Analysis Report PURCHASE ORDER.com

Overview

General Information

Sample Name:	PURCHASE ORDER.com (renamed file extension from com to exe)
Analysis ID:	385280
MD5:	9d71011e0ef3208145dd434e229ab0e2
SHA1:	ecb4b62327a724ab00bd42bf98a51db3a3977079
SHA256:	8dccc7a8d24c010a59d807148c7a6779a7f2eac86868e1cf083235d0bcce3414
Tags:	FormBook
Infos:
Most interesting Screenshot:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected FormBook malware

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: Steal Google chrome login data

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected FormBook

C2 URLs / IPs found in malware configuration

Initial sample is a PE file and has a suspicious name

Machine Learning detection for dropped file

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Modifies the prolog of user mode functions (user mode inline hooks)

PE file has a writeable .text section

Queues an APC in another process (thread injection)

Sample uses process hollowing technique

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file access)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains strange resources

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Signatures

AV Detection:

Found malware configuration

Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.hollandhousedesigns.design/vns/"], "decoy": ["sparkspressworld.com", "everydayresidency.com", "thebosscollectionn.com", "milkweedmagic.com", "worklesshours.com", "romeosfurnituremadera.com", "unclepetesproduce.com", "athleticamackay.com", "9nhl.com", "powellassetmanagement.com", "jxlamp.com", "onpointpetproducts.com", "buymysoft.com", "nazertrader.com", "goprj.com", "keeptalkservice.com", "aolei1688.com", "donstackl.com", "almasorchids.com", "pj5bwn.com", "featuredshop2020.com", "connectmheduaction.com", "kcastleint.com", "quintessentialmiss.com", "forenvid.com", "vetementsbd.com", "fabrizioamadori.net", "remaxplatinumva.com", "drivecart.net", "ordertds.com", "huayuanjiajiao.com", "islamiportal.com", "innergardenhealing.space", "wlwmwntor.com", "wiitendo.com", "ceschandigarh.com", "mitchellche.com", "levaporz.com", "eraophthalmica.com", "gnzywyht.com", "bobbinsbroider.com", "pollygen.com", "xn--kbrsotocheckup-5fcc.com", "theunprofessionalpodcast.com", "lendini.site", "digitalpardis.com", "meenaveen.com", "yihuafence.com", "mercadoaria.com", "domennyarendi44.net", "juandiegopalacio.com", "meltdownfitnesstulsa.com", "xn--laclnicadelvnculo-gvbi.com", "paripartners378.com", "valadecia.com", "womenring.com", "ocarlosresolve.com", "vedicherbsindia.com", "nonnearrapate.com", "viplending.net", "angelbeatsgamingclan.com", "rigmodisc.com", "page-id-78613.com", "yapadaihindi.com"]}

Multi AV Scanner detection for submitted file

Source: PURCHASE ORDER.exe

Virustotal: Detection: 11%

Perma Link

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Joe Sandbox ML: detected

Compliance:

Uses 32bit PE files

Source: PURCHASE ORDER.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\INSTALL.txt

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\FAQ.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\README.txt	Jump to behavior

Source: PURCHASE ORDER.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: wscui.pdbUGP source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp
Source:	Binary string: wntdll.pdbUGP source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe, 00000017.00000002.508514426.000000000467F000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe
Source:	Binary string: RAServer.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: X:\sborka\12217271353800656069\workdll\release\Lib1.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.434645004.000000006DE84000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506646098.000000006E064000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.506218878.000000006E064000.00000002.00020000.sdmp
Source:	Binary string: C:\output\ZPSTray\pl\vc\obj\x64\mysql_ssl_rsa_setup\AutoUpda.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, raserver.exe, 00000017.00000002.507081713.00000000043B1000.00000004.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr
Source:	Binary string: RAServer.pdbGCTL source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: wscui.pdb source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 4x nop then pop esi		2_2_00BC72DB
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 4x nop then pop esi		23_2_027472CF

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49727 -> 66.235.200.146:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49727 -> 66.235.200.146:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49727 -> 66.235.200.146:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.hollandhousedesigns.design/vns/

Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: PURCHASE ORDER.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: PURCHASE ORDER.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp/
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp=
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehpA7Ef
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehpwsLMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpLMEMh
Source: raserver.exe, 00000017.00000002.503366099.00000000002A7000.00000004.00000020.sdmp	String found in binary or memory: http://www.msn.com/de-ch/ocid=iehp
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/ocid=iehp&
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp, raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp, raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp, raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1LMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=1
Source: raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.phpcid=8CU157172&crid=858412214&size=306x271&https=1
Source: raserver.exe, 00000017.00000003.449186115.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://go.microc
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wre
Source: raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/login.srfwa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wrep
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorizeclient_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e3
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/.0
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/1Q
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/4
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/LMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0LMEM
Source: raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0br

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Code function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040535C

Creates a DirectInput object (often for capturing keystrokes)

Source: MySqlAssemblyConsole.exe, 00000002.00000002.431919850.000000000081A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

System Summary:

Detected FormBook malware

Source: C:\Windows\SysWOW64\raserver.exe	Dropped file: C:\Users\user\AppData\Roaming\886N85Q4\886logri.ini			Jump to dropped file
Source: C:\Windows\SysWOW64\raserver.exe	Dropped file: C:\Users\user\AppData\Roaming\886N85Q4\886logrv.ini			Jump to dropped file

Malicious sample detected (through community Yara rule)

Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: PURCHASE ORDER.exe

PE file has a writeable .text section

Source: MySqlAssemblyConsole.exe.0.dr

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Contains functionality to call native functions

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9D50 NtCreateFile,	2_2_00BC9D50
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9E80 NtClose,	2_2_00BC9E80
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9E00 NtReadFile,	2_2_00BC9E00
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9F30 NtAllocateVirtualMemory,	2_2_00BC9F30
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9E7C NtClose,	2_2_00BC9E7C
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9F2D NtAllocateVirtualMemory,	2_2_00BC9F2D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9840 NtDelayExecution,LdrInitializeThunk,	23_2_045C9840
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9860 NtQuerySystemInformation,LdrInitializeThunk,	23_2_045C9860
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9540 NtReadFile,LdrInitializeThunk,	23_2_045C9540
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9560 NtWriteFile,LdrInitializeThunk,	23_2_045C9560
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9910 NtAdjustPrivilegesToken,LdrInitializeThunk,	23_2_045C9910
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C95D0 NtClose,LdrInitializeThunk,	23_2_045C95D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C99A0 NtCreateSection,LdrInitializeThunk,	23_2_045C99A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9650 NtQueryValueKey,LdrInitializeThunk,	23_2_045C9650
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A50 NtCreateFile,LdrInitializeThunk,	23_2_045C9A50
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9660 NtAllocateVirtualMemory,LdrInitializeThunk,	23_2_045C9660
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9610 NtEnumerateValueKey,LdrInitializeThunk,	23_2_045C9610
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C96D0 NtCreateKey,LdrInitializeThunk,	23_2_045C96D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C96E0 NtFreeVirtualMemory,LdrInitializeThunk,	23_2_045C96E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9770 NtSetInformationFile,LdrInitializeThunk,	23_2_045C9770
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9710 NtQueryInformationToken,LdrInitializeThunk,	23_2_045C9710
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9B00 NtSetValueKey,LdrInitializeThunk,	23_2_045C9B00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9FE0 NtCreateMutant,LdrInitializeThunk,	23_2_045C9FE0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9780 NtMapViewOfSection,LdrInitializeThunk,	23_2_045C9780
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CB040 NtSuspendThread,	23_2_045CB040
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9820 NtEnumerateKey,	23_2_045C9820
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C98F0 NtReadVirtualMemory,	23_2_045C98F0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C98A0 NtWriteVirtualMemory,	23_2_045C98A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9950 NtQueueApcThread,	23_2_045C9950
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CAD30 NtSetContextThread,	23_2_045CAD30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9520 NtWaitForSingleObject,	23_2_045C9520
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C99D0 NtCreateProcessEx,	23_2_045C99D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C95F0 NtQueryInformationFile,	23_2_045C95F0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9670 NtQueryInformationProcess,	23_2_045C9670
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A10 NtQuerySection,	23_2_045C9A10
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A00 NtProtectVirtualMemory,	23_2_045C9A00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A20 NtResumeThread,	23_2_045C9A20
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A80 NtOpenDirectoryObject,	23_2_045C9A80
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CA770 NtOpenThread,	23_2_045CA770
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9760 NtOpenProcess,	23_2_045C9760
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CA710 NtOpenProcessToken,	23_2_045CA710
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9730 NtQueryVirtualMemory,	23_2_045C9730
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CA3B0 NtGetContextThread,	23_2_045CA3B0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C97A0 NtUnmapViewOfSection,	23_2_045C97A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749E00 NtReadFile,	23_2_02749E00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749E80 NtClose,	23_2_02749E80
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749F30 NtAllocateVirtualMemory,	23_2_02749F30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749D50 NtCreateFile,	23_2_02749D50
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749E7C NtClose,	23_2_02749E7C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749F2D NtAllocateVirtualMemory,	23_2_02749F2D

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Code function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_00403348

Detected potential crypto function

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_00406945	0_2_00406945
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_0040711C	0_2_0040711C
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB1030	2_2_00BB1030
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCD986	2_2_00BCD986
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDAA6	2_2_00BCDAA6
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCD2D0	2_2_00BCD2D0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCE241	2_2_00BCE241
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDB23	2_2_00BCDB23
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDCEB	2_2_00BCDCEB
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB2D90	2_2_00BB2D90
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB2D87	2_2_00BB2D87
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB9E30	2_2_00BB9E30
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB9E2B	2_2_00BB9E2B
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB2FB0	2_2_00BB2FB0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BE3FA0	2_2_00BE3FA0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCCF93	2_2_00BCCF93
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDF20	2_2_00BCDF20
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459841F	23_2_0459841F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641002	23_2_04641002
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B090	23_2_0459B090
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046520A8	23_2_046520A8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04651D55	23_2_04651D55
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458F900	23_2_0458F900
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04652D07	23_2_04652D07
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04580D20	23_2_04580D20
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459D5E0	23_2_0459D5E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A6E30	23_2_045A6E30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04652EF7	23_2_04652EF7
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046522AE	23_2_046522AE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04652B28	23_2_04652B28
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04651FF1	23_2_04651FF1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464DBD2	23_2_0464DBD2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BEBB0	23_2_045BEBB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274E241	23_2_0274E241
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02739E30	23_2_02739E30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02739E2B	23_2_02739E2B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02732FB0	23_2_02732FB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02732D90	23_2_02732D90
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02732D87	23_2_02732D87
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00CCEF10	27_2_00CCEF10
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6DFBC570	28_2_6DFBC570
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05F6EC	28_2_6E05F6EC
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04B743	28_2_6E04B743
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E032DA0	28_2_6E032DA0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05F5CC	28_2_6E05F5CC
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05A5C8	28_2_6E05A5C8
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E027260	28_2_6E027260
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6DFAD030	28_2_6DFAD030
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04E3FF	28_2_6E04E3FF
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E0238E0	28_2_6E0238E0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E024100	28_2_6E024100
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05A130	28_2_6E05A130

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\raserver.exe	Code function: String function: 0458B150 appears 35 times
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: String function: 00CA730F appears 49 times
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: String function: 6DFB9480 appears 63 times

PE file contains strange resources

Source: PURCHASE ORDER.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: MySqlAssemblyConsole.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Source: PURCHASE ORDER.exe, 00000000.00000002.239529402.0000000000730000.00000002.00000001.sdmp

Binary or memory string: OriginalFilenameuser32j% vs PURCHASE ORDER.exe

Uses 32bit PE files

Source: PURCHASE ORDER.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Yara signature match

Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@11/169@0/0

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

0_2_00403348

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Code function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040460D

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Code function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,

0_2_0040216B

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4612:120:WilError_01

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Local\Temp\nsb9F7B.tmp

Jump to behavior

Source: PURCHASE ORDER.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: PURCHASE ORDER.exe

Virustotal: Detection: 11%

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File read: C:\Users\user\Desktop\PURCHASE ORDER.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PURCHASE ORDER.exe 'C:\Users\user\Desktop\PURCHASE ORDER.exe'
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\raserver.exe C:\Windows\SysWOW64\raserver.exe
Source: C:\Windows\SysWOW64\raserver.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V	Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\raserver.exe

File written: C:\Users\user\AppData\Roaming\886N85Q4\886logri.ini

Jump to behavior

Source: C:\Windows\SysWOW64\raserver.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: PURCHASE ORDER.exe

Static file information: File size 3059224 > 1048576

Source: PURCHASE ORDER.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: wscui.pdbUGP source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp
Source:	Binary string: wntdll.pdbUGP source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe, 00000017.00000002.508514426.000000000467F000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe
Source:	Binary string: RAServer.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: X:\sborka\12217271353800656069\workdll\release\Lib1.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.434645004.000000006DE84000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506646098.000000006E064000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.506218878.000000006E064000.00000002.00020000.sdmp
Source:	Binary string: C:\output\ZPSTray\pl\vc\obj\x64\mysql_ssl_rsa_setup\AutoUpda.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, raserver.exe, 00000017.00000002.507081713.00000000043B1000.00000004.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr
Source:	Binary string: RAServer.pdbGCTL source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: wscui.pdb source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp

Data Obfuscation:

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 27_2_00BB25EC LoadLibraryA,GetProcAddress,task,task,task,

27_2_00BB25EC

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC68DD push 00000061h; retf	2_2_00BC68DF
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC71EC push edx; iretd	2_2_00BC71ED
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC69D2 push eax; retf	2_2_00BC69D9
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7AB9 push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7AED push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7A65 push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7A43 push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BE4D8C push eax; retf	2_2_00BE4D8D
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC6510 push edx; retf FAF5h	2_2_00BC65AF
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7D42 push edx; ret	2_2_00BC7D44
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCCEA5 push eax; ret	2_2_00BCCEF8
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCCEFB push eax; ret	2_2_00BCCF62
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCBE22 push edx; iretd	2_2_00BCBE29
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045DD0D1 push ecx; ret	23_2_045DD0E4
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747A65 push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747A43 push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274DA32 push esp; retf	23_2_0274DA34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747AED push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747AB9 push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274DBA4 push es; ret	23_2_0274DBAA
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_027471EC push edx; iretd	23_2_027471ED
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274BE22 push edx; iretd	23_2_0274BE29
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CEF2 push eax; ret	23_2_0274CEF8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CEFB push eax; ret	23_2_0274CF62
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CEA5 push eax; ret	23_2_0274CEF8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CF5C push eax; ret	23_2_0274CF62
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747D42 push edx; ret	23_2_02747D44
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00BB4502 pushfd ; iretd	27_2_00BB4503
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00BB3AEC pushad ; ret	27_2_00BB3AED
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00D08BF9 push ecx; ret	27_2_00D08C0C

Persistence and Installation Behavior:

Drops PE files

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libgmodule-2.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libimpl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libSDL_Pango-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libwinpthread-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\SDL_ttf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libcairo-gobject-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libpangocairo-1.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libbrotlidec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libdatrie-1.dll	Jump to dropped file

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\INSTALL.txt

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\FAQ.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\README.txt	Jump to behavior

Source: C:\Windows\SysWOW64\raserver.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SLHH9VSPLX			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SLHH9VSPLX			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Modifies the prolog of user mode functions (user mode inline hooks)

