_00562A10
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00560DCE LdrInitializeThunk,RtlAddVectoredExceptionHandler,LdrInitializeThunk,NtProtectVirtualMemory,NtProtectVirtualMemory,3_2_00560DCE
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_005613FD Sleep,LdrInitializeThunk,NtProtectVirtualMemory,3_2_005613FD
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00562D90 NtSetInformationThread,3_2_00562D90
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_0056146B NtProtectVirtualMemory,3_2_0056146B
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_0056032B NtProtectVirtualMemory,3_2_0056032B
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00562DCC NtSetInformationThread,3_2_00562DCC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 3_2_00562D96 NtSetInformationThread,3_2_00562D96
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_00452159 NtCreateSection,16_2_00452159
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_05230476 NtQuerySystemInformation,16_2_05230476
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_05230445 NtQuerySystemInformation,16_2_05230445
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0045E8A80_2_0045E8A8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004596D40_2_004596D4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0040D9A80_2_0040D9A8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_004015DC1_2_004015DC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401E1B1_2_00401E1B
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401E601_2_00401E60
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401ECA1_2_00401ECA
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401ED11_2_00401ED1
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401ED41_2_00401ED4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401EDC1_2_00401EDC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401EE81_2_00401EE8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401EF01_2_00401EF0
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401EF91_2_00401EF9
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401EA61_2_00401EA6
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401F051_2_00401F05
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401F081_2_00401F08
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401F101_2_00401F10
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_00401F181_2_00401F18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_2_01FD15341_2_01FD1534
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_004015DC1_1_004015DC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401E1B1_1_00401E1B
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401E601_1_00401E60
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401ECA1_1_00401ECA
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401ED11_1_00401ED1
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401ED41_1_00401ED4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401EDC1_1_00401EDC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401EE81_1_00401EE8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401EF01_1_00401EF0
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401EF91_1_00401EF9
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401EA61_1_00401EA6
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401F051_1_00401F05
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401F081_1_00401F08
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401F101_1_00401F10
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 1_1_00401F181_1_00401F18
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_0044B97616_2_0044B976
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_0045113D16_2_0045113D
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBD33E16_2_04BBD33E
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBCA1F16_2_04BBCA1F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBF93816_2_04BBF938
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBE92B16_2_04BBE92B
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBF92816_2_04BBF928
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBE89716_2_04BBE897
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBE20F16_2_04BBE20F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBCF0216_2_04BBCF02
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_04BBF45916_2_04BBF459
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F205816_2_055F2058
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F261016_2_055F2610
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F10C816_2_055F10C8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F07F016_2_055F07F0
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F335C16_2_055F335C
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F2B4F16_2_055F2B4F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F260016_2_055F2600
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F152F16_2_055F152F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F142E16_2_055F142E
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F222416_2_055F2224
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F122016_2_055F1220
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F14FD16_2_055F14FD
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F13F816_2_055F13F8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F30F316_2_055F30F3
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F14E716_2_055F14E7
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F318A16_2_055F318A
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F118516_2_055F1185
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F078016_2_055F0780
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F10BE16_2_055F10BE
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F2CBE16_2_055F2CBE
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F13AF16_2_055F13AF
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_055F11A616_2_055F11A6
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: String function: 00404038 appears 74 times
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: String function: 004063D0 appears 61 times
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000000.00000002.200753905.0000000004210000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameThermolum.exe vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeBinary or memory string: OriginalFilename vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000001.00000002.237065598.00000000029A0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameThermolum.exeFE2XRibbon Turbino$ vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000001.00000001.199149558.0000000000400000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameThermolum.exe vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000001.00000002.236024597.0000000001FC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.298273888.000000001EE80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.298625439.000000001F7C9000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameIELibrary.dll4 vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.298625439.000000001F7C9000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameYLUNSZCIEWYCHRDUHOLIFUNMQVZGKYTSCPZZKDHF_20190607180258786.exe4 vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.298491117.000000001F490000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000003.00000002.298303427.000000001EFD0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeBinary or memory string: OriginalFilename vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.464154397.0000000000781000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.473064368.0000000005590000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameIELibrary.dll4 vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.463482125.0000000000459000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameYLUNSZCIEWYCHRDUHOLIFUNMQVZGKYTSCPZZKDHF_20190607180258786.exe4 vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.472109146.0000000004E40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.473201749.0000000005610000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.472169212.0000000004E50000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.473171026.0000000005600000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exe, 00000010.00000002.473688651.0000000006110000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs RFQ_CONTACTOR-LG. SSMAC21642.exe
