Loading ...

Play interactive tourEdit tour

Analysis Report Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.com

Overview

General Information

Sample Name:Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.com (renamed file extension from com to exe)
Analysis ID:298555
MD5:7f3907d7884043235e851bf16e39f793
SHA1:ce461455d1e5890004be11b9e887091c3615d8fd
SHA256:61fe8a67e7f0bfc32b8493b1e7edaf71749e117f0cd247c6910231b7249e5105
Tags:comGuLoader

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
.NET source code references suspicious native API functions
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Moves itself to temp directory
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected VB6 Downloader Generic
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "9dhXA3CnBE", "URL: ": "https://K40yqO7uWm8lL5ZGBl8.org", "To: ": "", "ByHost: ": "excellink.xyz:587", "Password: ": "ujw7c4coRN", "From: ": ""}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.497078142.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    00000002.00000002.503459311.000000001E8A2000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.502387295.000000001E142000.00000020.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.503209125.000000001E7D8000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe PID: 4464JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.1e140000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

              Sigma Overview

              No Sigma rule has matched

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.4464.2.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "9dhXA3CnBE", "URL: ": "https://K40yqO7uWm8lL5ZGBl8.org", "To: ": "", "ByHost: ": "excellink.xyz:587", "Password: ": "ujw7c4coRN", "From: ": ""}
              Multi AV Scanner detection for submitted fileShow sources
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeReversingLabs: Detection: 16%
              Source: 0.2.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.400000.0.unpackAvira: Label: TR/Dropper.VB.Gen
              Source: 2.2.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.1e140000.3.unpackAvira: Label: TR/Spy.Gen8
              Source: 2.0.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.400000.0.unpackAvira: Label: TR/Dropper.VB.Gen
              Source: 0.0.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.400000.0.unpackAvira: Label: TR/Dropper.VB.Gen
              Source: global trafficTCP traffic: 192.168.2.7:49737 -> 198.54.125.197:587
              Source: Joe Sandbox ViewIP Address: 198.54.125.197 198.54.125.197
              Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
              Source: global trafficTCP traffic: 192.168.2.7:49737 -> 198.54.125.197:587
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E42A186 recv,2_2_1E42A186
              Source: unknownDNS traffic detected: queries for: onedrive.live.com
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502387295.000000001E142000.00000020.00000001.sdmpString found in binary or memory: http://127.0.0.1:
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.503648027.000000001E9F4000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505346336.0000000021071000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505346336.0000000021071000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.c
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.503648027.000000001E9F4000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505381699.000000002109A000.00000004.00000001.sdmpString found in binary or memory: http://crt.user
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.497295252.0000000000759000.00000004.00000020.sdmpString found in binary or memory: http://go.microsoft.
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.497295252.0000000000759000.00000004.00000020.sdmpString found in binary or memory: http://go.microsoft.LinkId=42127
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.503648027.000000001E9F4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505346336.0000000021071000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.503648027.000000001E9F4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.503459311.000000001E8A2000.00000004.00000001.sdmpString found in binary or memory: https://K40yqO7uWm8lL5ZGBl8.org
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502387295.000000001E142000.00000020.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeString found in binary or memory: https://onedrive.live.com/download?cid=16ACDE72EF8A9E0D&resid=16ACDE72EF8A9E0D%21118&authkey=AIK3xSk
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.503648027.000000001E9F4000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502387295.000000001E142000.00000020.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502387295.000000001E142000.00000020.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/U
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00562EEE NtQueryInformationProcess,2_2_00562EEE
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_0056016B EnumWindows,NtSetInformationThread,2_2_0056016B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00562B97 NtProtectVirtualMemory,2_2_00562B97
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00560FDB NtSetInformationThread,2_2_00560FDB
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E42AD42 NtQuerySystemInformation,2_2_1E42AD42
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E42AD20 NtQuerySystemInformation,2_2_1E42AD20
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00115A302_2_00115A30
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001112582_2_00111258
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001148582_2_00114858
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001106402_2_00110640
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001100702_2_00110070
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001126782_2_00112678
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001167012_2_00116701
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00114B602_2_00114B60
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001169902_2_00116990
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001179AC2_2_001179AC
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001175F02_2_001175F0
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00118FF82_2_00118FF8
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001106112_2_00110611
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001100122_2_00110012
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_0011920E2_2_0011920E
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001112482_2_00111248
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001148482_2_00114848
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001126682_2_00112668
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00110A6A2_2_00110A6A
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001164902_2_00116490
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001164802_2_00116480
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00112C832_2_00112C83
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001108AB2_2_001108AB