Source: explorer.exe

User mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x89 0x9E 0xEE

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 27_2_00BB58C0 wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,wglGetProcAddress,

27_2_00BB58C0

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	RDTSC instruction interceptor: First address: 0000000000BB98E4 second address: 0000000000BB98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	RDTSC instruction interceptor: First address: 0000000000BB9B4E second address: 0000000000BB9B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\raserver.exe	RDTSC instruction interceptor: First address: 00000000027398E4 second address: 00000000027398EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\raserver.exe	RDTSC instruction interceptor: First address: 0000000002739B4E second address: 0000000002739B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00BB9A80 rdtsc

2_2_00BB9A80

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libgmodule-2.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libSDL_Pango-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libwinpthread-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\SDL_ttf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libcairo-gobject-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libpangocairo-1.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libbrotlidec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libdatrie-1.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64888s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64779s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64673s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64561s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64454s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63871s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63658s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63441s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63108s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62894s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62676s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62567s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61909s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61364s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60817s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60703s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60598s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60378s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60270s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59942s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59613s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59395s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59067s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58848s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58738s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58410s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58301s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58191s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57971s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57863s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57754s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57535s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57425s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57317s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56988s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56879s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56660s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56440s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55889s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55676s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55567s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53922s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53813s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53662s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53481s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53265s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52887s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52441s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -51884s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -51064s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50848s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50737s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50411s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50301s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50192s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49973s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49864s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49753s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49645s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49535s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49426s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49315s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48989s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48879s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48660s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48442s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47895s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47675s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47567s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47128s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46909s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46144s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45926s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45817s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45706s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45598s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45270s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45159s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44935s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44614s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44393s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44174s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44066s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43848s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43738s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43410s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43301s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43191s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42972s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42864s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42754s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42642s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42535s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42426s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42317s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41988s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41879s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41660s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41442s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41114s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40895s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40676s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40566s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40347s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40237s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38801s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37926s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37817s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37707s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37598s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37270s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36941s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36613s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36394s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36067s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35847s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35738s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35410s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35253s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35144s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34923s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34675s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34565s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34215s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33886s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33442s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33190s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32859s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32689s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32364s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31816s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31707s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31597s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31269s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30941s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30613s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30395s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30066s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64885s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64776s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64662s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64510s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64400s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64291s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64182s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64072s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63962s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63853s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63744s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63635s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63525s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63416s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63306s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63197s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63088s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62979s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62869s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62760s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62651s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62541s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62431s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62322s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62213s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62104s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61994s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61885s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61775s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61664s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61556s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61448s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61338s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61229s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61119s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61010s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60901s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60791s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60682s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60572s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60463s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60353s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60244s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60135s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60026s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59916s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59794s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59478s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59362s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59228s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59118s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59010s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58900s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58399s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58290s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -57032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56884s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56756s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56643s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56541s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56432s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56322s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56213s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56104s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55994s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55885s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55775s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55666s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55557s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55448s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55337s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55229s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55119s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55010s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54900s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54791s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54682s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54572s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54463s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54354s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54244s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54133s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54021s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53916s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53807s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53697s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53588s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53479s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53369s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53260s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53151s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53041s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52932s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52822s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52713s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52603s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52494s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52385s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64894s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64675s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64566s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64345s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63472s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63144s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62926s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62816s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62707s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62597s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62269s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62050s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -61941s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -61831s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -61722s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64888	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64779	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64673	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64561	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64454	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63658	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63441	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63108	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62894	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62567	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62235	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61909	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61364	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60925	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60817	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60703	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60598	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60378	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60270	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59942	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59613	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59395	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59176	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59067	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58848	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58738	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58410	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58301	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58191	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58082	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57971	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57863	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57754	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57535	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57425	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57317	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56988	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56879	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56660	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56440	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55889	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55567	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53922	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53813	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53662	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53481	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53265	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53049	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52887	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52441	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 51884	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 51064	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50848	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50737	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50411	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50301	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50192	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50082	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49973	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49864	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49753	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49645	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49535	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49426	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49315	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48989	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48879	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48660	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48442	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47895	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47675	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47567	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47019	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46909	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46144	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45926	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45817	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45706	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45598	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45270	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45159	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44935	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44614	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44393	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44174	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44066	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43848	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43738	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43410	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43301	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43191	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43082	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42972	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42864	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42754	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42642	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42535	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42426	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42317	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41988	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41879	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41660	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41442	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41114	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40895	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40566	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40347	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40237	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39019	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38801	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37926	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37817	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37707	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37598	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37270	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36941	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36613	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36394	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36176	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36067	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35847	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35738	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35410	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35253	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35144	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34923	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34675	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34565	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34215	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33886	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33442	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33190	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32859	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32689	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32364	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31925	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31816	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31707	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31597	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31269	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30941	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30613	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30395	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30176	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30066	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64885	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64776	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64662	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64510	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64400	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64291	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64182	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64072	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63962	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63853	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63744	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63635	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63525	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63416	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63306	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63197	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63088	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62979	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62869	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62760	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62651	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62541	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62431	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62322	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62213	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62104	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61994	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61885	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61775	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61664	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61556	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61448	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61338	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61229	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61119	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60901	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60791	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60682	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60572	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60463	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60353	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60244	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60135	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60026	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59916	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59794	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59594	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59478	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59362	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59228	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59118	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58900	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58399	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58290	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57032	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56884	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56756	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56643	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56541	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56432	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56322	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56213	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56104	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55994	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55885	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55775	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55666	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55557	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55448	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55337	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55229	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55119	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54900	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54791	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54682	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54572	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54463	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54354	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54244	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54133	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54021	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53916	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53807	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53697	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53588	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53479	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53369	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53260	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53151	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53041	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52932	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52822	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52713	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52603	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52494	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52385	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64894	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64675	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64566	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64345	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64019	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63472	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63360	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63144	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62926	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62816	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62707	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62597	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62269	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62050	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61941	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61831	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61722	Jump to behavior

Source: explorer.exe, 00000012.00000000.412531453.000000000891C000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00dRom0
Source: explorer.exe, 00000012.00000000.412664360.00000000089B5000.00000004.00000001.sdmp	Binary or memory string: Prod_VMware_SATA?6
Source: explorer.exe, 00000012.00000002.509467416.0000000003710000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: explorer.exe, 00000012.00000000.392841431.00000000011B3000.00000004.00000020.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
Source: explorer.exe, 00000012.00000000.412664360.00000000089B5000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000012.00000002.515746081.00000000053D7000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: explorer.exe, 00000012.00000000.412664360.00000000089B5000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
Source: explorer.exe, 00000012.00000002.515884693.00000000054CA000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Checks if the current process is being debugged

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process queried: DebugPort			Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00BB9A80 rdtsc

2_2_00BB9A80

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Windows\SysWOW64\raserver.exe

Code function: 23_2_045C9840 NtDelayExecution,LdrInitializeThunk,

23_2_045C9840

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00CB7823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_00CB7823

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 27_2_00BB25EC LoadLibraryA,GetProcAddress,task,task,task,

27_2_00BB25EC

Contains functionality to read the PEB

Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A0050 mov eax, dword ptr fs:[00000030h]	23_2_045A0050
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A0050 mov eax, dword ptr fs:[00000030h]	23_2_045A0050
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA44B mov eax, dword ptr fs:[00000030h]	23_2_045BA44B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04651074 mov eax, dword ptr fs:[00000030h]	23_2_04651074
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04642073 mov eax, dword ptr fs:[00000030h]	23_2_04642073
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461C450 mov eax, dword ptr fs:[00000030h]	23_2_0461C450
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461C450 mov eax, dword ptr fs:[00000030h]	23_2_0461C450
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A746D mov eax, dword ptr fs:[00000030h]	23_2_045A746D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465740D mov eax, dword ptr fs:[00000030h]	23_2_0465740D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465740D mov eax, dword ptr fs:[00000030h]	23_2_0465740D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465740D mov eax, dword ptr fs:[00000030h]	23_2_0465740D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04654015 mov eax, dword ptr fs:[00000030h]	23_2_04654015
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04654015 mov eax, dword ptr fs:[00000030h]	23_2_04654015
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607016 mov eax, dword ptr fs:[00000030h]	23_2_04607016
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607016 mov eax, dword ptr fs:[00000030h]	23_2_04607016
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607016 mov eax, dword ptr fs:[00000030h]	23_2_04607016
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BBC2C mov eax, dword ptr fs:[00000030h]	23_2_045BBC2C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606CF0 mov eax, dword ptr fs:[00000030h]	23_2_04606CF0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606CF0 mov eax, dword ptr fs:[00000030h]	23_2_04606CF0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606CF0 mov eax, dword ptr fs:[00000030h]	23_2_04606CF0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046414FB mov eax, dword ptr fs:[00000030h]	23_2_046414FB
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov ecx, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658CD6 mov eax, dword ptr fs:[00000030h]	23_2_04658CD6
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045858EC mov eax, dword ptr fs:[00000030h]	23_2_045858EC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459849B mov eax, dword ptr fs:[00000030h]	23_2_0459849B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589080 mov eax, dword ptr fs:[00000030h]	23_2_04589080
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BF0BF mov ecx, dword ptr fs:[00000030h]	23_2_045BF0BF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BF0BF mov eax, dword ptr fs:[00000030h]	23_2_045BF0BF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BF0BF mov eax, dword ptr fs:[00000030h]	23_2_045BF0BF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04603884 mov eax, dword ptr fs:[00000030h]	23_2_04603884
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04603884 mov eax, dword ptr fs:[00000030h]	23_2_04603884
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C90AF mov eax, dword ptr fs:[00000030h]	23_2_045C90AF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A7D50 mov eax, dword ptr fs:[00000030h]	23_2_045A7D50
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AB944 mov eax, dword ptr fs:[00000030h]	23_2_045AB944
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AB944 mov eax, dword ptr fs:[00000030h]	23_2_045AB944
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C3D43 mov eax, dword ptr fs:[00000030h]	23_2_045C3D43
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04603540 mov eax, dword ptr fs:[00000030h]	23_2_04603540
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B171 mov eax, dword ptr fs:[00000030h]	23_2_0458B171
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B171 mov eax, dword ptr fs:[00000030h]	23_2_0458B171
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AC577 mov eax, dword ptr fs:[00000030h]	23_2_045AC577
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AC577 mov eax, dword ptr fs:[00000030h]	23_2_045AC577
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C962 mov eax, dword ptr fs:[00000030h]	23_2_0458C962
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658D34 mov eax, dword ptr fs:[00000030h]	23_2_04658D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0460A537 mov eax, dword ptr fs:[00000030h]	23_2_0460A537
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589100 mov eax, dword ptr fs:[00000030h]	23_2_04589100
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589100 mov eax, dword ptr fs:[00000030h]	23_2_04589100
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589100 mov eax, dword ptr fs:[00000030h]	23_2_04589100
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4D3B mov eax, dword ptr fs:[00000030h]	23_2_045B4D3B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4D3B mov eax, dword ptr fs:[00000030h]	23_2_045B4D3B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4D3B mov eax, dword ptr fs:[00000030h]	23_2_045B4D3B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B513A mov eax, dword ptr fs:[00000030h]	23_2_045B513A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B513A mov eax, dword ptr fs:[00000030h]	23_2_045B513A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458AD30 mov eax, dword ptr fs:[00000030h]	23_2_0458AD30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov ecx, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046141E8 mov eax, dword ptr fs:[00000030h]	23_2_046141E8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04638DF1 mov eax, dword ptr fs:[00000030h]	23_2_04638DF1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov ecx, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B1E1 mov eax, dword ptr fs:[00000030h]	23_2_0458B1E1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B1E1 mov eax, dword ptr fs:[00000030h]	23_2_0458B1E1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B1E1 mov eax, dword ptr fs:[00000030h]	23_2_0458B1E1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459D5E0 mov eax, dword ptr fs:[00000030h]	23_2_0459D5E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459D5E0 mov eax, dword ptr fs:[00000030h]	23_2_0459D5E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BFD9B mov eax, dword ptr fs:[00000030h]	23_2_045BFD9B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BFD9B mov eax, dword ptr fs:[00000030h]	23_2_045BFD9B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046069A6 mov eax, dword ptr fs:[00000030h]	23_2_046069A6
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046505AC mov eax, dword ptr fs:[00000030h]	23_2_046505AC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046505AC mov eax, dword ptr fs:[00000030h]	23_2_046505AC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2990 mov eax, dword ptr fs:[00000030h]	23_2_045B2990
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AC182 mov eax, dword ptr fs:[00000030h]	23_2_045AC182
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA185 mov eax, dword ptr fs:[00000030h]	23_2_045BA185
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B1DB5 mov eax, dword ptr fs:[00000030h]	23_2_045B1DB5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B1DB5 mov eax, dword ptr fs:[00000030h]	23_2_045B1DB5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B1DB5 mov eax, dword ptr fs:[00000030h]	23_2_045B1DB5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B35A1 mov eax, dword ptr fs:[00000030h]	23_2_045B35A1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B61A0 mov eax, dword ptr fs:[00000030h]	23_2_045B61A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B61A0 mov eax, dword ptr fs:[00000030h]	23_2_045B61A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463B260 mov eax, dword ptr fs:[00000030h]	23_2_0463B260
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463B260 mov eax, dword ptr fs:[00000030h]	23_2_0463B260
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658A62 mov eax, dword ptr fs:[00000030h]	23_2_04658A62
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C927A mov eax, dword ptr fs:[00000030h]	23_2_045C927A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464EA55 mov eax, dword ptr fs:[00000030h]	23_2_0464EA55
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459766D mov eax, dword ptr fs:[00000030h]	23_2_0459766D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04614257 mov eax, dword ptr fs:[00000030h]	23_2_04614257
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A3A1C mov eax, dword ptr fs:[00000030h]	23_2_045A3A1C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA61C mov eax, dword ptr fs:[00000030h]	23_2_045BA61C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA61C mov eax, dword ptr fs:[00000030h]	23_2_045BA61C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov eax, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov ecx, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov eax, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov eax, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458AA16 mov eax, dword ptr fs:[00000030h]	23_2_0458AA16
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458AA16 mov eax, dword ptr fs:[00000030h]	23_2_0458AA16
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04598A0A mov eax, dword ptr fs:[00000030h]	23_2_04598A0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C600 mov eax, dword ptr fs:[00000030h]	23_2_0458C600
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C600 mov eax, dword ptr fs:[00000030h]	23_2_0458C600
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C600 mov eax, dword ptr fs:[00000030h]	23_2_0458C600
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B8E00 mov eax, dword ptr fs:[00000030h]	23_2_045B8E00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463FE3F mov eax, dword ptr fs:[00000030h]	23_2_0463FE3F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641608 mov eax, dword ptr fs:[00000030h]	23_2_04641608
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C4A2C mov eax, dword ptr fs:[00000030h]	23_2_045C4A2C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C4A2C mov eax, dword ptr fs:[00000030h]	23_2_045C4A2C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458E620 mov eax, dword ptr fs:[00000030h]	23_2_0458E620
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2ACB mov eax, dword ptr fs:[00000030h]	23_2_045B2ACB
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B36CC mov eax, dword ptr fs:[00000030h]	23_2_045B36CC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C8EC7 mov eax, dword ptr fs:[00000030h]	23_2_045C8EC7
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463FEC0 mov eax, dword ptr fs:[00000030h]	23_2_0463FEC0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658ED6 mov eax, dword ptr fs:[00000030h]	23_2_04658ED6
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B16E0 mov ecx, dword ptr fs:[00000030h]	23_2_045B16E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045976E2 mov eax, dword ptr fs:[00000030h]	23_2_045976E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2AE4 mov eax, dword ptr fs:[00000030h]	23_2_045B2AE4
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04650EA5 mov eax, dword ptr fs:[00000030h]	23_2_04650EA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04650EA5 mov eax, dword ptr fs:[00000030h]	23_2_04650EA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04650EA5 mov eax, dword ptr fs:[00000030h]	23_2_04650EA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046046A7 mov eax, dword ptr fs:[00000030h]	23_2_046046A7
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BD294 mov eax, dword ptr fs:[00000030h]	23_2_045BD294
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BD294 mov eax, dword ptr fs:[00000030h]	23_2_045BD294
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461FE87 mov eax, dword ptr fs:[00000030h]	23_2_0461FE87
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459AAB0 mov eax, dword ptr fs:[00000030h]	23_2_0459AAB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459AAB0 mov eax, dword ptr fs:[00000030h]	23_2_0459AAB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BFAB0 mov eax, dword ptr fs:[00000030h]	23_2_045BFAB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458F358 mov eax, dword ptr fs:[00000030h]	23_2_0458F358
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658F6A mov eax, dword ptr fs:[00000030h]	23_2_04658F6A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458DB40 mov eax, dword ptr fs:[00000030h]	23_2_0458DB40
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459EF40 mov eax, dword ptr fs:[00000030h]	23_2_0459EF40
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B3B7A mov eax, dword ptr fs:[00000030h]	23_2_045B3B7A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B3B7A mov eax, dword ptr fs:[00000030h]	23_2_045B3B7A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458DB60 mov ecx, dword ptr fs:[00000030h]	23_2_0458DB60
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459FF60 mov eax, dword ptr fs:[00000030h]	23_2_0459FF60
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658B58 mov eax, dword ptr fs:[00000030h]	23_2_04658B58
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AF716 mov eax, dword ptr fs:[00000030h]	23_2_045AF716
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA70E mov eax, dword ptr fs:[00000030h]	23_2_045BA70E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA70E mov eax, dword ptr fs:[00000030h]	23_2_045BA70E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465070D mov eax, dword ptr fs:[00000030h]	23_2_0465070D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465070D mov eax, dword ptr fs:[00000030h]	23_2_0465070D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BE730 mov eax, dword ptr fs:[00000030h]	23_2_045BE730
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461FF10 mov eax, dword ptr fs:[00000030h]	23_2_0461FF10
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461FF10 mov eax, dword ptr fs:[00000030h]	23_2_0461FF10
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04584F2E mov eax, dword ptr fs:[00000030h]	23_2_04584F2E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04584F2E mov eax, dword ptr fs:[00000030h]	23_2_04584F2E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464131B mov eax, dword ptr fs:[00000030h]	23_2_0464131B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C37F5 mov eax, dword ptr fs:[00000030h]	23_2_045C37F5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046053CA mov eax, dword ptr fs:[00000030h]	23_2_046053CA
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046053CA mov eax, dword ptr fs:[00000030h]	23_2_046053CA
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045ADBE9 mov eax, dword ptr fs:[00000030h]	23_2_045ADBE9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04655BA5 mov eax, dword ptr fs:[00000030h]	23_2_04655BA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BB390 mov eax, dword ptr fs:[00000030h]	23_2_045BB390
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2397 mov eax, dword ptr fs:[00000030h]	23_2_045B2397
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04598794 mov eax, dword ptr fs:[00000030h]	23_2_04598794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04591B8F mov eax, dword ptr fs:[00000030h]	23_2_04591B8F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04591B8F mov eax, dword ptr fs:[00000030h]	23_2_04591B8F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463D380 mov ecx, dword ptr fs:[00000030h]	23_2_0463D380
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464138A mov eax, dword ptr fs:[00000030h]	23_2_0464138A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607794 mov eax, dword ptr fs:[00000030h]	23_2_04607794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607794 mov eax, dword ptr fs:[00000030h]	23_2_04607794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607794 mov eax, dword ptr fs:[00000030h]	23_2_04607794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4BAD mov eax, dword ptr fs:[00000030h]	23_2_045B4BAD
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4BAD mov eax, dword ptr fs:[00000030h]	23_2_045B4BAD
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4BAD mov eax, dword ptr fs:[00000030h]	23_2_045B4BAD
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04FF14 mov eax, dword ptr fs:[00000030h]	28_2_6E04FF14
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E049D71 mov eax, dword ptr fs:[00000030h]	28_2_6E049D71