                      Source: 00000010.00000002.470386083.00000000028A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a, version = stealer
                      Source: Process Memory Space: RFQ_CONTACTOR-LG. SSMAC21642.exe PID: 6940, type: MEMORYMatched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a, version = stealer
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/0@3/3
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00421EE4 GetLastError,FormatMessageA,0_2_00421EE4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_052302FA AdjustTokenPrivileges,16_2_052302FA
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 16_2_052302C3 AdjustTokenPrivileges,16_2_052302C3
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00408B6E GetDiskFreeSpaceA,0_2_00408B6E
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0041760C FindResourceA,0_2_0041760C
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile created: C:\Users\user\AppData\Local\Temp\~DFA1453F39A61CD932.TMPJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeVirustotal: Detection: 47%
                      Source: RFQ_CONTACTOR-LG. SSMAC21642.exeReversingLabs: Detection: 29%
                      Source: unknownProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe'
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess created: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe 'C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: RFQ_CONTACTOR-LG. SSMAC21642.exe

                      Data Obfuscation:

                      barindex
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeUnpacked PE file: 1.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.data:W;.rsrc:R;
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeUnpacked PE file: 16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Detected unpacking (creates a PE file in dynamic memory)Show sources
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeUnpacked PE file: 16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.2200000.3.unpack
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeUnpacked PE file: 1.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.400000.0.unpack
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeUnpacked PE file: 16.2.RFQ_CONTACTOR-LG. SSMAC21642.exe.400000.0.unpack
                      Yara detected GuLoaderShow sources
                      Source: Yara matchFile source: 00000003.00000002.293409156.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ_CONTACTOR-LG. SSMAC21642.exe PID: 2224, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ_CONTACTOR-LG. SSMAC21642.exe PID: 2884, type: MEMORY
                      Yara detected VB6 Downloader GenericShow sources
                      Source: Yara matchFile source: Process Memory Space: RFQ_CONTACTOR-LG. SSMAC21642.exe PID: 2224, type: MEMORY
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004503CC SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode,0_2_004503CC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00450A18 push 00450AA5h; ret 0_2_00450A9D
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0040611C push 00406148h; ret 0_2_00406140
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004461F0 push ecx; mov dword ptr [esp], ecx0_2_004461F4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0045A188 push 0045A1F3h; ret 0_2_0045A1EB
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004061AC push 004061D8h; ret 0_2_004061D0
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0041426E push 004142E6h; ret 0_2_004142DE
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00414270 push 004142E6h; ret 0_2_004142DE
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004722D8 push 00472304h; ret 0_2_004722FC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004142E8 push 00414390h; ret 0_2_00414388
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00470378 push 004703C7h; ret 0_2_004703BF
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00472310 push 00472336h; ret 0_2_0047232E
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0047033C push 00470374h; ret 0_2_0047036C
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00414392 push 004144B0h; ret 0_2_004144A8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0042A458 push 0042A496h; ret 0_2_0042A48E
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0046A474 push 0046A4A0h; ret 0_2_0046A498
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0046A4D4 push 0046A500h; ret 0_2_0046A4F8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0042A4D8 push 0042A510h; ret 0_2_0042A508
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00414484 push 004144B0h; ret 0_2_004144A8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0042A4A0 push 0042A4CCh; ret 0_2_0042A4C4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004325C0 push 004325ECh; ret 0_2_004325E4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004285CC push 0042869Ch; ret 0_2_00428694
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004085DE push edx; ret 0_2_0040864F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004665F0 push 0046664Ah; ret 0_2_00466642
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00432678 push 004326BBh; ret 0_2_004326B3
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00432610 push 00432653h; ret 0_2_0043264B
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0040E634 push 0040E660h; ret 0_2_0040E658
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004326DC push 00432728h; ret 0_2_00432720
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0041E68A push 0041E737h; ret 0_2_0041E72F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0041E68C push 0041E737h; ret 0_2_0041E72F
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00432734 push 0043277Fh; ret 0_2_00432777
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0041E73C push 0041E7CCh; ret 0_2_0041E7C4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00464438 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,0_2_00464438
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0044AAF0 IsIconic,GetCapture,0_2_0044AAF0
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00464B58 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_00464B58
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00464C08 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_00464C08
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00428EE8 IsIconic,GetWindowPlacement,GetWindowRect,0_2_00428EE8
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0044B3A4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,0_2_0044B3A4
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_00461460 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,0_2_00461460
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_0044BD00 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,0_2_0044BD00
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeCode function: 0_2_004503CC SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode,0_2_004503CC
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ_CONTACTOR-LG. SSMAC21642.exeP