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001107182_2_00110718
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_0011070B2_2_0011070B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00111D302_2_00111D30
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_00111D212_2_00111D21
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001169822_2_00116982
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001191E32_2_001191E3
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001175E22_2_001175E2
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_001193EB2_2_001193EB
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_20AA001C2_2_20AA001C
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_20ABC0102_2_20ABC010
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_20ABAAF82_2_20ABAAF8
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_20ABA7B02_2_20ABA7B0
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_20ABA1912_2_20ABA191
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_20ABA1F02_2_20ABA1F0
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213181282_2_21318128
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_21315DA92_2_21315DA9
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131383C2_2_2131383C
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213164172_2_21316417
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213100702_2_21310070
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_21318AE22_2_21318AE2
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131F1282_2_2131F128
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213129022_2_21312902
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213111682_2_21311168
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213125452_2_21312545
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213121492_2_21312149
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213121A02_2_213121A0
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131259C2_2_2131259C
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131299E2_2_2131299E
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213125F32_2_213125F3
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213129F52_2_213129F5
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213121F72_2_213121F7
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213155D82_2_213155D8
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213119DD2_2_213119DD
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_21311C372_2_21311C37
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213100702_2_21310070
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131200B2_2_2131200B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213120562_2_21312056
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213124402_2_21312440
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213128482_2_21312848
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213128AB2_2_213128AB
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213120AA2_2_213120AA
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213124972_2_21312497
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213120FE2_2_213120FE
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213124EE2_2_213124EE
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_21311F272_2_21311F27
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_21311F722_2_21311F72
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213127432_2_21312743
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213123472_2_21312347
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131279A2_2_2131279A
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131239E2_2_2131239E
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213127F12_2_213127F1
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213123E92_2_213123E9
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131264A2_2_2131264A
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_21312A4C2_2_21312A4C
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_2131224E2_2_2131224E
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_213126952_2_21312695
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeStatic PE information: invalid certificate
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000000.00000002.250962457.000000000040C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamethunderbird.exe vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000000.00000002.251685760.00000000022B0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamethunderbird.exeFE2X vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502187997.000000001DDB0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505481173.0000000021270000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000000.250061340.000000000040C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamethunderbird.exe vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502122085.000000001DC60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.504779162.0000000020990000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505041193.0000000020CC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.496845173.0000000000060000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.502466338.000000001E1B2000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameEGCAKnDHJDUGDwsMzKRRr.exe4 vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.496862830.0000000000070000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeBinary or memory string: OriginalFilenamethunderbird.exe vs Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe
              Source: 2.2.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.1e140000.3.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.2.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.1e140000.3.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csCryptographic APIs: 'CreateDecryptor'
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/1
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E42A5B6 AdjustTokenPrivileges,2_2_1E42A5B6
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E42A57F AdjustTokenPrivileges,2_2_1E42A57F
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile created: C:\Users\user\AppData\Roaming\1vn112jj.aqwJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF1325AF4E2E88520C.TMPJump to behavior
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dllJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dllJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeReversingLabs: Detection: 16%
              Source: unknownProcess created: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe 'C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe'
              Source: unknownProcess created: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe 'C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe'
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess created: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe 'C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe' Jump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
              Source: Binary string: mscorrc.pdb source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe, 00000002.00000002.505481173.0000000021270000.00000002.00000001.sdmp