Enables debug privileges

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00CB7823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00CB7823
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00CA813B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00CA813B
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00CB7823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00CB7823
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00CA813B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	27_2_00CA813B
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E0467BD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	28_2_6E0467BD
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E0475D2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_6E0475D2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04CAF9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_6E04CAF9

HIPS / PFW / Operating System Protection Evasion:

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Section loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Section loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread register set: target process: 3472			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Thread register set: target process: 3472			Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Section unmapped: C:\Windows\SysWOW64\raserver.exe base address: 100000

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\raserver.exe

Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V

Jump to behavior

Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: explorer.exe, 00000012.00000000.392773721.0000000001128000.00000004.00000020.sdmp	Binary or memory string: ProgmanOMEa
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 28_2_6E046FF1 cpuid

28_2_6E046FF1

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: GetLocaleInfoW,

28_2_6E051497

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00CA8986 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

2_2_00CA8986

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

0_2_00403348

Stealing of Sensitive Information:

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\raserver.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file access)

Source: C:\Windows\SysWOW64\raserver.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality:

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.hollandhousedesigns.design/vns/	true	5%, Virustotal, Browse Avira URL Cloud: safe	low

AV Detection:

Found malware configuration

Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp

Multi AV Scanner detection for submitted file

Source: PURCHASE ORDER.exe

Virustotal: Detection: 11%

Perma Link

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Joe Sandbox ML: detected

Compliance:

Uses 32bit PE files

Source: PURCHASE ORDER.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\INSTALL.txt

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\FAQ.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\README.txt	Jump to behavior

Source: PURCHASE ORDER.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: wscui.pdbUGP source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp
Source:	Binary string: wntdll.pdbUGP source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe, 00000017.00000002.508514426.000000000467F000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe
Source:	Binary string: RAServer.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: X:\sborka\12217271353800656069\workdll\release\Lib1.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.434645004.000000006DE84000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506646098.000000006E064000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.506218878.000000006E064000.00000002.00020000.sdmp
Source:	Binary string: C:\output\ZPSTray\pl\vc\obj\x64\mysql_ssl_rsa_setup\AutoUpda.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, raserver.exe, 00000017.00000002.507081713.00000000043B1000.00000004.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr
Source:	Binary string: RAServer.pdbGCTL source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: wscui.pdb source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 4x nop then pop esi		2_2_00BC72DB
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 4x nop then pop esi		23_2_027472CF

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49727 -> 66.235.200.146:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49727 -> 66.235.200.146:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49727 -> 66.235.200.146:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.hollandhousedesigns.design/vns/

Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: PURCHASE ORDER.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: PURCHASE ORDER.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp/
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp=
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehpA7Ef
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehpwsLMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpLMEMh
Source: raserver.exe, 00000017.00000002.503366099.00000000002A7000.00000004.00000020.sdmp	String found in binary or memory: http://www.msn.com/de-ch/ocid=iehp
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/ocid=iehp&
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000012.00000000.414574884.000000000BC36000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp, raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp, raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp, raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1LMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=1
Source: raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.phpcid=8CU157172&crid=858412214&size=306x271&https=1
Source: raserver.exe, 00000017.00000003.449186115.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://go.microc
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wre
Source: raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/login.srfwa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wrep
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorizeclient_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e3
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/.0
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/1Q
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/4
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/LMEM
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: raserver.exe, 00000017.00000003.446049886.00000000002C5000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0LMEM
Source: raserver.exe, 00000017.00000003.446068610.00000000002E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0br

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

0_2_0040535C

Creates a DirectInput object (often for capturing keystrokes)

Source: MySqlAssemblyConsole.exe, 00000002.00000002.431919850.000000000081A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

System Summary:

Detected FormBook malware

Source: C:\Windows\SysWOW64\raserver.exe	Dropped file: C:\Users\user\AppData\Roaming\886N85Q4\886logri.ini			Jump to dropped file
Source: C:\Windows\SysWOW64\raserver.exe	Dropped file: C:\Users\user\AppData\Roaming\886N85Q4\886logrv.ini			Jump to dropped file

Malicious sample detected (through community Yara rule)

Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: PURCHASE ORDER.exe

PE file has a writeable .text section

Source: MySqlAssemblyConsole.exe.0.dr

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Contains functionality to call native functions

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9D50 NtCreateFile,	2_2_00BC9D50
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9E80 NtClose,	2_2_00BC9E80
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9E00 NtReadFile,	2_2_00BC9E00
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9F30 NtAllocateVirtualMemory,	2_2_00BC9F30
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9E7C NtClose,	2_2_00BC9E7C
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC9F2D NtAllocateVirtualMemory,	2_2_00BC9F2D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9840 NtDelayExecution,LdrInitializeThunk,	23_2_045C9840
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9860 NtQuerySystemInformation,LdrInitializeThunk,	23_2_045C9860
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9540 NtReadFile,LdrInitializeThunk,	23_2_045C9540
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9560 NtWriteFile,LdrInitializeThunk,	23_2_045C9560
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9910 NtAdjustPrivilegesToken,LdrInitializeThunk,	23_2_045C9910
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C95D0 NtClose,LdrInitializeThunk,	23_2_045C95D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C99A0 NtCreateSection,LdrInitializeThunk,	23_2_045C99A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9650 NtQueryValueKey,LdrInitializeThunk,	23_2_045C9650
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A50 NtCreateFile,LdrInitializeThunk,	23_2_045C9A50
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9660 NtAllocateVirtualMemory,LdrInitializeThunk,	23_2_045C9660
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9610 NtEnumerateValueKey,LdrInitializeThunk,	23_2_045C9610
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C96D0 NtCreateKey,LdrInitializeThunk,	23_2_045C96D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C96E0 NtFreeVirtualMemory,LdrInitializeThunk,	23_2_045C96E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9770 NtSetInformationFile,LdrInitializeThunk,	23_2_045C9770
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9710 NtQueryInformationToken,LdrInitializeThunk,	23_2_045C9710
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9B00 NtSetValueKey,LdrInitializeThunk,	23_2_045C9B00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9FE0 NtCreateMutant,LdrInitializeThunk,	23_2_045C9FE0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9780 NtMapViewOfSection,LdrInitializeThunk,	23_2_045C9780
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CB040 NtSuspendThread,	23_2_045CB040
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9820 NtEnumerateKey,	23_2_045C9820
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C98F0 NtReadVirtualMemory,	23_2_045C98F0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C98A0 NtWriteVirtualMemory,	23_2_045C98A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9950 NtQueueApcThread,	23_2_045C9950
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CAD30 NtSetContextThread,	23_2_045CAD30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9520 NtWaitForSingleObject,	23_2_045C9520
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C99D0 NtCreateProcessEx,	23_2_045C99D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C95F0 NtQueryInformationFile,	23_2_045C95F0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9670 NtQueryInformationProcess,	23_2_045C9670
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A10 NtQuerySection,	23_2_045C9A10
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A00 NtProtectVirtualMemory,	23_2_045C9A00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A20 NtResumeThread,	23_2_045C9A20
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9A80 NtOpenDirectoryObject,	23_2_045C9A80
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CA770 NtOpenThread,	23_2_045CA770
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9760 NtOpenProcess,	23_2_045C9760
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CA710 NtOpenProcessToken,	23_2_045CA710
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C9730 NtQueryVirtualMemory,	23_2_045C9730
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045CA3B0 NtGetContextThread,	23_2_045CA3B0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C97A0 NtUnmapViewOfSection,	23_2_045C97A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749E00 NtReadFile,	23_2_02749E00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749E80 NtClose,	23_2_02749E80
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749F30 NtAllocateVirtualMemory,	23_2_02749F30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749D50 NtCreateFile,	23_2_02749D50
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749E7C NtClose,	23_2_02749E7C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02749F2D NtAllocateVirtualMemory,	23_2_02749F2D

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

0_2_00403348

Detected potential crypto function

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_00406945	0_2_00406945
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_0040711C	0_2_0040711C
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB1030	2_2_00BB1030
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCD986	2_2_00BCD986
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDAA6	2_2_00BCDAA6
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCD2D0	2_2_00BCD2D0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCE241	2_2_00BCE241
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDB23	2_2_00BCDB23
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDCEB	2_2_00BCDCEB
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB2D90	2_2_00BB2D90
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB2D87	2_2_00BB2D87
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB9E30	2_2_00BB9E30
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB9E2B	2_2_00BB9E2B
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BB2FB0	2_2_00BB2FB0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BE3FA0	2_2_00BE3FA0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCCF93	2_2_00BCCF93
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCDF20	2_2_00BCDF20
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459841F	23_2_0459841F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641002	23_2_04641002
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B090	23_2_0459B090
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046520A8	23_2_046520A8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04651D55	23_2_04651D55
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458F900	23_2_0458F900
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04652D07	23_2_04652D07
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04580D20	23_2_04580D20
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459D5E0	23_2_0459D5E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A6E30	23_2_045A6E30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04652EF7	23_2_04652EF7
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046522AE	23_2_046522AE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04652B28	23_2_04652B28
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04651FF1	23_2_04651FF1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464DBD2	23_2_0464DBD2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BEBB0	23_2_045BEBB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274E241	23_2_0274E241
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02739E30	23_2_02739E30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02739E2B	23_2_02739E2B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02732FB0	23_2_02732FB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02732D90	23_2_02732D90
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02732D87	23_2_02732D87
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00CCEF10	27_2_00CCEF10
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6DFBC570	28_2_6DFBC570
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05F6EC	28_2_6E05F6EC
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04B743	28_2_6E04B743
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E032DA0	28_2_6E032DA0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05F5CC	28_2_6E05F5CC
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05A5C8	28_2_6E05A5C8
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E027260	28_2_6E027260
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6DFAD030	28_2_6DFAD030
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04E3FF	28_2_6E04E3FF
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E0238E0	28_2_6E0238E0
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E024100	28_2_6E024100
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E05A130	28_2_6E05A130

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\raserver.exe	Code function: String function: 0458B150 appears 35 times
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: String function: 00CA730F appears 49 times
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: String function: 6DFB9480 appears 63 times

PE file contains strange resources

Source: PURCHASE ORDER.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: MySqlAssemblyConsole.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Source: PURCHASE ORDER.exe, 00000000.00000002.239529402.0000000000730000.00000002.00000001.sdmp

Binary or memory string: OriginalFilenameuser32j% vs PURCHASE ORDER.exe

Uses 32bit PE files

Source: PURCHASE ORDER.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Yara signature match

Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@11/169@0/0

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

0_2_00403348

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Code function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040460D

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Code function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,

0_2_0040216B

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4612:120:WilError_01

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Local\Temp\nsb9F7B.tmp

Jump to behavior

Source: PURCHASE ORDER.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: PURCHASE ORDER.exe

Virustotal: Detection: 11%

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File read: C:\Users\user\Desktop\PURCHASE ORDER.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PURCHASE ORDER.exe 'C:\Users\user\Desktop\PURCHASE ORDER.exe'
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\raserver.exe C:\Windows\SysWOW64\raserver.exe
Source: C:\Windows\SysWOW64\raserver.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe 'C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V	Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\raserver.exe

File written: C:\Users\user\AppData\Roaming\886N85Q4\886logri.ini

Jump to behavior

Source: C:\Windows\SysWOW64\raserver.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: PURCHASE ORDER.exe

Static file information: File size 3059224 > 1048576

Source: PURCHASE ORDER.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: wscui.pdbUGP source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp
Source:	Binary string: wntdll.pdbUGP source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe, 00000017.00000002.508514426.000000000467F000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432815804.0000000002E20000.00000040.00000001.sdmp, raserver.exe
Source:	Binary string: RAServer.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: X:\sborka\12217271353800656069\workdll\release\Lib1.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.434645004.000000006DE84000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506646098.000000006E064000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.506218878.000000006E064000.00000002.00020000.sdmp
Source:	Binary string: C:\output\ZPSTray\pl\vc\obj\x64\mysql_ssl_rsa_setup\AutoUpda.pdb source: MySqlAssemblyConsole.exe, 00000002.00000002.432391924.0000000000D34000.00000002.00020000.sdmp, raserver.exe, 00000017.00000002.507081713.00000000043B1000.00000004.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000000.474192177.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000000.494289920.0000000000D34000.00000002.00020000.sdmp, MySqlAssemblyConsole.exe.0.dr
Source:	Binary string: RAServer.pdbGCTL source: MySqlAssemblyConsole.exe, 00000002.00000002.431950003.0000000000828000.00000004.00000020.sdmp
Source:	Binary string: wscui.pdb source: explorer.exe, 00000012.00000000.417250705.000000000ED20000.00000002.00000001.sdmp

Data Obfuscation:

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 27_2_00BB25EC LoadLibraryA,GetProcAddress,task,task,task,

27_2_00BB25EC

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC68DD push 00000061h; retf	2_2_00BC68DF
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC71EC push edx; iretd	2_2_00BC71ED
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC69D2 push eax; retf	2_2_00BC69D9
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7AB9 push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7AED push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7A65 push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7A43 push esp; iretd	2_2_00BC7AB2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BE4D8C push eax; retf	2_2_00BE4D8D
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC6510 push edx; retf FAF5h	2_2_00BC65AF
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BC7D42 push edx; ret	2_2_00BC7D44
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCCEA5 push eax; ret	2_2_00BCCEF8
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCCEFB push eax; ret	2_2_00BCCF62
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00BCBE22 push edx; iretd	2_2_00BCBE29
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045DD0D1 push ecx; ret	23_2_045DD0E4
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747A65 push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747A43 push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274DA32 push esp; retf	23_2_0274DA34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747AED push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747AB9 push esp; iretd	23_2_02747AB2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274DBA4 push es; ret	23_2_0274DBAA
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_027471EC push edx; iretd	23_2_027471ED
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274BE22 push edx; iretd	23_2_0274BE29
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CEF2 push eax; ret	23_2_0274CEF8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CEFB push eax; ret	23_2_0274CF62
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CEA5 push eax; ret	23_2_0274CEF8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0274CF5C push eax; ret	23_2_0274CF62
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_02747D42 push edx; ret	23_2_02747D44
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00BB4502 pushfd ; iretd	27_2_00BB4503
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00BB3AEC pushad ; ret	27_2_00BB3AED
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00D08BF9 push ecx; ret	27_2_00D08C0C

Persistence and Installation Behavior:

Drops PE files

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libgmodule-2.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libimpl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libSDL_Pango-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libwinpthread-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\SDL_ttf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libcairo-gobject-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libpangocairo-1.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libbrotlidec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libdatrie-1.dll	Jump to dropped file

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\INSTALL.txt

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\FAQ.txt	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	File created: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\README.txt	Jump to behavior

Source: C:\Windows\SysWOW64\raserver.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SLHH9VSPLX			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SLHH9VSPLX			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Modifies the prolog of user mode functions (user mode inline hooks)

Source: explorer.exe

User mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x89 0x9E 0xEE

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

27_2_00BB58C0

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	RDTSC instruction interceptor: First address: 0000000000BB98E4 second address: 0000000000BB98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	RDTSC instruction interceptor: First address: 0000000000BB9B4E second address: 0000000000BB9B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\raserver.exe	RDTSC instruction interceptor: First address: 00000000027398E4 second address: 00000000027398EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\raserver.exe	RDTSC instruction interceptor: First address: 0000000002739B4E second address: 0000000002739B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00BB9A80 rdtsc

2_2_00BB9A80

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libgmodule-2.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libSDL_Pango-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libwinpthread-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\SDL_ttf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libcairo-gobject-2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libpangocairo-1.0-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libbrotlidec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libdatrie-1.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64888s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64779s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64673s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64561s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64454s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -64020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63871s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63658s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63441s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63108s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -63004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62894s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62676s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62567s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -62020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61909s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61364s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -61035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60817s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60703s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60598s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60378s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60270s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -60051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59942s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59613s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59395s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -59067s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58848s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58738s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58410s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58301s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58191s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -58082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57971s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57863s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57754s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57535s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57425s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57317s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -57098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56988s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56879s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56660s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56440s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -56004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55889s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55676s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55567s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -55020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -54035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53922s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53813s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53662s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53481s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53265s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -53049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52887s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52441s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -52113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -51884s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -51064s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50848s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50737s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50411s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50301s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50192s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -50082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49973s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49864s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49753s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49645s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49535s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49426s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49315s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -49098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48989s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48879s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48660s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48442s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -48004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47895s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47675s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47567s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47348s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47128s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -47019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46909s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46144s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -46035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45926s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45817s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45706s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45598s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45270s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45159s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -45051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44935s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44614s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44393s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44174s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -44066s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43848s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43738s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43410s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43301s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43191s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -43082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42972s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42864s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42754s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42642s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42535s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42426s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42317s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -42098s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41988s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41879s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41660s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41551s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41442s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41114s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -41004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40895s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40676s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40566s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40347s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40237s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -39019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38801s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38363s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -38035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37926s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37817s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37707s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37598s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37270s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -37051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36941s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36613s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36394s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -36067s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35957s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35847s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35738s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35629s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35410s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35253s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35144s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -35035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34923s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34675s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34565s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34215s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34113s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -34004s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33886s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33442s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33332s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -33190s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32859s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32689s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32473s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32364s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32145s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -32035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31816s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31707s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31597s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31269s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -31051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30941s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30723s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30613s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30395s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30285s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5448	Thread sleep time: -30066s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64885s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64776s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64662s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64510s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64400s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64291s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64182s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -64072s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63962s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63853s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63744s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63635s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63525s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63416s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63306s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63197s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -63088s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62979s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62869s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62760s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62651s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62541s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62431s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62322s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62213s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -62104s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61994s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61885s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61775s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61664s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61556s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61448s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61338s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61229s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61119s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -61010s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60901s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60791s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60682s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60572s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60463s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60353s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60244s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60135s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -60026s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59916s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59794s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59478s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59362s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59228s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59118s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -59010s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58900s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58504s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58399s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -58290s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -57032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56884s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56756s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56643s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56541s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56432s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56322s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56213s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -56104s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55994s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55885s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55775s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55666s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55557s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55448s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55337s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55229s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55119s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -55010s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54900s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54791s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54682s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54572s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54463s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54354s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54244s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54133s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -54021s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53916s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53807s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53697s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53588s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53479s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53369s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53260s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53151s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -53041s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52932s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52822s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52713s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52603s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52494s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 5668	Thread sleep time: -52385s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64894s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64785s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64675s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64566s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64457s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64345s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -64019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63910s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63691s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63582s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63472s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63254s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63144s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -63035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62926s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62816s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62707s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62597s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62488s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62379s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62269s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62160s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -62050s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -61941s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -61831s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe TID: 3556	Thread sleep time: -61722s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\PURCHASE ORDER.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64888	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64779	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64673	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64561	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64454	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63871	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63658	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63441	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63108	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62894	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62567	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62235	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61909	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61364	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60925	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60817	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60703	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60598	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60378	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60270	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59942	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59613	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59395	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59176	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59067	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58848	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58738	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58410	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58301	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58191	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58082	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57971	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57863	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57754	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57535	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57425	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57317	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56988	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56879	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56660	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56440	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55889	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55567	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53922	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53813	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53662	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53481	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53265	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53049	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52887	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52441	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 51884	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 51064	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50848	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50737	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50411	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50301	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50192	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 50082	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49973	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49864	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49753	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49645	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49535	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49426	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49315	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 49098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48989	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48879	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48660	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48442	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 48004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47895	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47675	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47567	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47348	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 47019	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46909	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46144	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 46035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45926	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45817	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45706	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45598	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45270	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45159	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 45051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44935	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44614	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44393	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44174	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 44066	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43848	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43738	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43410	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43301	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43191	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 43082	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42972	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42864	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42754	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42642	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42535	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42426	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42317	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 42098	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41988	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41879	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41770	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41660	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41551	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41442	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41223	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41114	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 41004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40895	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40566	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40347	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40237	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 40020	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 39019	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38801	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38363	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 38035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37926	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37817	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37707	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37598	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37270	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 37051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36941	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36613	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36394	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36176	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 36067	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35957	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35847	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35738	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35629	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35520	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35410	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35253	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35144	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 35035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34923	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34675	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34565	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34215	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34113	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 34004	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33886	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33442	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33332	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 33190	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32859	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32689	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32473	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32364	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32145	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 32035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31925	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31816	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31707	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31597	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31269	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 31051	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30941	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30832	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30723	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30613	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30395	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30285	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30176	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 30066	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64885	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64776	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64662	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64510	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64400	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64291	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64182	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64072	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63962	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63853	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63744	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63635	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63525	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63416	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63306	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63197	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63088	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62979	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62869	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62760	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62651	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62541	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62431	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62322	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62213	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62104	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61994	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61885	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61775	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61664	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61556	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61448	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61338	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61229	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61119	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60901	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60791	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60682	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60572	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60463	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60353	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60244	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60135	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 60026	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59916	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59794	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59594	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59478	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59362	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59228	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59118	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 59010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58900	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58504	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58399	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 58290	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 57032	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56884	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56756	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56643	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56541	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56432	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56322	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56213	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 56104	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55994	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55885	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55775	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55666	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55557	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55448	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55337	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55229	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55119	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 55010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54900	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54791	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54682	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54572	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54463	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54354	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54244	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54133	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 54021	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53916	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53807	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53697	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53588	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53479	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53369	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53260	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53151	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 53041	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52932	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52822	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52713	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52603	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52494	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 52385	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 65000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64894	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64785	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64675	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64566	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64457	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64345	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64238	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64129	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 64019	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63910	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63800	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63691	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63582	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63472	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63360	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63254	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63144	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 63035	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62926	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62816	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62707	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62597	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62488	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62379	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62269	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62160	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 62050	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61941	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61831	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread delayed: delay time: 61722	Jump to behavior

Source: explorer.exe, 00000012.00000000.412531453.000000000891C000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00dRom0
Source: explorer.exe, 00000012.00000000.412664360.00000000089B5000.00000004.00000001.sdmp	Binary or memory string: Prod_VMware_SATA?6
Source: explorer.exe, 00000012.00000002.509467416.0000000003710000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: explorer.exe, 00000012.00000000.392841431.00000000011B3000.00000004.00000020.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
Source: explorer.exe, 00000012.00000000.412664360.00000000089B5000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000012.00000002.515746081.00000000053D7000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: explorer.exe, 00000012.00000000.412664360.00000000089B5000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
Source: explorer.exe, 00000012.00000002.515884693.00000000054CA000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000012.00000000.411602569.0000000008270000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Checks if the current process is being debugged

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process queried: DebugPort			Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00BB9A80 rdtsc

2_2_00BB9A80

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Windows\SysWOW64\raserver.exe

Code function: 23_2_045C9840 NtDelayExecution,LdrInitializeThunk,

23_2_045C9840

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00CB7823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_00CB7823

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 27_2_00BB25EC LoadLibraryA,GetProcAddress,task,task,task,

27_2_00BB25EC

Contains functionality to read the PEB

Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A0050 mov eax, dword ptr fs:[00000030h]	23_2_045A0050
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A0050 mov eax, dword ptr fs:[00000030h]	23_2_045A0050
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA44B mov eax, dword ptr fs:[00000030h]	23_2_045BA44B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04651074 mov eax, dword ptr fs:[00000030h]	23_2_04651074
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04642073 mov eax, dword ptr fs:[00000030h]	23_2_04642073
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461C450 mov eax, dword ptr fs:[00000030h]	23_2_0461C450
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461C450 mov eax, dword ptr fs:[00000030h]	23_2_0461C450
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A746D mov eax, dword ptr fs:[00000030h]	23_2_045A746D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641C06 mov eax, dword ptr fs:[00000030h]	23_2_04641C06
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465740D mov eax, dword ptr fs:[00000030h]	23_2_0465740D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465740D mov eax, dword ptr fs:[00000030h]	23_2_0465740D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465740D mov eax, dword ptr fs:[00000030h]	23_2_0465740D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606C0A mov eax, dword ptr fs:[00000030h]	23_2_04606C0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04654015 mov eax, dword ptr fs:[00000030h]	23_2_04654015
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04654015 mov eax, dword ptr fs:[00000030h]	23_2_04654015
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459B02A mov eax, dword ptr fs:[00000030h]	23_2_0459B02A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607016 mov eax, dword ptr fs:[00000030h]	23_2_04607016
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607016 mov eax, dword ptr fs:[00000030h]	23_2_04607016
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607016 mov eax, dword ptr fs:[00000030h]	23_2_04607016
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B002D mov eax, dword ptr fs:[00000030h]	23_2_045B002D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BBC2C mov eax, dword ptr fs:[00000030h]	23_2_045BBC2C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606CF0 mov eax, dword ptr fs:[00000030h]	23_2_04606CF0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606CF0 mov eax, dword ptr fs:[00000030h]	23_2_04606CF0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606CF0 mov eax, dword ptr fs:[00000030h]	23_2_04606CF0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046414FB mov eax, dword ptr fs:[00000030h]	23_2_046414FB
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov ecx, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461B8D0 mov eax, dword ptr fs:[00000030h]	23_2_0461B8D0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658CD6 mov eax, dword ptr fs:[00000030h]	23_2_04658CD6
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045858EC mov eax, dword ptr fs:[00000030h]	23_2_045858EC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459849B mov eax, dword ptr fs:[00000030h]	23_2_0459849B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589080 mov eax, dword ptr fs:[00000030h]	23_2_04589080
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BF0BF mov ecx, dword ptr fs:[00000030h]	23_2_045BF0BF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BF0BF mov eax, dword ptr fs:[00000030h]	23_2_045BF0BF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BF0BF mov eax, dword ptr fs:[00000030h]	23_2_045BF0BF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04603884 mov eax, dword ptr fs:[00000030h]	23_2_04603884
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04603884 mov eax, dword ptr fs:[00000030h]	23_2_04603884
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C90AF mov eax, dword ptr fs:[00000030h]	23_2_045C90AF
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B20A0 mov eax, dword ptr fs:[00000030h]	23_2_045B20A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A7D50 mov eax, dword ptr fs:[00000030h]	23_2_045A7D50
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AB944 mov eax, dword ptr fs:[00000030h]	23_2_045AB944
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AB944 mov eax, dword ptr fs:[00000030h]	23_2_045AB944
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C3D43 mov eax, dword ptr fs:[00000030h]	23_2_045C3D43
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04603540 mov eax, dword ptr fs:[00000030h]	23_2_04603540
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B171 mov eax, dword ptr fs:[00000030h]	23_2_0458B171
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B171 mov eax, dword ptr fs:[00000030h]	23_2_0458B171
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AC577 mov eax, dword ptr fs:[00000030h]	23_2_045AC577
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AC577 mov eax, dword ptr fs:[00000030h]	23_2_045AC577
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C962 mov eax, dword ptr fs:[00000030h]	23_2_0458C962
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658D34 mov eax, dword ptr fs:[00000030h]	23_2_04658D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0460A537 mov eax, dword ptr fs:[00000030h]	23_2_0460A537
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589100 mov eax, dword ptr fs:[00000030h]	23_2_04589100
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589100 mov eax, dword ptr fs:[00000030h]	23_2_04589100
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589100 mov eax, dword ptr fs:[00000030h]	23_2_04589100
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4D3B mov eax, dword ptr fs:[00000030h]	23_2_045B4D3B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4D3B mov eax, dword ptr fs:[00000030h]	23_2_045B4D3B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4D3B mov eax, dword ptr fs:[00000030h]	23_2_045B4D3B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B513A mov eax, dword ptr fs:[00000030h]	23_2_045B513A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B513A mov eax, dword ptr fs:[00000030h]	23_2_045B513A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458AD30 mov eax, dword ptr fs:[00000030h]	23_2_0458AD30
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04593D34 mov eax, dword ptr fs:[00000030h]	23_2_04593D34
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov eax, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A4120 mov ecx, dword ptr fs:[00000030h]	23_2_045A4120
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464FDE2 mov eax, dword ptr fs:[00000030h]	23_2_0464FDE2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046141E8 mov eax, dword ptr fs:[00000030h]	23_2_046141E8
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04638DF1 mov eax, dword ptr fs:[00000030h]	23_2_04638DF1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov ecx, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04606DC9 mov eax, dword ptr fs:[00000030h]	23_2_04606DC9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B1E1 mov eax, dword ptr fs:[00000030h]	23_2_0458B1E1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B1E1 mov eax, dword ptr fs:[00000030h]	23_2_0458B1E1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458B1E1 mov eax, dword ptr fs:[00000030h]	23_2_0458B1E1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459D5E0 mov eax, dword ptr fs:[00000030h]	23_2_0459D5E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459D5E0 mov eax, dword ptr fs:[00000030h]	23_2_0459D5E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BFD9B mov eax, dword ptr fs:[00000030h]	23_2_045BFD9B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BFD9B mov eax, dword ptr fs:[00000030h]	23_2_045BFD9B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046069A6 mov eax, dword ptr fs:[00000030h]	23_2_046069A6
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046505AC mov eax, dword ptr fs:[00000030h]	23_2_046505AC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046505AC mov eax, dword ptr fs:[00000030h]	23_2_046505AC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2990 mov eax, dword ptr fs:[00000030h]	23_2_045B2990
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04582D8A mov eax, dword ptr fs:[00000030h]	23_2_04582D8A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AC182 mov eax, dword ptr fs:[00000030h]	23_2_045AC182
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2581 mov eax, dword ptr fs:[00000030h]	23_2_045B2581
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA185 mov eax, dword ptr fs:[00000030h]	23_2_045BA185
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046051BE mov eax, dword ptr fs:[00000030h]	23_2_046051BE
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B1DB5 mov eax, dword ptr fs:[00000030h]	23_2_045B1DB5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B1DB5 mov eax, dword ptr fs:[00000030h]	23_2_045B1DB5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B1DB5 mov eax, dword ptr fs:[00000030h]	23_2_045B1DB5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B35A1 mov eax, dword ptr fs:[00000030h]	23_2_045B35A1
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B61A0 mov eax, dword ptr fs:[00000030h]	23_2_045B61A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B61A0 mov eax, dword ptr fs:[00000030h]	23_2_045B61A0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463B260 mov eax, dword ptr fs:[00000030h]	23_2_0463B260
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463B260 mov eax, dword ptr fs:[00000030h]	23_2_0463B260
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658A62 mov eax, dword ptr fs:[00000030h]	23_2_04658A62
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04589240 mov eax, dword ptr fs:[00000030h]	23_2_04589240
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04597E41 mov eax, dword ptr fs:[00000030h]	23_2_04597E41
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C927A mov eax, dword ptr fs:[00000030h]	23_2_045C927A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AAE73 mov eax, dword ptr fs:[00000030h]	23_2_045AAE73
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464EA55 mov eax, dword ptr fs:[00000030h]	23_2_0464EA55
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459766D mov eax, dword ptr fs:[00000030h]	23_2_0459766D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04614257 mov eax, dword ptr fs:[00000030h]	23_2_04614257
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045A3A1C mov eax, dword ptr fs:[00000030h]	23_2_045A3A1C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA61C mov eax, dword ptr fs:[00000030h]	23_2_045BA61C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA61C mov eax, dword ptr fs:[00000030h]	23_2_045BA61C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov eax, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov ecx, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov eax, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04585210 mov eax, dword ptr fs:[00000030h]	23_2_04585210
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458AA16 mov eax, dword ptr fs:[00000030h]	23_2_0458AA16
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458AA16 mov eax, dword ptr fs:[00000030h]	23_2_0458AA16
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04598A0A mov eax, dword ptr fs:[00000030h]	23_2_04598A0A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C600 mov eax, dword ptr fs:[00000030h]	23_2_0458C600
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C600 mov eax, dword ptr fs:[00000030h]	23_2_0458C600
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458C600 mov eax, dword ptr fs:[00000030h]	23_2_0458C600
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B8E00 mov eax, dword ptr fs:[00000030h]	23_2_045B8E00
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463FE3F mov eax, dword ptr fs:[00000030h]	23_2_0463FE3F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04641608 mov eax, dword ptr fs:[00000030h]	23_2_04641608
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C4A2C mov eax, dword ptr fs:[00000030h]	23_2_045C4A2C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C4A2C mov eax, dword ptr fs:[00000030h]	23_2_045C4A2C
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458E620 mov eax, dword ptr fs:[00000030h]	23_2_0458E620
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2ACB mov eax, dword ptr fs:[00000030h]	23_2_045B2ACB
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B36CC mov eax, dword ptr fs:[00000030h]	23_2_045B36CC
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C8EC7 mov eax, dword ptr fs:[00000030h]	23_2_045C8EC7
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463FEC0 mov eax, dword ptr fs:[00000030h]	23_2_0463FEC0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658ED6 mov eax, dword ptr fs:[00000030h]	23_2_04658ED6
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B16E0 mov ecx, dword ptr fs:[00000030h]	23_2_045B16E0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045976E2 mov eax, dword ptr fs:[00000030h]	23_2_045976E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2AE4 mov eax, dword ptr fs:[00000030h]	23_2_045B2AE4
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04650EA5 mov eax, dword ptr fs:[00000030h]	23_2_04650EA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04650EA5 mov eax, dword ptr fs:[00000030h]	23_2_04650EA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04650EA5 mov eax, dword ptr fs:[00000030h]	23_2_04650EA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046046A7 mov eax, dword ptr fs:[00000030h]	23_2_046046A7
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BD294 mov eax, dword ptr fs:[00000030h]	23_2_045BD294
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BD294 mov eax, dword ptr fs:[00000030h]	23_2_045BD294
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461FE87 mov eax, dword ptr fs:[00000030h]	23_2_0461FE87
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459AAB0 mov eax, dword ptr fs:[00000030h]	23_2_0459AAB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459AAB0 mov eax, dword ptr fs:[00000030h]	23_2_0459AAB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BFAB0 mov eax, dword ptr fs:[00000030h]	23_2_045BFAB0
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045852A5 mov eax, dword ptr fs:[00000030h]	23_2_045852A5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458F358 mov eax, dword ptr fs:[00000030h]	23_2_0458F358
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658F6A mov eax, dword ptr fs:[00000030h]	23_2_04658F6A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458DB40 mov eax, dword ptr fs:[00000030h]	23_2_0458DB40
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459EF40 mov eax, dword ptr fs:[00000030h]	23_2_0459EF40
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B3B7A mov eax, dword ptr fs:[00000030h]	23_2_045B3B7A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B3B7A mov eax, dword ptr fs:[00000030h]	23_2_045B3B7A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0458DB60 mov ecx, dword ptr fs:[00000030h]	23_2_0458DB60
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0459FF60 mov eax, dword ptr fs:[00000030h]	23_2_0459FF60
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04658B58 mov eax, dword ptr fs:[00000030h]	23_2_04658B58
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045AF716 mov eax, dword ptr fs:[00000030h]	23_2_045AF716
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA70E mov eax, dword ptr fs:[00000030h]	23_2_045BA70E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BA70E mov eax, dword ptr fs:[00000030h]	23_2_045BA70E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465070D mov eax, dword ptr fs:[00000030h]	23_2_0465070D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0465070D mov eax, dword ptr fs:[00000030h]	23_2_0465070D
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BE730 mov eax, dword ptr fs:[00000030h]	23_2_045BE730
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461FF10 mov eax, dword ptr fs:[00000030h]	23_2_0461FF10
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0461FF10 mov eax, dword ptr fs:[00000030h]	23_2_0461FF10
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04584F2E mov eax, dword ptr fs:[00000030h]	23_2_04584F2E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04584F2E mov eax, dword ptr fs:[00000030h]	23_2_04584F2E
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464131B mov eax, dword ptr fs:[00000030h]	23_2_0464131B
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045C37F5 mov eax, dword ptr fs:[00000030h]	23_2_045C37F5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046053CA mov eax, dword ptr fs:[00000030h]	23_2_046053CA
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_046053CA mov eax, dword ptr fs:[00000030h]	23_2_046053CA
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045ADBE9 mov eax, dword ptr fs:[00000030h]	23_2_045ADBE9
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B03E2 mov eax, dword ptr fs:[00000030h]	23_2_045B03E2
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04655BA5 mov eax, dword ptr fs:[00000030h]	23_2_04655BA5
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045BB390 mov eax, dword ptr fs:[00000030h]	23_2_045BB390
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B2397 mov eax, dword ptr fs:[00000030h]	23_2_045B2397
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04598794 mov eax, dword ptr fs:[00000030h]	23_2_04598794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04591B8F mov eax, dword ptr fs:[00000030h]	23_2_04591B8F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04591B8F mov eax, dword ptr fs:[00000030h]	23_2_04591B8F
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0463D380 mov ecx, dword ptr fs:[00000030h]	23_2_0463D380
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_0464138A mov eax, dword ptr fs:[00000030h]	23_2_0464138A
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607794 mov eax, dword ptr fs:[00000030h]	23_2_04607794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607794 mov eax, dword ptr fs:[00000030h]	23_2_04607794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_04607794 mov eax, dword ptr fs:[00000030h]	23_2_04607794
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4BAD mov eax, dword ptr fs:[00000030h]	23_2_045B4BAD
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4BAD mov eax, dword ptr fs:[00000030h]	23_2_045B4BAD
Source: C:\Windows\SysWOW64\raserver.exe	Code function: 23_2_045B4BAD mov eax, dword ptr fs:[00000030h]	23_2_045B4BAD
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04FF14 mov eax, dword ptr fs:[00000030h]	28_2_6E04FF14
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E049D71 mov eax, dword ptr fs:[00000030h]	28_2_6E049D71

Enables debug privileges

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00CB7823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00CB7823
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 2_2_00CA813B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00CA813B
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00CB7823 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00CB7823
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 27_2_00CA813B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	27_2_00CA813B
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E0467BD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	28_2_6E0467BD
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E0475D2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_6E0475D2
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Code function: 28_2_6E04CAF9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_6E04CAF9

HIPS / PFW / Operating System Protection Evasion:

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Section loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Section loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	Thread register set: target process: 3472			Jump to behavior
Source: C:\Windows\SysWOW64\raserver.exe	Thread register set: target process: 3472			Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Section unmapped: C:\Windows\SysWOW64\raserver.exe base address: 100000

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\raserver.exe

Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V

Jump to behavior

Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: explorer.exe, 00000012.00000000.392773721.0000000001128000.00000004.00000020.sdmp	Binary or memory string: ProgmanOMEa
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: explorer.exe, 00000012.00000002.504552070.0000000001640000.00000002.00000001.sdmp, raserver.exe, 00000017.00000002.505933519.0000000002E10000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001B.00000002.506006329.0000000001170000.00000002.00000001.sdmp, MySqlAssemblyConsole.exe, 0000001C.00000002.505673751.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 28_2_6E046FF1 cpuid

28_2_6E046FF1

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: GetLocaleInfoW,

28_2_6E051497

Source: C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe

Code function: 2_2_00CA8986 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

2_2_00CA8986

Source: C:\Users\user\Desktop\PURCHASE ORDER.exe

0_2_00403348

Stealing of Sensitive Information:

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\raserver.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file access)

Source: C:\Windows\SysWOW64\raserver.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality:

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.431726955.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431752828.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.503999453.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432758571.00000000027EC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.505688448.0000000002730000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432137722.0000000000BB1000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 2.2.MySqlAssemblyConsole.exe.bb0000.2.unpack, type: UNPACKEDPE

ID:	385280
Product:	CloudBasic
Start time:	09:33:21
Start date:	12.04.2021
Sample:	PURCHASE ORDER.com
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	9d71011e0ef3208145dd434e229ab0e2
SHA1:	ecb4b62327a724ab00bd42bf98a51db3a3977079
SHA256:	8dccc7a8d24c010a59d807148c7a6779a7f2eac86868e1cf083235d0bcce3414
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\DB1	SQLite 3.x database, last written using SQLite version 3032001	81DB1710BB13DA3343FC0DF9F00BE49F	9B1F17E936D28684FFDFA962340C8872512270BB	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
C:\Users\user\AppData\Roaming\886N85Q4\886logim.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3	05F040D07B1B0AAB02F6A98037020421	F650E99B109D41C989FF6B23C023B145707C1A41	F3959F1240899E39F64BAA61EFE4A1061C4DD768F1B9048E97E7BFEC3259C2C2
C:\Users\user\AppData\Roaming\886N85Q4\886logrg.ini	data	4AADF49FED30E4C9B3FE4A3DD6445EBE	1E332822167C6F351B99615EADA2C30A538FF037	75034BEB7BDED9AEAB5748F4592B9E1419256CAEC474065D43E531EC5CC21C56
C:\Users\user\AppData\Roaming\886N85Q4\886logri.ini	data	D63A82E5D81E02E399090AF26DB0B9CB	91D0014C8F54743BBA141FD60C9D963F869D76C9	EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
C:\Users\user\AppData\Roaming\886N85Q4\886logrv.ini	data	D2A55B5A0DABE2517AEA6F43085DF974	50B7D96FD31DAD50C6723F5EC9AD7BEAB6D99F0D	50FD1DAC868B22F3C0FC0A1FBB9C8CA7C4180750D2382C4E444FEF8749EE13AE
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\AUTHORS.txt	UTF-8 Unicode text	F7DEE392B74ED345C8B6CEBCC1E030B4	F23DF2AE06E466B0630743BC36AD2140A52F607B	5555CA3579512DCBE89CBC77D23F4182E6D06F9BB22B6D8E35D546C1E3A17E0F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\COPYING.txt	ASCII text	59E4C5D5ABB73D37F397A6123516FAF8	D375F0A7AF7183261336E65CB353113A430366CD	3FDCF89D38B02623ADC48A8639AA4AADB81A3E69AB5F91327B84C4F19B9D7369
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\MySqlAssemblyConsole.exe	PE32 executable (GUI) Intel 80386, for MS Windows	9C503420EE9E1F93D2B3C069B42FB899	F2A9791D5B394C7C25E31807E1B241FD5021FE58	3DA0FF15C077F76E57BD5C116E8C85599FC420A4433B19C705F0D437F7368CEC
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\README.txt	ASCII text	EA8CC6BFC03F4F0C2B9E1A7AA0DFE56B	19264B21CA1BEE51CAAC35B03060E7C52108AE78	33FCCB7C4736C06F285200BC887C52C750DA8D286301E56F86485E2F12AC0696
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\RELEASE.txt	ASCII text	3498D3E33BE5D62C42A1C4FE5CA1D7D8	8D061EDAB93903FC21DCF104078393A061EA2399	06C26688D1631C1E63DC84CB2BA6BDC3BB98E18681E4DBB0C744F95B8EF50C29
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\SDL_ttf.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	EF451A82499550EB2C784B75B1006C14	E3E7C084875E7946A74E9221A27E2451A7BD45AE	BC87B344774314014C05C54FBCB9FA0A6F584057906253B24C16ACABDA558AA7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\ADVANCED-STAMPS-HOWTO.txt	UTF-8 Unicode text	10C092537D6842DE53557B17CD53FAF9	15E5A99CF9B13BFC16CC1644508A1C37D62953DA	A59D3277DA1CA53F20DE626258B11AECB9986173EBBD4BEE0164DEF64D066A49
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\EXTENDING.txt	UTF-8 Unicode text	521FBA9DEC62D1CD10A3757E2742CB9C	F3A1B64C5B2D59E1E52EFC9189DAAEB387A198CF	F716F88B488707FD33445AF8ABCE7DA44E29A73F937A5B74A7B25C74555E32E7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\FAQ.txt	UTF-8 Unicode text	2AF8CBC55E40D24B00726B88B56897AE	D21F7293907DC66E1657C91469FE4AE0D240A5E4	189AAB079A180438540DD086C689F03149568522F1527CF6763F80B6EA264A67
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\INSTALL.txt	ASCII text	567A7BBA8BFB4CDEED891BEF83FC20A1	F06AB758CF2C5640D8C521F45BA68D3865A73E06	79385656BD4AC2C1B7423219DD958966DBEAFF136986C5469FD47DEA9B089BD4
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\OPTIONS.txt	UTF-8 Unicode text	40D227FA963D9311B74852DF2FCE8B95	83A4D66FA3BCDB600BB2CD26E2281D11A76C10B2	BBDFF869AD03351552E51B3E97AFEA2C0C77172647507B6831E19FA83080BF1E
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\PNG.txt	ASCII text	FE81DCE9188F49EB18F407A943C345FE	F55D001A9AE7CC3E918916A2CF673D5DCD8F8306	23E87CE66B40BD98201D51E458E9B0E6D945D49A9DD7D9ECDDB975C11B9A5F29
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\README.txt	UTF-8 Unicode text	D0DFB04EE442D61EFA610584DA85A7F9	BCAB94E6246B2993F2A33D0BDC216A7A0C90F492	4085CC108C9C96AA158ECF0BDDCDC78A69CEC153132C631233FBD14118BF4B61
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\SIGNALS.txt	ASCII text	A2DC03F6173A8782313502039A0FA648	F40E47A7FEBC3E20EBF7EBDDDE85C5E768E30ADA	8EAE138633372A60E5D924A22DC8C53CFF3AF6C5F7DBCECC6402F935DA65C967
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\SVG.txt	ASCII text	C44036879F4FA81F30ED5640354C2684	131F39701745FEDFD16B5E37429D31CA21B5B1AB	D65F8E199358C094B721D717A237B84D3DA9813F9286007E55246069C3B2F040
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\html\ADVANCED-STAMPS-HOWTO.html	HTML document, UTF-8 Unicode text	A4F66CD1860AE76A42FAA3C58D332811	30D43B78CE8CCFDF98550507DB3D837916FDE642	0F694D4D85C71B018E7C8521506E3437B0786862DF0CFD2545DC925FA1C99534
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\html\EXTENDING.html	HTML document, UTF-8 Unicode text	593792B44FCAFB4E594DD5B91D2C543A	85BE7A1D311C98DD3A8BC016F709AD6AEF278570	CD341865D6119BB38AC66DD6CFE7AA09093FFD5F98A908FAE55F143C319D6847
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\html\FAQ.html	HTML document, UTF-8 Unicode text	B877E6282081C4C158893BDE263A70C6	83A617543CC6F66B967D63F903D79A5955367FE4	4DB3DC4161E6171D7F3F41AC27E18D51771C094D8183853D9446385F09FC68AF
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\html\OPTIONS.html	HTML document, UTF-8 Unicode text	F4300498979BBAB0266896E7EA301D28	47842CDB94FCBEEA8A99C8B5EDD678D8EF865BF7	983C2AAFB0B8099B8D29D09AA5CD5BA4D75452D7CC3CF9E786E2C4A72628950F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\html\README.html	HTML document, UTF-8 Unicode text	D662EFB27B5C38C9F384DBD5754DE7C1	9D3A260A482CF15BD9F260F50D45F0FB83EB438C	E6A21D997B1FE50DBFE8F01F5B6E69F466126B65043FBBDDD47691655BE4A5EF
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\blinds.txt	ASCII text	C431482A3B893978A247B856893685DD	712D1E377491EC89975CDB7F908D5522AEB9CC7F	ABCC928FD47F1F83EC0033263BA63973FA1549E724DF87CBAF258BDE654D0844
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\blocks.txt	ASCII text	0965BE1E11631569377D0F7674E4831D	2BC841DB1EFBFF446917A3F3DD02F5EB169B6155	0865C4E2538953DBDAE62257DE9D6790C3F01C2B2C7EC4BFE9B03E7F42AD8385
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\blur.txt	ASCII text	8EBEABAF8D219698B38C67ABBDF91FFA	8A03ADA1CFF3A2B8A50F9513A16966C1A67F2DD2	54726951A66ADCA981F4E737BE099B006D6101009FE3A8FEB56FA3A9477F03C2
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\bricks.txt	ASCII text	375D17E06432A96922CED0BB212E0236	5AB300FB27322C2AF56AD8152847E9A787C9167D	C4D52874A901D4B9EE7E7C7E802B51543D9B8D52768D3B5BFCEC3C2A70C8BC72
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\calligraphy.txt	ASCII text	E672B8D74BCC539C95661968933836AA	EA8CFC04F78F1794F70007FBF8972803F8401F35	3D609E5B72CF5165774F573FB2F80A1A4FE2CD5491EB9486967D3281674894D9
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\cartoon.txt	UTF-8 Unicode text	42AEC8730C7A3C4F05B2F5B737031DF7	0DDCB38BD037389BA06F9EE812A08930B20362CA	DE6956C05070A38405CACEBE7D4C061B31E0FAD423B9F450096AD3D8EEAC9535
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\chalk.txt	ASCII text	8E68D345262E930DE8AEE5D1F7B39978	C0888D6C8F46FE83F85D44A3099DE9952E88A56D	5D0A74FA2B5DAEF91BE6ACE7AF573B32892E83595D8428C78611EA3F030AE002
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\color_and_white.txt	ASCII text	99D84F9FCD7D55137B8371612949334A	2B96CACA81E9585D34A3E131CECC51AC9268687E	44F46B4D4CA3C600E218B3D08F183410E28409AF393FF0DB17600F3F8B08C484
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\color_shift.txt	ASCII text	75840D26A1D4F30F11D721B9DD58E412	D7A0F3E12DA4C51CE75470FEBE3C2E6F36506EA8	39ED7DF04B0971967EC512595585EFED25011F84592FC38AAD807CA47E2DC31D
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\confetti.txt	ASCII text	7222F79DE75E27E5FE77639C7D181B34	1C116198CD665421920095E184DB5BAB59F42120	E781BEDD1F27641BF98BD7F8BC45F4B3F5BD55018B2C772B72CFA4439A42E83F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\darken.txt	ASCII text	1593CD66885D79932CBD0FE742AD47FA	C8CB1A521CEDD3EDFC427622A627ED133D3948EB	D4DDE148A57D872F6E8CBF6D33168A681B95E152E981D3D871E99B212E4881C9
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\distortion.txt	ASCII text	355077CFAEE96429314CA653083EE2FA	108E5810C44A0BCDAC0BC2ABA81E1B8748EBC8D6	9DF8BD97B496C0205EF8AB889C7AEEEED9B46536F278F8415F740146B58718A2
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\drip.txt	ASCII text	91B4102339A5CC893E14E12A36D87C82	1F6DC520F9866D639A2FAB40439505AC8800F54E	DE80F3804B1381C9636748E0D74FEA770161A4A1993420CF9AB9E79912C2C3DD
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\edges.txt	ASCII text	A3D365C92648D2DA59F97FD80961373B	03C25BFAD511C8A3EABB06CD8C979D4083018BC5	C0C1B6FD9755DAC255F3D7C9C2A19FFFEB7EC488DCE509A6E8C9585EDDB4ABA8
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\emboss.txt	ASCII text	25DBFB49DC6AC792942CFEBA7F008FD0	8BBA8C9D47E89CBAD6D4A66F18ACC3807FB39CD3	2669677B8C19756EEB3299D525F143D15F3327B3BED3D870B7D3F185A2869BF5
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\fill.txt	ASCII text	F6EB096DFD31453384E43F31B7F4DD98	7B5C8D6334FEF4BE863A8F32BAC1B0C29F35D707	F9C9526BBD82199AF7CCD1E23F48071534A827DD637A6E0FCDDC16DF28BB45D0
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\fisheye.txt	ASCII text	6770169CF98E94C42BFC307AD30027A2	5916437912D78BDA6CDE004FB17AC1DBA63834DC	4964A114CB9A8570000D3194DC88413C03B505A6DE5620436CCC1AB28435DD5F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\flip.txt	ASCII text	8DB4A593D34A78D663AD1700F57C540D	CFEA41759200C324322C5C0B2DC56CF238FB6817	744292C861B3829D55675D24399BB042F7120C0DF37B9F2837BA94F2D490EF90
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\flower.txt	ASCII text	05B371BD88A5EC91BBBFC8F5FE7B381D	8AA5B06E513700C31513CB6EA5EFA3A75ED1365E	E9FEC19EB4D79EE50DBEAFA5D287D4EDBF5D7AFC44EDDC65CBD6F8E71DAEA0D3
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\foam.txt	ASCII text	98AC0183B3D6B3EE3ED9F7F1E1CE75B1	B746730D004C3F86FFA0B0D82AF66A454DD5E875	FC54839A6FC8CC9A664700AECE125E58CF125973F7DA86A40F2E787FFE64ED4C
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\fold.txt	ASCII text	3A78D36BAD1A122724CFA33A119B44B9	288799E9C634B1BD58311B1247B0CBEAEFC6C07F	A83D6F4190B22B9703D7BEC11F32539DCF8025AE8AE4E40D41CC34635F2066BA
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\glass_tile.txt	ASCII text	15DF95E3829CD04FE572D4E04BF53434	BC7DE2AF7BBA6A5FE2CA9A9C3075F20EE84EFA86	667467CC74BDC9732A55B7792C9B7A5DD055981CBDF9220E6B35A77B7D8C17CD
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\grass.txt	ASCII text	D7E6D2F3974822AF1E601E11A2931520	3B0714EE1D3F634BE8B56ACF9CCE0FAB66B54C00	08CC48B69360FFF8C460ECB735AABFA52084A8FB2A50CA048D55C2E1C8687C44
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\hexagon_mosaic.txt	ASCII text	C9A0D10596CC0E50CE3A344D0C9EBA9B	9E4F23A869ABA47D75BFB4480C5DC706089B797C	A53A539D8D07FC5BF2ECD0542AA0FBDDAC5DA1F3B679CC4B7F58DBAA2EAC9433
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\blinds.html	HTML document, ASCII text	983A7695A12A274A6A1F3DADFB6996E6	801EFE7EB313B7C77FF2CD4CFAA0E3F9EF8124A0	A502523A74FC126AEF99681231FC6679379F5C25117BCB93301BD5C93EED09E7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\blocks.html	HTML document, ASCII text	C16E8671A7DEE6BB2059111144A86452	5CC3F563BC748DDB0C7FE02632928A45F81914D9	A6D27BF55447BBE65C4C3A7EA92F7316870F143C97E2132CA1D029FAE23BE4B7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\blur.html	HTML document, ASCII text	6542478AD0E789DB017E1BF99822EBBD	BF96D545096B06413306B0740527E85771D2CA0D	3892BFECFABFCAFAD9855D1BB2844E34926FC887D0723046FA0F033940ADCE9A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\bricks.html	HTML document, ASCII text	3B46BC955F0473A60E8BE6009E7B42D2	699D4BADFACFFAE7698B4520887EF572DAF6E790	0EB97D54A8E2221F0D80B8E330E7B402D707BB7B3C5C5E70A865CF92759E8279
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\calligraphy.html	HTML document, ASCII text	54DED997EC2EF07533B255DFC512313D	DD1D00591C4FFDEC561E4BE2DF4517BE93A888D0	BED3FAF89FF6A620203196DCFFE0533C95D0A5E77A0F6F00BD8F88A55156D27A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\cartoon.html	HTML document, ASCII text	0A5C8F5AF3FBC3A3E80DA3D18380A8D3	ACCD7BE5AFD7254CCCB28C2B97C7B6A4AEF86642	013EA532557F6830EE2CBE195876BB0105D1FA9D4D64A0ED60989887AF2BCD6D
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\chalk.html	HTML document, ASCII text	B3D70950AC1C6DACE1791DF38E59C457	7B33F3C479AE8694AF1CA6C1E187CE00B551635F	69BED443C858CC8B89228C4202958DF3BF7B83154103EF140A3329248436D233
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\color_and_white.html	HTML document, ASCII text	0522A7E26205639BED6B469D630D2683	D3B82222DACC81999648E32F319A0FB4FF17AD8B	F94C3A09C088C94A992E0ABCEFDF8A601E5A359C999F6FF77FA337EA9085409A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\color_shift.html	HTML document, ASCII text	E92BDA3EF55F9F854F9160E75AC48742	6A4081982664311373C5CA6A00EE1190CB91EA20	8F36E57BA78DB13F577EA81C56766B216175BBB431EC2E06483BEA808B7A992E
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\confetti.html	HTML document, ASCII text	D7B7A919806FAE79A3253E70CFC7E165	C8AA3A0C9EAA9B26EA7EADD3A70AF8DC761597D1	F42AB9FEE6A0FACDE9D52B68A5F152D251F9A3F4BB7C172D0C4DA484B9FACAF1
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\darken.html	HTML document, ASCII text	B02A76080071F23414C74E9ED1119DE1	C55C147B76B8F0603C797382AB52E78BAF032BA3	3FD37989B8AAAE394B272398009345DD46D81235BB01EC6F5E89A9C9FD396EE0
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\distortion.html	HTML document, ASCII text	937A66FB6F3A5BBF45E4EF3D1776E5FB	CF4D9E2EEC8A4277C2492DA29A67CCF522601557	DFD3FD6A0A47CF06335C84BB2BCFC6037DBD4FACF133491295E4F2DD5851784B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\drip.html	HTML document, ASCII text	5BC91F123739F7EFBBB9D537EFCBDBE2	C210FB8A2710249624994FEF73EBEC5BF507E734	DF2874070B10D8C3233123A07C6D9B947A3010D79B604814D19BA51CC36FD926
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\edges.html	HTML document, ASCII text	FB95D8DA3AEA403D32EE59D8955789A0	B4A77DC495F824DAA09B20E62461937CD362AD3C	0F79A4BCBF08A44D9CE6BDDE9C91EADB8174AD7ADD140FBCE35D9444D8DA8417
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\emboss.html	HTML document, ASCII text	935B3BB6890EB9CD21D5C519118ADFFB	F5BF7F0BC1D83E8418B8639AB3A95EB5B8E88EBC	CDB8C695F37AB445D923AD891A2004F0BDD947DDAF2A71AB9B6278E933C158AC
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\fill.html	HTML document, ASCII text	05DFA86ADCCE2C421CDF25E449C18FD1	8A442536273A4BBF767683A51EA887CF0E27EB69	C7E8066743C867AF33396822966AC75A11DF55AB52EEA58A4DE317994FC14031
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\fisheye.html	HTML document, ASCII text	8F06796BABBA049722B9920DCC231407	8A14450C7A36D5E76E50768FE6C09E82E647CA7F	7B8974F341D5965C4B7EE1113DDCACD274BE1A15C6ECA6AA82E6D9A00753C74F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\flip.html	HTML document, ASCII text	1A4784F29D45EC163CB061B4CF1F316A	2F27165FFB08BA7FC74AE99541D2F0AFC38FC39B	99366F4A2818BED4117DCB321BD747BCDBD4FC6DBC27F5504D57C2CF66C05F30
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\flower.html	HTML document, ASCII text, with very long lines	0BEF072597610938A87D8F16BD335314	EBFDA32F2EB737D8473DB918F817C13DB32DA5E7	E66D126CAE340DB8E461339CBB94DD5720D75D1FD87088BC357EE6E59EB92FFE
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\foam.html	HTML document, ASCII text	20B9DDD6B7A8CC0549C1A1B91207051F	80DC397D0F9A65BC92B85CD9097AF5D39A7A2CB7	DB042F0AFE4E071A5AFC4DC563D137C85067512BD9D75B086753BF91E76D8627
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\fold.html	HTML document, ASCII text	D04C8967FD4C8AB6B0E3DB28FF8F8A08	ABCFA78AEC2CD76FAA2DE02EE2EE9778DCADD844	42B9567EFA77F6DBEC0632EAF28AB16520ADA7A2A4508DBD693FE731F7B88B4B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\glass_tile.html	HTML document, ASCII text	6749E25ABEF58ADF1BEF83F4A1BD55C1	288EA2A8B7FD08883FCB3D844683F666CAFF20B7	F5EF9F28EAB16630B360D80B56D955E898040D74C95F0EA624AE6233017F1037
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\grass.html	HTML document, ASCII text	2450C76793C79B33DF6AD4EBFAF22B0F	F90876947AB8D1A73B6D044017A2E8FEBEDEFD08	2BA111A6EFCA19CAA39509C32D476FEAFE415417A2D3EF703A286293AEDE2988
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\hexagon_mosaic.html	HTML document, ASCII text	37A143710602E7CEB1BFCC2246217F4C	B2ACEF7756ECF7A1E6C306F10AC266D03BCAC006	81D3A5465CCD5DE912EA102575CCA5B109649F8AC1F89D44B416050F0B06AE0A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\index.html	HTML document, ASCII text	0A1C7BF255AC8C6A500144AE5C987438	AB3F75E07385544C2F2676C1B707696B740A1195	9353CB37FC685371C1B8FA5AB793BC78CAA985C01A43A7F7172EDB8352F66249
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\irregular_mosaic.html	HTML document, ASCII text	2DCCE01231F875B23048FBB9A9258D68	0E848A5911A1F1C828381E8B6C99A63BA86AC17E	664FB492AB90B073BDD91A08F547BA1E356D1EB8112B87AB120B72EB3D735CAC
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\kaleidoscope.html	HTML document, ASCII text	35829418A4ADDB550B250D018FACBF13	EED880B2F5B97BE468FD8D8CE0F893AD99DA0DEE	E8BA6AF84A408A3D58B8EC3487BC615C6ACB495D31EF8753F8172251F0C315FB
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\light.html	HTML document, ASCII text	7AE4D6842BE02AC78CC74EBE2D2FB075	53E45134D20951A081258D5828D49E7268DC519C	987370733B5F2815A31553BC08065A70FCEF34BC8E6F6AB9759B63C2497D18BD
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\lighten.html	HTML document, ASCII text	A8F7186E354A20F24204F15C65D38348	2E009FB0F7BF9934FBCDC395F6A9752F1F4D4D12	8A1A36231879CFF5A8016C89DB77B643A2B9EC6AAA5F2FCCDB62ED0810DBC09D
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\metal_paint.html	HTML document, ASCII text	91AA76DC43D2568EA5D32A2DF10BD40C	6EB8B68F7A06D14F9E476F395344FD8DE3B128CC	60C84C68AC73A6C287D5BAA47059D6C71781FDC0D455F4D8AFEF087D15A4A404
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\mirror.html	HTML document, ASCII text	788689252DD10C7E1B141275D0706059	BE94AC821DC30702AC1D0A02DC376B3BDF367993	5B3450942BFD89A971958141F80A82828FEF680964CA8915C97E74713A72B450
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\mosaic.html	HTML document, ASCII text	3C5B1828CD09AF8D4494D63A12A53F0B	35346E3D1CD4B988EE0A986FF548951E4552BB26	71C32F7940D620DC5F1F2FFD7FEB6D30CAE4D6931B91F6FEEEBABBEEE35727BB
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\negative.html	HTML document, ASCII text	F8DF46C89B3E90C7EBD98D150EB62F8E	F29AA7627E283729BE7B8BD6FE90221F9157776D	7F9C0108CBDEBCEBA6E3CFFC75A5E90BDC5AAC24008008C02C6E0FD6C31B22EB
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\noise.html	HTML document, ASCII text	DD23B611A10E0C9F0D1EB9B6D96B6D1A	03E893D3976671C061D6EBEE64DC98D88C6F2A8F	E714EDA8A46149FE94EED79A0BCD7340230E312ED680650447630E67291BF7A8
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\pattern.html	HTML document, ASCII text	D24CF22E0B3A2848D44E734AB4F568B8	EAE80DADD531A773B990378522EF1D1085A2DAAB	830F39E3832D5218E0A05B93D27A365AB039C561EFFDCE417544D21072A4A571
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\perspective.html	HTML document, ASCII text	8EFEE31C47250AC5F56A145F44849226	FDD1147D1FDD4042798876D69FE407A7AD6B9BBD	72DDFAEC0019C830798F1E9EF8A17AE23D99C9D977E62975343D41EB5F607C03
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\picasso.html	HTML document, ASCII text	A1770C91B5E1327A035790B29BD6BD69	323D2C2784CAED3B1B5BB22417D3C29798EC11CA	D6E6865DEF34DE7D9B40D0A5635ECE4CB08658F7733D22A6514D29CFE6FC96BF
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\puzzle.html	HTML document, ASCII text	FB7EC1592068DD29086048AEE6E25F32	AAE1FCC5CB9CD6319F1B2D033235445E98F73422	F348DCDC349EC9BEB2AB5DE7BDC19107E387987BE180070E1842C7A4E1EACB34
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\rails.html	HTML document, ASCII text	1D393B6ACF5FB49401D10722D7EC184B	5298B873827B8E7E88E65AF667B73409DEB3A2CA	311BFF34C2544CE768AB0FD9E49EEBCF52B8A208FB0EBA92A414CB870B7F20D7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\rain.html	HTML document, ASCII text	239B3F211E25B475698EF8A171CC5D3A	C6B01AA86E93D48BE8BC2928E8D8762AC257E050	4484A726AF02045034F7F55F1C1E285AD3C198F29CCFB7794E81119C103C2938
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\rainbow.html	HTML document, ASCII text	C92D3FA175AD22C9B24D6A2994C2E9B6	BCD732F12FD8C526EF5649E721D695CDF65C5367	BBA7012ED043B08A67B1E5CCD1DDD9B41513AF6CAF9654A5A6E725D91008B369
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\real_rainbow.html	HTML document, ASCII text	7CD5AC61711E0211BEA6DD428D49CD51	2D86BD34699A21B5A1475B1AF0C0AA24B28E31F9	9B8F80BD407CDA67F251116F2F3DCC99AB70AFEAD50C519AC18B10334BD9086D
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\ripples.html	HTML document, ASCII text	33AA50548EA70C092BFA0173C070E64C	734E11C825338D256EAAEAF2D72EC3500A663B7C	D4A8B765CB6FEFED6BA54D371CF518CDCDD62551322A4E2F12BC700592A1E3DE
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\rosette.html	HTML document, ASCII text	0B164BC6005BAB603AD86BF7714BB7CE	ABAA941D75235AE95F19A42EF83D945B185D73C2	B08878AE78A0B67719C5F00AF3A80E3CA813D0A07280D41A8F9CED375DE95E32
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\roygbiv_rainbow.html	HTML document, ASCII text	2F77BC005616A3767516528D26FA097B	F6CF109A5C21764293B531ED7648241AD01B16FA	8F839F04DF274492048552575F1005D15ADF92D9D696EB17A6B8A97D16C1AC63
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\sharpen.html	HTML document, ASCII text	DDCACFFDC761A337CD89F1174891FF96	7303875BC3A8E63F661BF52231FE33FD5AFA0400	3D3AF3DFCADAEE2BA18EFDD8E6C331E1FAB6E2F8BFD8F95A6DEA2B9A6E5FAD01
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\shift.html	HTML document, ASCII text	8A2420A16E38F968FBD2EC858692EE8D	8CAFBAC53AEDC917CB1FAC82BE731B726CFB3C39	5E3A2D05A85A7B43BDBEEADFDDA5906A507AD29A9870F0D8B04D057026BB8CED
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\silhouette.html	HTML document, ASCII text	395CA436E0565D92A107027944E76FE3	326626BAEA22483B40D7D77960BECE3909E334CD	08BEE548AF59088BF97E841F5C911BA37DFB612C2EA0CFE8BFE63D50A67B9E8B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\smudge.html	HTML document, ASCII text	79FC86A4D48DE74539F68994EF2AEC1C	7ADA0D09639C1589766CF841412E22619D0474DD	5C8F8326701D63D34D1FDD77461DFAAAB58184FD45F8B92D070F6E15940D107E
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\snow_ball.html	HTML document, ASCII text	766E009FC80003402CE03D122F507735	05CDC91119F39453456E80680B4DF7B3F261D422	BC988A92A845AFF5F8D0446BB73FE7705CF3A09281466F8AABC44271550073E0
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\snow_flake.html	HTML document, ASCII text	939775A37C05B9F077A2F75EC23859A0	4A440BB33ED341C87CB9CFF8140E51F89A43F106	7EE4B81BF0381256A9F23F5A24B470222F7CD776540978F92D53BDAD80375268
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\square_mosaic.html	HTML document, ASCII text	3BB9A31993083DAD55C4BE01E0B12C23	CE7717638890C8874CB17DD91657DBF98C156799	3DCA01C2601412C1CDE19E73E692FF0C701EA60179C38D5FB2D9BEC89F718ACA
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\string_corner.html	HTML document, ASCII text	9120D3B70679E895834F84D6B3646E43	9F755004D7F56EDF576A9E697E04F9AFC87B403F	3252F0C045F57B4C31608069052BB71C49CC9C4A6B961F62C5BEB8AA881889AF
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\string_edges.html	HTML document, ASCII text	2D46C041428754A5A061D3523B008AEB	5270F6BD056852F42C5C48F15FA15EB1E6190230	7C8364FAFD87FCD705A4EDE6E6012AA7E70C6BB9CDDF6468A5BEBA3D336A1831
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\string_v.html	HTML document, ASCII text	DEB9A8DB5691C5878F164883EF5516B7	E115B7EE98012230B0EC9C622F5C7370D7C26DEF	B2A117B4497B88479AAC3D80FAF127B5A62DF3E531C52D692C856E50C52786C1
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\symmetry_left_right.html	HTML document, ASCII text	089CAEA288F755F5AFE457D726A3B387	F6E408C955EAC4A2A7D98740A2A41B0B045EADBC	3FE7B996D4CA5A7B4458BE8593E3351D592F4E88E74254B8DD5C3F13752F4EE2
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\symmetry_up_down.html	HTML document, ASCII text	22CD1C9267CB716CF5B929013D14E014	F48C6891625F6C2FDDEA3F97A869776A6E284705	64705292A7A14E46587AAE811571043FD7C17AA738189A51F896525634A8605C
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\tiles.html	HTML document, ASCII text	BB3FA4E37921EE54DD355EC779A595C0	6FC687069DDB47B9490CDD84F9D03532AB2C7C74	AEFF3F8D2F637D376F1AFAB0FC0585C6581A16180AD641C4B62DD757E5563382
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\tint.html	HTML document, ASCII text	FD3AD3D0CDBDEDFF14DEB7B2EA3DD83E	C77E0C2EB4B7DB725199FEA37EA9997684FE1436	31EAEE2CA4031E7BC8708AC4919D16932423B3C91AF1C0EF5C4651C0663C3075
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\toothpaste.html	HTML document, ASCII text	DE019240171E5669A27BA6060517D3D4	DBFC47D3E05505E7132EDE6B9A5F50D803B2A902	CB924BCA67A213677B77FBA679167D1B489F41987CE50993671153777CDDA159
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\tornado.html	HTML document, ASCII text	8581013BE2EA99422E6DF105D0E0D9F0	43541992F6A360499C296276ADADB3A4CA9A0CD0	6C43918356999073E742C1C7D48757368E0103A6344EFA307FFD5FFB6581992F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\tv.html	HTML document, ASCII text	430221796371AD6A0F6446752B9486C4	76C3989FCEF12078A184EFBE3AB92493F7A554F3	68E25EC788A18DE7430EF9063895FF813E193816972FC0EB8FEC3FD0AC559A68
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\wavelets.html	HTML document, ASCII text	69DF1776EE11557CBD3B2E3D8DF4EADE	2B5CDD843402F3F7B5A3F24BB27145C29698868D	9E11E17E459BE416E43D4C5AC3C9AEFCDE126C12692421CF14276FF509792B6B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\waves.html	HTML document, ASCII text	41511C5A09015E7F9A4741A89400E6E2	8E009C7EEB05D600ACC2451C9A2715A351962D2A	C78CE9971277EC60DDE44FD9D07790E17429AD0A109007C993DB4F203C744994
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\wet_paint.html	HTML document, ASCII text	982A21AA6DDD05537FEB21BD8F3B21B1	2EA89EF3E63127FB31308ACEEC60D04FBC8F7BFB	7550A7322EE70AB9C9E0D2BD32EF142821CA8CD40057D88491526DC8572D104A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\xor_colors.html	HTML document, ASCII text	B47B756BA9F83E933506DC957A05920C	E13D9FD34B57412DC4A9E11C6DBA6E01BD857F23	FC391C54442AA317A28588FEF6CFF2A91B374CD1C2E8B8932C4E180406EAAF0B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\html\zoom.html	HTML document, ASCII text	73FA147E0A901EC87CB2C5C136929440	8D579A09BC05F29BD2E063161066E8827B46B1F0	D0D5C98A9635BEEDEF54FDA9149732CBFC13F27F7EAE8B0E1D4CF0ECE3833F69
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\index.txt	ASCII text	8DA0145319A7EE594777437357132F80	B0A6541A751DB7755ACFB8B224140DD567937D27	AA6DACDEA998105D8601B754D98BC352898C69631E76F5F6404C1418603C3569
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\irregular_mosaic.txt	ASCII text	890A87EFB8D46FFF5242A66ECE84ABC5	87D630B46DF5BA3D5CFBD85358C1271B9DD22DCA	EFF64BEA79DF30DDD0BE7F5144D5F45040535F8870D216F684BCB4078A0B5338
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\kaleidoscope.txt	ASCII text	138383BEF81B462D24471AB97D7ACC4E	DEF1A8F36F0AB2819F38FE3C3FF0F5456C53D38D	A440DAE6FD4225E8A552EFC5FFDE19013052BED8A647044E82AFDCAE33F24C45
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\light.txt	ASCII text	EFE692D399D9136B001D04431491A586	6227341E9406D5B80F6C69858169AD209F707EBA	0503F651CF6A7CD5917FA2FA616ED78E851715E5069E1F51B2E82F5F25FEDDA4
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\lighten.txt	ASCII text	24AF915C660E52D99A334E55192CF96B	A4CA4B0CF28CD159B03158CD40E3830C813828BF	49E33ABFAA3A40945C6AF06444A2147D8A5654C80D285C3E7871B25F29749F5A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\metal_paint.txt	ASCII text	1198B3CB3CA595ABD0AD0621FAD965A6	A8AAAD4A559C740D86B37CEC152E0D4D7A1F9027	D40566422CB5CB8BE898421AF84AD93BFB9EF393E3401B028BC46D95FF8573FC
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\mirror.txt	ASCII text	FBFCC673D73F4735C29A0A8AB1696F62	5B5EC4AB5655748A14C9F25874B6B4E99F953B57	CBB30590EFC3B5459314DB23A2467F97696FA7F71DDC4A0E89D26399DF83DA8B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\mosaic.txt	ASCII text	4ED2265E7A1C20544093D989CEDFAAEE	8FF3AC1674DCC3AFC2232A428003B55C8FE00853	FC158BD3E0E319C64CD450D66CE9CC41D71E8EE06282F27E4111DBC5D4627741
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\negative.txt	ASCII text	E9712753592AF17AC39B6B95613FD3BD	0369A629602D5001A4E1B5629D8DD185C6B45431	450DBB9CC2C07F068A067622946EB323E7E119C032B0E3D358CE8405EC604EC7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\noise.txt	ASCII text	6712AB7B5023921458DBF05A684DE5BF	C2B70DCCCC23507C470C20E93CA3429C1977AED6	2C38FFC2043DDB6E712B2BB00225CE446607D075BADFB3BDD7C603B525A987F2
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\pattern.txt	ASCII text	AB10396C3A0A5517A66B410B6EA6C176	178B38A4FBC389595581D7D9F0E88E8273D3DD0F	EB310A656BAA906FCA8520123718D07FA71BCF6A4B5AA167DAC9B8E7E1788726
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\perspective.txt	ASCII text	3D7AD135E0E92C0FAD9AA101ECAD74BE	CB90F01B198FB72CF17A40869AA509B229F4272E	F2D95D0F41F7BC2D30ED2ECAB47A4009683549C2B083072DA76DC6141BA7DFCB
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\picasso.txt	ASCII text	B93EE242A4656B984943F5D5FFCBE4AF	B7E4030D1B27CBFD8000906D27879D38E2D32466	C7517E0F5A192839CC1DCBFB8B7683C0D94A5B56D3555937E6115C528574F057
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\puzzle.txt	ASCII text	68DD3F3D81E76FC40E29B252C61431EC	9B86DBC0EFB2789AA5574A33CE2ECB4DD0960B1C	BB7DFF737621F4BEBB2B8241767186C8379F309721605D18FC96A7E8F9D6E121
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\rails.txt	ASCII text	751E2AFEB78826415EAD9F1AA34180B3	DEBC1A910993046E1C1C43CD1E7D062D7CE576EB	C92D5DBD140920A16CF631841149B8B39D2CACCFE03BD0058703354F892F47E4
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\rain.txt	ASCII text	B1C441A6790FB40CEBFBF41585C1CB0F	0275A0B6D538377799A122A0F50371C21887CBAB	0FFE8CD9F5A59BA1A2DC37E25606E7F7121A4CB1B4F007A72C6445AE8F7B45BC
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\rainbow.txt	ASCII text	CCE7E16C413B30E7264134AA671DA3DF	F2E057EE3CFC8E83561B82CE4DF125C67B949B94	71F77764250C504802EF22D1CE60625D241D92DE98DD1CBEE9058C381789849C
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\real_rainbow.txt	ASCII text	A8F84C05E33A3C0EC631ABFED0555BB5	E8E15C51DA186D71C2F822323D163EBB72D99076	27BD65C57258B53EF6CD44F69B4944E71C1B6007BCE3F1CE26201037FA6F22C4
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\ripples.txt	ASCII text	695185CEC436A305A6A1F73269DC4C1B	91AC251350BD63E8D14AEB63F70314A6A1D1E93C	B73D9A2D2866AFA5C984C4EBCC6380B51A589CD1089EEDFC7C2436F4A4025C94
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\rosette.txt	ASCII text	79F3AC2E0100177A14F4A94F80A8A5A7	2EF4878B74D9027B793794CF88C2EF7F6535E6B8	2B1F9FD86E60B16A43E35101536780EE030A82FF80FC36806567CC6CC1A52C48
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\roygbiv_rainbow.txt	ASCII text	E0940966DA0DDF5849A46AF0E1647F17	67C1235D271219E445C4E5A26A6843CF3C415EC6	31E05A528F1CC2959D84E254C5C18043A7DD9CBAEA1CC4371A7A9CC14B8734EB
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\sharpen.txt	ASCII text	7F7465C9077D81E24F1969240998E340	258794261A9711108683C1C01A8A6F1B25996A76	31A45BCF792530ADAE87E14A86D6D7AF6999D0218C451D08059A9230C889DCED
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\shift.txt	ASCII text	D23051AD95755D6EF1D4C185B3E02F9B	E6D15D0ECC28F6A7C403D8644854441DE22D9F9A	36136626E33BA48B3C40EE326107163C884575868D4A233E272D43E682E1044B
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\silhouette.txt	ASCII text	E59BB4347A0AB8C17D26F8820B164DEF	4049C72FCA8D14ADA09BF5201503F7BAD9671899	3B3F8F98101D7FFE836BCF92C54B8A5FA10B9C7941EE6DAD016F3F71FDD4E22E
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\smudge.txt	ASCII text	AB128A20C7AC0D8C74E37458B44A46E7	9C05E5AB24F65D7E51737F474754D284EDEA9A6D	46A6AF4FF6612736930FCD81E8DC4A1CD3A4D85AFA69E4B6543B5A1DBE733AF2
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\snow_ball.txt	ASCII text	FE1BFED86E124C5E0F7720FFE9B14A8B	C48C068CFF52BA67EBA175FCA969C59DFF70A650	64A86FBEEC4A550D548D9457726103EC33B0D52F3B74A4F91FC2605CAE1E2DF5
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\snow_flake.txt	ASCII text	306BBFDC8F2A921395C164CA69245F1C	CC8F248A6C656B773151C0C86A840B6B259D5798	2FE1C355486F1C930417D9FEA2F8A282A836068ECF287D52CB15412BB93CA99A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\square_mosaic.txt	ASCII text	1DF96BC96A8ADF618CFCE49303242001	6EB16208A4ED24567DAAD6D09DF40938D3763AEF	28AC37A3717719CAD509A232B546099D5BCC07619380572B580EB3C9737CC2BD
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\string_corner.txt	ASCII text	973D678137EBA9B145A11178B43ECC56	980504614D66B6308785EB85CB3445DCC251B2FB	37B2B1BBD1C84DC84152A8764E4A37275558DBCF3F8A82589418AB4F7D5E1BF3
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\string_edges.txt	ASCII text	0A83801A712F4EF6417B1331E8A41843	33DD0E7603F0034EB5FDD3CEEDB85D782DF85441	2C1A97D788BAFBFB6CF754542C4C560113BA2074250DD0104C957476C62B31A9
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\string_v.txt	ASCII text	602EC3FE63BF71AEC9A0B3771EA04DAD	6C25D257D8502CB2B2FAD4CE776D0FB727650863	D6F98368867847CE93990AB2F2D6270D896C2EA9919E55DD0C5D840EC54134F1
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\symmetry_left_right.txt	ASCII text	8022BE3E6548577343A3F74A551C5246	F67CD6F5974AF71BE43BD470423570FB9AA85B97	B4F5E6D024723525517F3F49DEEB179F1E05050B35F03AABC1BDDEEE5F3F5665
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\symmetry_up_down.txt	ASCII text	20F4B24DCF6FA97FFE62A6857AEBD86A	E2C0B33DFE2DD55BDB01BA8A8870B30553D3CFF0	16A0289C29776B119C5F8570F842557F6B15663BC354412303CCAA101B6A91F0
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\tiles.txt	ASCII text	73ACAB989AEA7E8A8F10CA5F9E97A8F4	BBD4AC9CEF740A4ACF7D5A7F0FFCFDC6DAD88163	A771C11F85E76FB45D4F67252950248B6699F6238B91776E039363FB439A98FD
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\tint.txt	ASCII text	765270E6FADE9D32D4B6BEBC293242FC	37B297036EEDFD52EC33BF8C4601E027FC1F3A39	89E4299F1A27D276A373B80DCA5CC7E2FB731400DF0E89BBBAD50F1097ED706F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\toothpaste.txt	ASCII text	202BEC6462088BBF0A6121351090F46D	EF824241CCF1310A32FA3FA423B7CC80BB1F3DBA	A2CAADE38521FCD105B4E8F781834BBAFA5BBC30D3BAF3F323EE08EEA115D830
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\tornado.txt	ASCII text	0F8760CA44E7B6D963BF7F0C443A6854	63BC38068B8C581E630F2DF0ECBD30972FE270D5	E73E804BFF93357161855792043E5090E0D816B93106F18DABD625F34C513FCD
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\tv.txt	ASCII text	C3A557A787221A7D738738D090A9FC59	EBD5D01B8BCE2E84A8FEFD9EDE5DE648995A3875	44BD3BDDE8BF767B08294A14A87077EF9C8027EC89F3C20B85CC5B0D3044B420
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\wavelets.txt	ASCII text	725C12A67B6730DA9C4F3E2C08EEFEB2	32A867CAF917051B055A6DD0B41A24BF3BDBFE40	C1B109FDEAF3C0F38361262763056DEACBA2B5F483B64F7383ED5D9EA26E3AE8
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\waves.txt	ASCII text	57FA403D643F79C250C31D6A4C71FDD3	6082E31D083D9697C117877D8229169D867A78A1	432319D7BB7779B750AF265A2973994F267C540A2D166B1839139CBA434CC834
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\wet_paint.txt	ASCII text	509A76C89D17CEF6BCF5ED0394A6B9A2	9A23AA47BE8F9AF2E2B45DA1061FD6EFBA7C0C3C	5EAA01D467D62A4A58D103E7CA714CD9C573EA0ED86D114B8C8518E23466B03A
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\xor_colors.txt	ASCII text	581966F537712784171DA7B9883DC4FA	C2991F67E461126F25EFEA403792024C4D43201A	2B25148BC5DFC83A16FE060F8BC52F89FD6C696300FD64D74123A8447CF78261
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\en\magic-docs\zoom.txt	ASCII text	36F258D3683EFE60E4BCA87C8BEE2B0E	DB0930CC1C3D20F97EE7CE1C1577E4F0750ABF4E	A08BF4FE137AE62CB47776ADFE2B90C6D4FC76F00F67134CC3800E223580AF6F
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libSDL_Pango-1.dll	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows	EAE2C36DAB8AE8FB7273B2307CD0BE49	E2966947DFF207BA73EA465A79D971326367ED1B	DBB720F337D37C107CAC14F910B3DB28E60D1A912DEBA07846761FE880A5DE19
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libbrotlidec.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	0BCC517AF8E0F73CF0B1863536E0A591	0BE071F9780C6C697CEE43C3A90470EAD99546E7	CA6B50372557601F9EF91BB1A2C2AB78D08B08596786DD1118652FCC0AADBD43
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libcairo-gobject-2.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	79BA6B263D08C24BDAC0F1F7CE91C21D	20BBDD1224694C95BA86818C479923A3378D5B7A	E6801B3A80D083CE7A82EEAF55D5880BD03275B47FD8D9E67ED79D1E6EE25401
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libdatrie-1.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	CEEF3CD26F26965D82B6BE00D075852C	A5E8B23EF866DDE6B7C330E4E5D1D2D2EC848873	1BEC26B9301CB62FC9124E5806B35A082AA84D377FA736F99ABB3D777AAB4ED7
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libffi-7.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	7FAF3CFD92A45FF1698BECEFF728E1C4	C4CAF2E17C45838BD03FCB4F89C7627F7206AF0B	DCD7CD21362E97F0318CE322EE68FB47E2F33778DD17A7F48F2E1B5213A9F6AE
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libgmodule-2.0-0.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	9CA7C5438098C3C8D44622B7DC648C66	8B40576E37866B8B7CDF77F2D4549F162B407AA1	C6BFD9953C67B6ED467EDF156EC398B56A27C3BF39ACC5BA0844A3867C977023
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libimpl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	85250FF1BD2FCE62AFF79F9EC79432E3	44E82C31EE12F6E4D636B8FC018C70B9C6DC1C14	42095BD54B3D1FDC2D1E907280AD053E12BA5D54D7D7AA291BFCE98799945539
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libpangocairo-1.0-0.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	E45AA155208635B51B987C7AD27D1DDB	E769DF6CC1CFB8329821A501DC490A124AF13904	BD8681A0699B98C71FAA6F9782A5A6FF526EC72FE9D822DF679FA8ECC3B6FD04
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\libwinpthread-1.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	788444CDFAC8481D99602FE6D0F38B04	9AD80FF423FFACD814CF3015B858C8120A5A7638	E722E34BF4B4F9C942D1EDF4362CF599538CF939C7CDEAA8E8998E678A970903
C:\Users\user\AppData\Roaming\MySqlConsoleComponents\report.csv	data	AC8E6F5E04516614C5ADC164581DBE70	75481C4F518BD53367A3BFE5880CF3057E4C5540	54F6A91B232B4CD7722321777A8C065B6963638C4EDB8ACFC3CB5132FE6616AB

Analysis Report PURCHASE ORDER.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map

Contacted URLs