              Data Obfuscation:

              barindex
              Yara detected GuLoaderShow sources
              Source: Yara matchFile source: 00000002.00000002.497078142.0000000000560000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe PID: 4464, type: MEMORY
              Yara detected VB6 Downloader GenericShow sources
              Source: Yara matchFile source: Process Memory Space: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe PID: 4464, type: MEMORY
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C40 push 00401172h; ret 0_2_00407C53
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C54 push 00401172h; ret 0_2_00407C67
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C68 push 00401172h; ret 0_2_00407C7B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C7C push 00401172h; ret 0_2_00407C8F
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C04 push 00401172h; ret 0_2_00407C17
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C18 push 00401172h; ret 0_2_00407C2B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C2C push 00401172h; ret 0_2_00407C3F
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407CCC push 00401172h; ret 0_2_00407CDF
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407CE0 push 00401172h; ret 0_2_00407CF3
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407CF4 push 00401172h; ret 0_2_00407D07
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407C90 push 00401172h; ret 0_2_00407CA3
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407CA4 push 00401172h; ret 0_2_00407CB7
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407CB8 push 00401172h; ret 0_2_00407CCB
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D44 push 00401172h; ret 0_2_00407D57
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D58 push 00401172h; ret 0_2_00407D6B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D6C push 00401172h; ret 0_2_00407D7F
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D08 push 00401172h; ret 0_2_00407D1B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D1C push 00401172h; ret 0_2_00407D2F
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D30 push 00401172h; ret 0_2_00407D43
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407BD9 push 00401172h; ret 0_2_00407BEF
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_004051EB push ecx; ret 0_2_004051ED
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407BF0 push 00401172h; ret 0_2_00407C03
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00404FF3 push ebx; retf 0_2_00404FF5
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00406388 push edx; iretd 0_2_0040639B
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407D94 push 00401172h; ret 0_2_00407DA7
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00403DA3 push ds; retf 0_2_00403DA5
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407DA8 push 00401172h; ret 0_2_00407DBB
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 0_2_00407DBC push 00401172h; ret 0_2_00407DCF
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_0056004D push ds; ret 2_2_0056004E
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E422477 push ds; retf 3FD8h2_2_1E4224AC
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeCode function: 2_2_1E422477 push ds; iretd 2_2_1E4224E8
              Source: 2.2.Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exe.1e140000.3.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csHigh entropy of concatenated method names: '.cctor', 'C1cPOtYij1Lai', 'eWaH61iq7', 'eLDx5Mj1j', 'eGN9hjVJU', 'eJNVII0RA', 'NvQ34uZt895nxEhi2FIr', 'ecKhHQop2', 'eSvjdpjEx', 'eo35nXyW5'
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile created: \modern electrical supplies trading & contracting company. (w.l.l) official memo.exeJump to behavior

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Moves itself to temp directoryShow sources
              Source: c:\users\user\desktop\modern electrical supplies trading & contracting company. (w.l.l) official memo.exeFile moved: C:\Users\user\AppData\Local\Temp\tmpG814.tmpJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeRDTSC instruction interceptor: First address: 0000000000632751 second address: 0000000000632751 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FCAFC36BE28h 0x0000000f lfence 0x00000012 mov edx, dword ptr [7FFE0014h] 0x00000018 lfence 0x0000001b ret 0x0000001c sub edx, esi 0x0000001e ret 0x0000001f pop ecx 0x00000020 add edi, edx 0x00000022 dec ecx 0x00000023 cmp ecx, 00000000h 0x00000026 jne 00007FCAFC36BE07h 0x00000028 push ecx 0x00000029 jmp 00007FCAFC36BE2Ah 0x0000002b test ah, ch 0x0000002d call 00007FCAFC36BE3Ah 0x00000032 call 00007FCAFC36BE3Ah 0x00000037 lfence 0x0000003a mov edx, dword ptr [7FFE0014h] 0x00000040 lfence 0x00000043 ret 0x00000044 mov esi, edx 0x00000046 pushad 0x00000047 rdtsc
              Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
              Tries to detect Any.runShow sources
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
              Tries to detect virtualization through RDTSC time measurementsShow sources
              Source: C:\Users\user\Desktop\Modern Electrical Supplies Trading & Contracting Company. (W.L.L) Official Memo.exeRDTSC instruction interceptor: First address: 0000000000632751 second address: 0000000000632751 instructions: