Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Request for Tender Quotation.exe

Overview

General Information

Sample name:Request for Tender Quotation.exe
Analysis ID:1516760
MD5:86d8eb475db8a7b47c95238a32176b8c
SHA1:0c002a06936084477f6a5e9ac61ce5273881f2db
SHA256:55dd90013201853f29bb56e9e832f1a6483da1d154e500b7d08c86335e7f037b
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Request for Tender Quotation.exe (PID: 4512 cmdline: "C:\Users\user\Desktop\Request for Tender Quotation.exe" MD5: 86D8EB475DB8A7B47C95238A32176B8C)
    • powershell.exe (PID: 2448 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5780 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7504 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 5476 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • BtsoqoHwldFQNw.exe (PID: 7448 cmdline: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe MD5: 86D8EB475DB8A7B47C95238A32176B8C)
    • schtasks.exe (PID: 7660 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BtsoqoHwldFQNw.exe (PID: 7756 cmdline: "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe" MD5: 86D8EB475DB8A7B47C95238A32176B8C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["198.12.90.244:49780"], "Bot Id": "success", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.3422027027.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000000A.00000002.3422027027.0000000000425000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.2212400913.00000000042D9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Request for Tender Quotation.exe.436e640.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0.2.Request for Tender Quotation.exe.436e640.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                0.2.Request for Tender Quotation.exe.43b9860.3.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.Request for Tender Quotation.exe.43b9860.3.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for Tender Quotation.exe", ParentImage: C:\Users\user\Desktop\Request for Tender Quotation.exe, ParentProcessId: 4512, ParentProcessName: Request for Tender Quotation.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", ProcessId: 2448, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for Tender Quotation.exe", ParentImage: C:\Users\user\Desktop\Request for Tender Quotation.exe, ParentProcessId: 4512, ParentProcessName: Request for Tender Quotation.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", ProcessId: 2448, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe, ParentImage: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe, ParentProcessId: 7448, ParentProcessName: BtsoqoHwldFQNw.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp", ProcessId: 7660, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for Tender Quotation.exe", ParentImage: C:\Users\user\Desktop\Request for Tender Quotation.exe, ParentProcessId: 4512, ParentProcessName: Request for Tender Quotation.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp", ProcessId: 5476, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for Tender Quotation.exe", ParentImage: C:\Users\user\Desktop\Request for Tender Quotation.exe, ParentProcessId: 4512, ParentProcessName: Request for Tender Quotation.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe", ProcessId: 2448, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Request for Tender Quotation.exe", ParentImage: C:\Users\user\Desktop\Request for Tender Quotation.exe, ParentProcessId: 4512, ParentProcessName: Request for Tender Quotation.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp", ProcessId: 5476, ProcessName: schtasks.exe

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Request for Tender Quotation.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeAvira: detection malicious, Label: HEUR/AGEN.1306777
                    Found malware configuration
                    Source: 0.2.Request for Tender Quotation.exe.43b9860.3.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["198.12.90.244:49780"], "Bot Id": "success", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeReversingLabs: Detection: 47%
                    Multi AV Scanner detection for submitted file
                    Source: Request for Tender Quotation.exeReversingLabs: Detection: 47%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Request for Tender Quotation.exeJoe Sandbox ML: detected
                    Source: Request for Tender Quotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Request for Tender Quotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.0000000001594000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb0 source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001901000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.0000000001586000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\System.ServiceModel.pdbY source: BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.0000000001594000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 4x nop then jmp 0777BDEBh0_2_0777BEFD
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 4x nop then jmp 0763B053h11_2_0763B165

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 198.12.90.244:49780
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 198.12.90.244 ports 0,4,7,8,9,49780
                    Source: global trafficTCP traffic: 192.168.2.5:49732 -> 198.12.90.244:49780
                    Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: unknownTCP traffic detected without corresponding DNS query: 198.12.90.244
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2210989615.0000000003324000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000B.00000002.2291032391.0000000003054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000357C000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000352E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003668000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000361A000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000035CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Ent
                    Source: BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000035CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9LR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000042D9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3422027027.0000000000425000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip

                    System Summary

                    barindex
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Request for Tender Quotation.exe
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_014342380_2_01434238
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_014372910_2_01437291
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_07771B000_2_07771B00
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077729F00_2_077729F0
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077756280_2_07775628
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077756180_2_07775618
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077775400_2_07777540
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_0777753F0_2_0777753F
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077771080_2_07777108
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077770F90_2_077770F9
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_07777EF00_2_07777EF0
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_07774A780_2_07774A78
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_07775A600_2_07775A60
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_077729E10_2_077729E1
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_0777D87C0_2_0777D87C
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 10_2_016FDC7410_2_016FDC74
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0147423811_2_01474238
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0147729111_2_01477291
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_054D0D5811_2_054D0D58
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_054D170811_2_054D1708
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_054D171811_2_054D1718
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_07631B0011_2_07631B00
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_076329F011_2_076329F0
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763562811_2_07635628
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763561811_2_07635618
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763754011_2_07637540
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763753F11_2_0763753F
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763710811_2_07637108
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_076370F911_2_076370F9
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_07637EF011_2_07637EF0
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_07635A6011_2_07635A60
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_07634A7811_2_07634A78
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_07635A5011_2_07635A50
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_076329E111_2_076329E1
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763C98411_2_0763C984
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763299011_2_07632990
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_0187DC7415_2_0187DC74
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_057CEE5815_2_057CEE58
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_057C885015_2_057C8850
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_057C004015_2_057C0040
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_057C001B15_2_057C001B
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_057C884015_2_057C8840
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2210989615.00000000032D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000000.2157410145.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewEdG.exe4 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2212400913.000000000457E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2212400913.000000000457E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2218178464.0000000008710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2209099163.000000000144E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exeBinary or memory string: OriginalFilenamewEdG.exe4 vs Request for Tender Quotation.exe
                    Source: Request for Tender Quotation.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Request for Tender Quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: BtsoqoHwldFQNw.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, daT0KqK7FojnsTUp9J.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, IfGbZh27ZJymHMFGHY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, IfGbZh27ZJymHMFGHY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, IfGbZh27ZJymHMFGHY.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, IfGbZh27ZJymHMFGHY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, IfGbZh27ZJymHMFGHY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, IfGbZh27ZJymHMFGHY.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, daT0KqK7FojnsTUp9J.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@21/15@0/1
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeFile created: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4112:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6200:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMutant created: \Sessions\1\BaseNamedObjects\xBissayiDEPUFvqGNBhP
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7228:120:WilError_03
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeFile created: C:\Users\user\AppData\Local\Temp\tmp8B7B.tmpJump to behavior
                    Source: Request for Tender Quotation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Request for Tender Quotation.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeFile read: C:\Windows\win.iniJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Request for Tender Quotation.exeReversingLabs: Detection: 47%
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeFile read: C:\Users\user\Desktop\Request for Tender Quotation.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess created: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess created: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: dataexchange.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: d3d11.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: dcomp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: dataexchange.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: d3d11.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: dcomp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: msvcp140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Request for Tender Quotation.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Request for Tender Quotation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.0000000001594000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb0 source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001901000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.0000000001586000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\System.ServiceModel.pdbY source: BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.0000000001594000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.0000000001866000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.Request for Tender Quotation.exe.75f0000.4.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, IfGbZh27ZJymHMFGHY.cs.Net Code: Urs7rFEYg5 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, IfGbZh27ZJymHMFGHY.cs.Net Code: Urs7rFEYg5 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Request for Tender Quotation.exe.3308ad4.0.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
                    Source: 11.2.BtsoqoHwldFQNw.exe.3038ab0.0.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeCode function: 0_2_0777A173 push eax; retf 0_2_0777A175
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_054D27E2 pushfd ; iretd 11_2_054D27F9
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_054D33C5 pushfd ; iretd 11_2_054D33CD
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_054DF8F0 pushfd ; ret 11_2_054DF8F9
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763A672 pushad ; retf 11_2_0763A679
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763A6B0 pushad ; retf 11_2_0763A679
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 11_2_0763AB22 pushad ; iretd 11_2_0763AB29
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeCode function: 15_2_057CD442 push eax; ret 15_2_057CD451
                    Source: Request for Tender Quotation.exeStatic PE information: section name: .text entropy: 7.82807161657414
                    Source: BtsoqoHwldFQNw.exe.0.drStatic PE information: section name: .text entropy: 7.82807161657414
                    Source: 0.2.Request for Tender Quotation.exe.75f0000.4.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
                    Source: 0.2.Request for Tender Quotation.exe.75f0000.4.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, tE10bASu1JFjvvmW07.csHigh entropy of concatenated method names: 'TAEeohkiwT', 's9HebPenZP', 'uR3erA8Zis', 'ivGeww5HFL', 'Yj2ecv7suk', 'dQeeUOh36l', 'GqQeOGEZGW', 'tSVeK8fb9f', 'Ow8evO324l', 'mIceJpOlwN'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, reNnnsaAMMvKYOoAIC.csHigh entropy of concatenated method names: 'udrEybuILZ', 'R9aEYj2O6L', 'AZBEuJxVgL', 'TciEefgkZb', 'zhAE2OTOPI', 'crbuHuXhfj', 'uFru1vnWCK', 'wuCuAvv2LP', 'HqduiDaWyG', 'QcMuxGdpn2'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, Lf9yOQvx6XQCc7oSXN.csHigh entropy of concatenated method names: 'QZdXwTd45C', 'GMIXUn25Nj', 'vHyXKhqGGm', 'k8TXvjCyHA', 'AdnXtlRaWd', 'tH2Xl46lZn', 'fEZXgDYBRk', 'NsxXGGtt88', 'saUXD8EdOM', 'mYlXRKcwN1'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, kgyWVXijm5N6NQYjHj.csHigh entropy of concatenated method names: 'hFOGB4d3DV', 'QjsGYsMOLL', 'GpnGXb4UYX', 'TE2GuEesXM', 'nLRGEqCNDP', 'NcmGeafMXb', 'FXUG2dfCn7', 'ahcGCMBBDB', 'deOGTPSb19', 'ND5GsSnqWV'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, TMCtjF01gufRCarAV7.csHigh entropy of concatenated method names: 'sAGtZC1WoE', 'MeqtqOSYvu', 'JPBt0knCwq', 'TMCt6nRWQR', 'LhothNvSWH', 'VWutLQ7l3n', 'C8ItMOEHJQ', 'Me4tkVfe45', 'AfVtPu0Y6G', 'h9ctnJafa1'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, AXcclwYQkkov6ttZMK.csHigh entropy of concatenated method names: 'Dispose', 'AHvQxG3Zcc', 'N0NFh4WLfx', 'QoFAAv9ELt', 'y2gQ9yWVXj', 'O5NQz6NQYj', 'ProcessDialogKey', 'UjVFVvHVqo', 'W3PFQB5JZp', 'oKBFFRYvSM'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, avHVqoxi3PB5JZpjKB.csHigh entropy of concatenated method names: 'KghGaZTqOX', 'k0LGhlwVMW', 'Yj3GLcXnJA', 'W6mGMJcJhc', 'iesG0Fcu59', 'kscGkOl8XZ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, XdFeYY8gBs1yRrivQO.csHigh entropy of concatenated method names: 'ErjjKULt5g', 'BI8jvhqydC', 'ThQjaFnKtl', 'h0GjhDyxS2', 'grvjM5KcQd', 'uVDjkftUP7', 'X6ajnOgypn', 'U3gj3t5elQ', 'GYejZxDG4B', 'kCYjmKEZ7i'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, PFTbecQVRiVyeM7dFOA.csHigh entropy of concatenated method names: 'uv5Do4J4pE', 'jrhDbpUUAO', 'uUsDrj9xHc', 'ONiDwuffX1', 'uTQDcOwaPM', 'mUSDUqciP0', 'S6nDOG3jt9', 'LnADKCgSvy', 'jqaDv9f36b', 'jYuDJlIZt7'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, Ba3k1qJLNGTNSgT7fr.csHigh entropy of concatenated method names: 'RFbuchGLVV', 'USOuOlxQND', 'a5RXLu6ts4', 'A6qXMRcRDp', 'AxHXke8Gqn', 'P5uXPecCda', 'mKUXndjiPf', 'Q2vX3aP96m', 'yjsXSxapUK', 'xNlXZDhBWx'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, TACZNfPi4y4hMeDm41.csHigh entropy of concatenated method names: 'Q0CEIRqt8d', 'PWiEN5DoyY', 'AXtEH3mBWi', 'ToString', 'J0UE1fvRKE', 'wZjEABX1P5', 'QPXsJPSBcy4N2Qa1Ghb', 'SeeFyCSj32QvYWnFmt5', 'vo44KOSIdPlpr3tKdVy'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, nJTN3LhDNWlQs3fa4i.csHigh entropy of concatenated method names: 'kYWmVoSMhB0kgw10iso', 'KjXswkSHYKY07OdjEAQ', 'MN5EGnWPGL', 'iBnEDDM7nu', 'gnOERAEs6y', 'ywu1ZySKUxulkBAikCM', 'xoQNsbS79R2kscSTVOu', 'tyhUjASPXp3ddFExtqI'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, hFRLn4M4SXuLJoCxSr.csHigh entropy of concatenated method names: 'qFOEWhcL6y', 'KqOEotQ8KL', 'MHmErxm0QN', 'IugEwajFPs', 'aauEUEJ9Cy', 'ytKEOMIq7y', 'FGLEvLhkbc', 'bNyEJUMfYF', 'gVPNkASkURecUg5cEcL', 'qoV1nWS8BV0cXZOu9Xu'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, tsDgAnFortVxnjhMDD.csHigh entropy of concatenated method names: 'poYr0HZ7S', 'biNwMnZxX', 'hqSUgcXwq', 'fJiO9rTtH', 'GgWvA1Aj1', 'NuDJRYa2e', 'jrEXCTb64Q7WD8IYvl', 'k2YwwxJQ86c74kR0Og', 'KkkGjeChb', 'yaMRZC8CM'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, Bpr3QgNjOyLYLPaXT8.csHigh entropy of concatenated method names: 'JgogTTdHoB', 'oRVgsBAQJ3', 'ToString', 'MGvgBCn5WW', 'kkpgYyKbmF', 'W0VgXInwuB', 'QprguZOuY7', 'vIhgEesqpb', 'NktgePrDtL', 'WMwg2hAnQ3'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, sTsuRx7RqOKJmfu5Z4.csHigh entropy of concatenated method names: 'lC7QeaT0Kq', 'dFoQ2jnsTU', 'bx6QTXQCc7', 'xSXQsNUa3k', 'pT7QtfrGeN', 'LnsQlAMMvK', 'uiUC392C7muJtDAlNf', 's9eCCSvwGgkEIDOZF4', 'OKrQQQJMeA', 'BUWQdJMXYt'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, kJy4dRnCIXPcsdwIV2.csHigh entropy of concatenated method names: 'FADeBD2W4q', 't0YeX6GOhQ', 'aaSeERKxAH', 'zmLE9KyMFJ', 'rNoEzNRiM1', 'QBmeVf3t21', 'vHieQRYbdN', 'KTaeFFOHpl', 'oY2edc5FMI', 'DZWe7uOHD3'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, iSIHUl1pH54JhDfeqs.csHigh entropy of concatenated method names: 'S7cgiSv1vI', 'XqNg9nxX89', 'lM7GVhyKmT', 'gGrGQwnl7Y', 'l7Ggm3lVOs', 'qT3gqxlx6B', 'idyg8dXft4', 'G1qg0SrtyX', 'rJ8g6GjmeC', 'hyTgIkdHAR'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, UOWwNrQdesGSW7miGjH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CltR0IUIRy', 'oBiR61V1hA', 'kxPRIHDUgH', 'ggjRN9LEqk', 'lXoRHZbfk4', 'kDcR1t9n80', 'jmkRA8ynDF'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, daT0KqK7FojnsTUp9J.csHigh entropy of concatenated method names: 'P6JY0VlhxM', 'x0iY6KL3b8', 'EbkYIGQ9BC', 'oSqYNGZ9bS', 'kFxYHvQAin', 'taVY1Qk2Cu', 'SN2YAg0E9K', 'BruYi4cdKo', 'JCeYxtUiqw', 'VOLY9DsCsy'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, IfGbZh27ZJymHMFGHY.csHigh entropy of concatenated method names: 'NZidyMd1GY', 'UVFdBHAyDM', 'NNpdYqF4s9', 'tTrdXW8JIF', 'BnlduQl9qp', 'lusdEOwnaW', 'HOUde2wyju', 'JOTd2s07pk', 'laTdCBiBV3', 'WW7dTMbQM3'
                    Source: 0.2.Request for Tender Quotation.exe.8710000.5.raw.unpack, sYvSMm9fkS5lVWuTnW.csHigh entropy of concatenated method names: 'qbpDQq1CBY', 'ShuDdgrP7U', 'bh8D7nx9Bq', 'mbrDBKuvnH', 'IuMDYLl8gC', 'KunDun5bDy', 'scNDE2PJUF', 'bdyGAJACKW', 'lLoGisC8h2', 'DIpGxKwAeC'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, tE10bASu1JFjvvmW07.csHigh entropy of concatenated method names: 'TAEeohkiwT', 's9HebPenZP', 'uR3erA8Zis', 'ivGeww5HFL', 'Yj2ecv7suk', 'dQeeUOh36l', 'GqQeOGEZGW', 'tSVeK8fb9f', 'Ow8evO324l', 'mIceJpOlwN'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, reNnnsaAMMvKYOoAIC.csHigh entropy of concatenated method names: 'udrEybuILZ', 'R9aEYj2O6L', 'AZBEuJxVgL', 'TciEefgkZb', 'zhAE2OTOPI', 'crbuHuXhfj', 'uFru1vnWCK', 'wuCuAvv2LP', 'HqduiDaWyG', 'QcMuxGdpn2'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, Lf9yOQvx6XQCc7oSXN.csHigh entropy of concatenated method names: 'QZdXwTd45C', 'GMIXUn25Nj', 'vHyXKhqGGm', 'k8TXvjCyHA', 'AdnXtlRaWd', 'tH2Xl46lZn', 'fEZXgDYBRk', 'NsxXGGtt88', 'saUXD8EdOM', 'mYlXRKcwN1'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, kgyWVXijm5N6NQYjHj.csHigh entropy of concatenated method names: 'hFOGB4d3DV', 'QjsGYsMOLL', 'GpnGXb4UYX', 'TE2GuEesXM', 'nLRGEqCNDP', 'NcmGeafMXb', 'FXUG2dfCn7', 'ahcGCMBBDB', 'deOGTPSb19', 'ND5GsSnqWV'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, TMCtjF01gufRCarAV7.csHigh entropy of concatenated method names: 'sAGtZC1WoE', 'MeqtqOSYvu', 'JPBt0knCwq', 'TMCt6nRWQR', 'LhothNvSWH', 'VWutLQ7l3n', 'C8ItMOEHJQ', 'Me4tkVfe45', 'AfVtPu0Y6G', 'h9ctnJafa1'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, AXcclwYQkkov6ttZMK.csHigh entropy of concatenated method names: 'Dispose', 'AHvQxG3Zcc', 'N0NFh4WLfx', 'QoFAAv9ELt', 'y2gQ9yWVXj', 'O5NQz6NQYj', 'ProcessDialogKey', 'UjVFVvHVqo', 'W3PFQB5JZp', 'oKBFFRYvSM'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, avHVqoxi3PB5JZpjKB.csHigh entropy of concatenated method names: 'KghGaZTqOX', 'k0LGhlwVMW', 'Yj3GLcXnJA', 'W6mGMJcJhc', 'iesG0Fcu59', 'kscGkOl8XZ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, XdFeYY8gBs1yRrivQO.csHigh entropy of concatenated method names: 'ErjjKULt5g', 'BI8jvhqydC', 'ThQjaFnKtl', 'h0GjhDyxS2', 'grvjM5KcQd', 'uVDjkftUP7', 'X6ajnOgypn', 'U3gj3t5elQ', 'GYejZxDG4B', 'kCYjmKEZ7i'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, PFTbecQVRiVyeM7dFOA.csHigh entropy of concatenated method names: 'uv5Do4J4pE', 'jrhDbpUUAO', 'uUsDrj9xHc', 'ONiDwuffX1', 'uTQDcOwaPM', 'mUSDUqciP0', 'S6nDOG3jt9', 'LnADKCgSvy', 'jqaDv9f36b', 'jYuDJlIZt7'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, Ba3k1qJLNGTNSgT7fr.csHigh entropy of concatenated method names: 'RFbuchGLVV', 'USOuOlxQND', 'a5RXLu6ts4', 'A6qXMRcRDp', 'AxHXke8Gqn', 'P5uXPecCda', 'mKUXndjiPf', 'Q2vX3aP96m', 'yjsXSxapUK', 'xNlXZDhBWx'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, TACZNfPi4y4hMeDm41.csHigh entropy of concatenated method names: 'Q0CEIRqt8d', 'PWiEN5DoyY', 'AXtEH3mBWi', 'ToString', 'J0UE1fvRKE', 'wZjEABX1P5', 'QPXsJPSBcy4N2Qa1Ghb', 'SeeFyCSj32QvYWnFmt5', 'vo44KOSIdPlpr3tKdVy'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, nJTN3LhDNWlQs3fa4i.csHigh entropy of concatenated method names: 'kYWmVoSMhB0kgw10iso', 'KjXswkSHYKY07OdjEAQ', 'MN5EGnWPGL', 'iBnEDDM7nu', 'gnOERAEs6y', 'ywu1ZySKUxulkBAikCM', 'xoQNsbS79R2kscSTVOu', 'tyhUjASPXp3ddFExtqI'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, hFRLn4M4SXuLJoCxSr.csHigh entropy of concatenated method names: 'qFOEWhcL6y', 'KqOEotQ8KL', 'MHmErxm0QN', 'IugEwajFPs', 'aauEUEJ9Cy', 'ytKEOMIq7y', 'FGLEvLhkbc', 'bNyEJUMfYF', 'gVPNkASkURecUg5cEcL', 'qoV1nWS8BV0cXZOu9Xu'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, tsDgAnFortVxnjhMDD.csHigh entropy of concatenated method names: 'poYr0HZ7S', 'biNwMnZxX', 'hqSUgcXwq', 'fJiO9rTtH', 'GgWvA1Aj1', 'NuDJRYa2e', 'jrEXCTb64Q7WD8IYvl', 'k2YwwxJQ86c74kR0Og', 'KkkGjeChb', 'yaMRZC8CM'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, Bpr3QgNjOyLYLPaXT8.csHigh entropy of concatenated method names: 'JgogTTdHoB', 'oRVgsBAQJ3', 'ToString', 'MGvgBCn5WW', 'kkpgYyKbmF', 'W0VgXInwuB', 'QprguZOuY7', 'vIhgEesqpb', 'NktgePrDtL', 'WMwg2hAnQ3'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, sTsuRx7RqOKJmfu5Z4.csHigh entropy of concatenated method names: 'lC7QeaT0Kq', 'dFoQ2jnsTU', 'bx6QTXQCc7', 'xSXQsNUa3k', 'pT7QtfrGeN', 'LnsQlAMMvK', 'uiUC392C7muJtDAlNf', 's9eCCSvwGgkEIDOZF4', 'OKrQQQJMeA', 'BUWQdJMXYt'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, kJy4dRnCIXPcsdwIV2.csHigh entropy of concatenated method names: 'FADeBD2W4q', 't0YeX6GOhQ', 'aaSeERKxAH', 'zmLE9KyMFJ', 'rNoEzNRiM1', 'QBmeVf3t21', 'vHieQRYbdN', 'KTaeFFOHpl', 'oY2edc5FMI', 'DZWe7uOHD3'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, iSIHUl1pH54JhDfeqs.csHigh entropy of concatenated method names: 'S7cgiSv1vI', 'XqNg9nxX89', 'lM7GVhyKmT', 'gGrGQwnl7Y', 'l7Ggm3lVOs', 'qT3gqxlx6B', 'idyg8dXft4', 'G1qg0SrtyX', 'rJ8g6GjmeC', 'hyTgIkdHAR'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, UOWwNrQdesGSW7miGjH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CltR0IUIRy', 'oBiR61V1hA', 'kxPRIHDUgH', 'ggjRN9LEqk', 'lXoRHZbfk4', 'kDcR1t9n80', 'jmkRA8ynDF'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, daT0KqK7FojnsTUp9J.csHigh entropy of concatenated method names: 'P6JY0VlhxM', 'x0iY6KL3b8', 'EbkYIGQ9BC', 'oSqYNGZ9bS', 'kFxYHvQAin', 'taVY1Qk2Cu', 'SN2YAg0E9K', 'BruYi4cdKo', 'JCeYxtUiqw', 'VOLY9DsCsy'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, IfGbZh27ZJymHMFGHY.csHigh entropy of concatenated method names: 'NZidyMd1GY', 'UVFdBHAyDM', 'NNpdYqF4s9', 'tTrdXW8JIF', 'BnlduQl9qp', 'lusdEOwnaW', 'HOUde2wyju', 'JOTd2s07pk', 'laTdCBiBV3', 'WW7dTMbQM3'
                    Source: 0.2.Request for Tender Quotation.exe.45aab90.2.raw.unpack, sYvSMm9fkS5lVWuTnW.csHigh entropy of concatenated method names: 'qbpDQq1CBY', 'ShuDdgrP7U', 'bh8D7nx9Bq', 'mbrDBKuvnH', 'IuMDYLl8gC', 'KunDun5bDy', 'scNDE2PJUF', 'bdyGAJACKW', 'lLoGisC8h2', 'DIpGxKwAeC'
                    Source: 0.2.Request for Tender Quotation.exe.3308ad4.0.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
                    Source: 0.2.Request for Tender Quotation.exe.3308ad4.0.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
                    Source: 11.2.BtsoqoHwldFQNw.exe.3038ab0.0.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
                    Source: 11.2.BtsoqoHwldFQNw.exe.3038ab0.0.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeFile created: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Request for Tender Quotation.exe PID: 4512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BtsoqoHwldFQNw.exe PID: 7448, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 88E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 98E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 9AB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: AAB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 16F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 34F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: 1750000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 1440000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 3000000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 7D30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 8D30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 8EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 9EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 1870000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 3290000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory allocated: 31A0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8071Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1450Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7543Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1981Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exe TID: 5852Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7360Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7396Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exe TID: 7376Thread sleep time: -75000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe TID: 7472Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe TID: 7760Thread sleep time: -75000s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: Request for Tender Quotation.exe, 00000000.00000002.2212400913.000000000457E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 00000000.00000002.2218178464.0000000008710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VRVRsHGFsR
                    Source: Request for Tender Quotation.exe, 0000000A.00000002.3424586120.00000000018CB000.00000004.00000020.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3422939745.00000000014E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe"
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeMemory written: C:\Users\user\Desktop\Request for Tender Quotation.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeMemory written: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeProcess created: C:\Users\user\Desktop\Request for Tender Quotation.exe "C:\Users\user\Desktop\Request for Tender Quotation.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeProcess created: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Users\user\Desktop\Request for Tender Quotation.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Users\user\Desktop\Request for Tender Quotation.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Request for Tender Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.436e640.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.436e640.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.43b9860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.43b9860.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000002.3422027027.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.3422027027.0000000000425000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2212400913.00000000042D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Request for Tender Quotation.exe PID: 4512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Request for Tender Quotation.exe PID: 7372, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.436e640.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.436e640.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.43b9860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Tender Quotation.exe.43b9860.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000002.3422027027.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.3422027027.0000000000425000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2212400913.00000000042D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Request for Tender Quotation.exe PID: 4512, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Request for Tender Quotation.exe PID: 7372, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping11
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		31
                    Virtualization/Sandbox Evasion                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials12
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1516760 Sample: Request for Tender Quotation.exe Startdate: 24/09/2024 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 Sigma detected: Scheduled temp file as task from temp location 2->51 53 12 other signatures 2->53 7 Request for Tender Quotation.exe 7 2->7         started        11 BtsoqoHwldFQNw.exe 5 2->11         started        process3 file4 37 C:\Users\user\AppData\...\BtsoqoHwldFQNw.exe, PE32 7->37 dropped 39 C:\...\BtsoqoHwldFQNw.exe:Zone.Identifier, ASCII 7->39 dropped 41 C:\Users\user\AppData\Local\...\tmp8B7B.tmp, XML 7->41 dropped 43 C:\...\Request for Tender Quotation.exe.log, ASCII 7->43 dropped 55 Adds a directory exclusion to Windows Defender 7->55 57 Injects a PE file into a foreign processes 7->57 13 powershell.exe 23 7->13         started        16 powershell.exe 23 7->16         started        18 Request for Tender Quotation.exe 2 7->18         started        25 2 other processes 7->25 59 Antivirus detection for dropped file 11->59 61 Multi AV Scanner detection for dropped file 11->61 63 Machine Learning detection for dropped file 11->63 21 schtasks.exe 11->21         started        23 BtsoqoHwldFQNw.exe 11->23         started        signatures5 process6 dnsIp7 65 Loading BitLocker PowerShell Module 13->65 27 conhost.exe 13->27         started        29 WmiPrvSE.exe 13->29         started        31 conhost.exe 16->31         started        45 198.12.90.244, 49732, 49733, 49735 AS-COLOCROSSINGUS United States 18->45 33 conhost.exe 21->33         started        35 conhost.exe 25->35         started        signatures8 process9

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Request for Tender Quotation.exe47%ReversingLabsWin32.Infostealer.LokiBot
                    Request for Tender Quotation.exe100%AviraHEUR/AGEN.1306777
                    Request for Tender Quotation.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe100%AviraHEUR/AGEN.1306777
                    C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe47%ReversingLabsWin32.Infostealer.LokiBot

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id24LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id22LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id20LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id17LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id19LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id23Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id9LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id13LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id11LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id7LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/fault0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id17Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id20Response0%Avira URL Cloudsafe
                    http://tempuri.org/Ent0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id4Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id13Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id3LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id7Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id23LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id22Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id11Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id10%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id8LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id18LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id14LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id16LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id30%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id20%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id18Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id12LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id4LR0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id10LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id3Response0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rmX0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id2LR0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                    198.12.90.244:497800%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id14Response0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/soap/actor/next0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    198.12.90.244:49780true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://tempuri.org/Entity/Id10ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id24LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id8ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id22LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id20LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id12ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/envelope/Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id2ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id21ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id9Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id8Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id19LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id5Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id23ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id4Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id17LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id7Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id6Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id15LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id9LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id19ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id13LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id7LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id11LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id17ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id1LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id5LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id20ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/EntBtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000357C000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000352E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003668000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000361A000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000035CB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id3LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id15ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id13ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id4ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRequest for Tender Quotation.exe, 00000000.00000002.2210989615.0000000003324000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000B.00000002.2291032391.0000000003054000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id6ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.ip.sb/ipRequest for Tender Quotation.exe, 00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000042D9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3422027027.0000000000425000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id23LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id7ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id21LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id11ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id9ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id20Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id22ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id21Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id22Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id23Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id24Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id24ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id1ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id18LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id1Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id16LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id8LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id3Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id14LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id2Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id6LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id18ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000035CB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id12LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressingRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id10LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id4LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id2LRRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000037A3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003892000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rmXRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id3ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id10Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id11Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id12Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id16ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id13Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id14Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id15Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id16Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id17Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id18Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id5ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id19Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003755000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000033F3000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003490000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003442000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.00000000036B7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/actor/nextRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id14ResponseRequest for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003653000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AF2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000037DC000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000387A000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003B41000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000035FE000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000373F000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000039B5000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003917000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.000000000382B000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.00000000038C9000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003A55000.00000004.00000800.00020000.00000000.sdmp, Request for Tender Quotation.exe, 0000000A.00000002.3426922416.0000000003966000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.000000000339E000.00000004.00000800.00020000.00000000.sdmp, BtsoqoHwldFQNw.exe, 0000000F.00000002.3425316831.0000000003706000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    198.12.90.244
                    		unknownUnited States
                    		36352AS-COLOCROSSINGUStrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1516760
                    Start date and time:2024-09-24 15:21:10 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 19s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:18
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Request for Tender Quotation.exe
                    Detection:MAL
                    Classification:mal100.troj.evad.winEXE@21/15@0/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 80
                    • Number of non-executed functions: 10
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: Request for Tender Quotation.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:22:13API Interceptor1x Sleep call for process: Request for Tender Quotation.exe modified
                    09:22:15API Interceptor56x Sleep call for process: powershell.exe modified
                    09:22:19API Interceptor1x Sleep call for process: BtsoqoHwldFQNw.exe modified
                    15:22:16Task SchedulerRun new task: BtsoqoHwldFQNw path: C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    198.12.90.244PO#2764.exeGet hashmaliciousRedLineBrowse
                      PO#4502968189 Packinglist for confirmation.exeGet hashmaliciousRedLineBrowse
                        PO#4502968189 Packinglist for confirmation.ex.exeGet hashmaliciousRedLineBrowse
                          PO#4502968189 Packinglist for confirmation.ex.exeGet hashmaliciousRedLineBrowse

                            Domains

                            No context

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AS-COLOCROSSINGUS17271612591ab6f17ada184393f4f649df7ae1e0875e1ed7c7f90b08ae9f86559128c060fa548.dat-decoded.exeGet hashmaliciousRemcosBrowse
                            • 192.210.150.29
                            gwfe4fo1Sp.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 107.172.148.248
                            zJvqmu3tWt.rtfGet hashmaliciousUnknownBrowse
                            • 192.3.223.30
                            osmAcHNA4D.exeGet hashmaliciousAsyncRAT, DcRat, Quasar, XWormBrowse
                            • 192.227.228.34
                            0n25lfPJxD.exeGet hashmaliciousAsyncRAT, DcRat, Quasar, XWormBrowse
                            • 192.227.228.34
                            PO#2764.exeGet hashmaliciousRedLineBrowse
                            • 198.12.90.244
                            SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.26162.10097.xlsxGet hashmaliciousUnknownBrowse
                            • 107.172.31.14
                            AMWbNfpQpb.rtfGet hashmaliciousUnknownBrowse
                            • 198.12.81.171
                            EORJy4JxW2.rtfGet hashmaliciousDBatLoader, RemcosBrowse
                            • 107.175.243.142
                            hxPB7yjyJu.rtfGet hashmaliciousUnknownBrowse
                            • 23.94.148.16

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BtsoqoHwldFQNw.exe.log

                            Download File
                            Process:C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1216
                            Entropy (8bit):5.34331486778365
                            Encrypted:false
                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Request for Tender Quotation.exe.log

                            Download File
                            Process:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1216
                            Entropy (8bit):5.34331486778365
                            Encrypted:false
                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                            Malicious:true
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):2232
                            Entropy (8bit):5.380747059108785
                            Encrypted:false
                            SSDEEP:48:lylWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugePu/ZPUyus:lGLHxvIIwLgZ2KRHWLOugYs
                            MD5:3AD8789204FA415704CCF5B3B656BBDD
                            SHA1:7FE555A0FC141DAC4D994A35E788D0893ECA7890
                            SHA-256:469F824997F70EF9F88D0D52BCFFC2EFCB07C561DB69FF4C65C0A7CBC7A432D1
                            SHA-512:172AE94A3822D34858B725EAB261082CBF977969A46D92A7275066D0DE8C8966BA39BA3171B2048D8A2E765CE8F7EE9594F96D6E0A97897583F3559F642257CA
                            Malicious:false
                            Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4wpe3p5c.nkd.ps1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_doq50bcq.qhe.psm1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_es335ijd.otl.psm1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ese31vn4.ytu.psm1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f5fysk5q.abc.psm1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gd0l4fbm.xdw.ps1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ryqcx2zw.ofm.ps1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_upurp5e5.r03.ps1

                            Download File
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp

                            Download File
                            Process:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            File Type:XML 1.0 document, ASCII text
                            Category:dropped
                            Size (bytes):1587
                            Entropy (8bit):5.110162987586658
                            Encrypted:false
                            SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtTtxvn:cgergYrFdOFzOzN33ODOiDdKrsuTTzv
                            MD5:65F606455A2291D971EB1641948C5E58
                            SHA1:95FBFF5D10C13800EA3DDE8A1618C51A69CF32FB
                            SHA-256:471E4345C63E9158C50B1F9FD04BE0EEF48E03AC0573197448B33C193B93EB57
                            SHA-512:D4FAF74C333D440043C1D6E36527B7C571144E9A522BF838D4CAA953A685EF630C0096496E06E60C833298E212507C90A8D72061988855EDAF3148DFF074B776
                            Malicious:true
                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                            C:\Users\user\AppData\Local\Temp\tmpA29D.tmp

                            Download File
                            Process:C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe
                            File Type:XML 1.0 document, ASCII text
                            Category:dropped
                            Size (bytes):1587
                            Entropy (8bit):5.110162987586658
                            Encrypted:false
                            SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtTtxvn:cgergYrFdOFzOzN33ODOiDdKrsuTTzv
                            MD5:65F606455A2291D971EB1641948C5E58
                            SHA1:95FBFF5D10C13800EA3DDE8A1618C51A69CF32FB
                            SHA-256:471E4345C63E9158C50B1F9FD04BE0EEF48E03AC0573197448B33C193B93EB57
                            SHA-512:D4FAF74C333D440043C1D6E36527B7C571144E9A522BF838D4CAA953A685EF630C0096496E06E60C833298E212507C90A8D72061988855EDAF3148DFF074B776
                            Malicious:false
                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                            C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe

                            Download File
                            Process:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:dropped
                            Size (bytes):728576
                            Entropy (8bit):7.820465921545426
                            Encrypted:false
                            SSDEEP:12288:GO6DwczPDVhXm1CAJ/ln/I/p5Zzx49kPKMRXmz343r86oadZedvvWTFa8bQb:G1zr3XmTT/ap5vQoKbNQdkNvWTFpI
                            MD5:86D8EB475DB8A7B47C95238A32176B8C
                            SHA1:0C002A06936084477F6A5E9AC61CE5273881F2DB
                            SHA-256:55DD90013201853F29BB56E9E832F1A6483DA1D154E500B7D08C86335E7F037B
                            SHA-512:5099CB9DA2D045C5637543346EB8670F1913290B7EFA2CBB879FBEB912DBD5D5A97103590150256799A30098B7D802D8D02414296BF2BC9477B8B2600F7D3216
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 47%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.f..............0..............3... ...@....@.. ....................................@.................................03..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d3......H........g...p...............[...........................................0............{.....o.....+..*...0.............r...p.(....(.....+..*.0............{......o.......+..*....0...............(.....+..*..0..Q........(........}......}.....s....}.....s......+...(......o....%......-.....,..o......*.........(..E..........(......*.0..U.........r...po.........,.+?...L...%..".o.......{..........o........&..{..........o........*.........'..=.......0............{.........,.8.....{...

                            C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe:Zone.Identifier

                            Download File
                            Process:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):26
                            Entropy (8bit):3.95006375643621
                            Encrypted:false
                            SSDEEP:3:ggPYV:rPYV
                            MD5:187F488E27DB4AF347237FE461A079AD
                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                            Malicious:true
                            Preview:[ZoneTransfer]....ZoneId=0

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):7.820465921545426
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            • Win32 Executable (generic) a (10002005/4) 49.78%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            • DOS Executable Generic (2002/1) 0.01%
                            File name:Request for Tender Quotation.exe
                            File size:728'576 bytes
                            MD5:86d8eb475db8a7b47c95238a32176b8c
                            SHA1:0c002a06936084477f6a5e9ac61ce5273881f2db
                            SHA256:55dd90013201853f29bb56e9e832f1a6483da1d154e500b7d08c86335e7f037b
                            SHA512:5099cb9da2d045c5637543346eb8670f1913290b7efa2cbb879fbeb912dbd5d5a97103590150256799a30098b7d802d8d02414296bf2bc9477b8b2600f7d3216
                            SSDEEP:12288:GO6DwczPDVhXm1CAJ/ln/I/p5Zzx49kPKMRXmz343r86oadZedvvWTFa8bQb:G1zr3XmTT/ap5vQoKbNQdkNvWTFpI
                            TLSH:64F412A1256DC902C0B54B7858B3E1F85B74AECCA903D3078FD9ADEFBC673425A41792
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.f..............0..............3... ...@....@.. ....................................@................................

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0x4b3382
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0x66F227F7 [Tue Sep 24 02:46:15 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0xb33300x4f.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x4cc.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xb60000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000xb13880xb140074f2fcf6a2d7a0fbb9d38bf982d78264False0.9256834560119888data7.82807161657414IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0xb40000x4cc0x600c882d3f6ed52347d2fcadf2c6edd964aFalse0.3795572916666667data3.745102025935666IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0xb60000xc0x200ae6b06a9593dccf37b722ea40f8e85b6False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_VERSION0xb40900x23cdata0.4825174825174825
                            RT_MANIFEST0xb42dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 24, 2024 15:22:22.304308891 CEST4973249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:22.309864998 CEST4978049732198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:22.309954882 CEST4973249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:22.327292919 CEST4973249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:22.332290888 CEST4978049732198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:23.717786074 CEST4978049732198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:23.717855930 CEST4973249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:23.740259886 CEST4973249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:24.375756025 CEST4973349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:24.380752087 CEST4978049733198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:24.380907059 CEST4973349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:24.388906002 CEST4973349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:24.393886089 CEST4978049733198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:25.781847954 CEST4978049733198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:25.783936977 CEST4973349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:25.879844904 CEST4973349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:28.776701927 CEST4973549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:28.781825066 CEST4978049735198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:28.781928062 CEST4973549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:28.782160044 CEST4973549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:28.787096024 CEST4978049735198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:30.208453894 CEST4978049735198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:30.208530903 CEST4973549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:30.208807945 CEST4973549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:30.901453972 CEST4973849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:30.906569958 CEST4978049738198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:30.906678915 CEST4973849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:30.906884909 CEST4973849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:30.911684990 CEST4978049738198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:32.331140041 CEST4978049738198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:32.331232071 CEST4973849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:32.331484079 CEST4973849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:35.211842060 CEST4974149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:35.216923952 CEST4978049741198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:35.217021942 CEST4974149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:35.217246056 CEST4974149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:35.222035885 CEST4978049741198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:36.644673109 CEST4978049741198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:36.644886971 CEST4974149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:36.645025969 CEST4974149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:37.336810112 CEST4974249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:37.341770887 CEST4978049742198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:37.341896057 CEST4974249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:37.343122005 CEST4974249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:37.348010063 CEST4978049742198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:38.769418955 CEST4978049742198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:38.769577026 CEST4974249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:38.769824982 CEST4974249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:41.649262905 CEST4974349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:41.654202938 CEST4978049743198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:41.654294968 CEST4974349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:41.654604912 CEST4974349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:41.659377098 CEST4978049743198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:43.062522888 CEST4978049743198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:43.062638998 CEST4974349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:43.062920094 CEST4974349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:43.774277925 CEST4974449780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:43.779402971 CEST4978049744198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:43.779515028 CEST4974449780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:43.779695988 CEST4974449780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:43.787285089 CEST4978049744198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:45.204855919 CEST4978049744198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:45.204993010 CEST4974449780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:45.205178976 CEST4974449780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:48.071331978 CEST4974549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:48.076387882 CEST4978049745198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:48.076517105 CEST4974549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:48.084264040 CEST4974549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:48.089131117 CEST4978049745198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:49.564167976 CEST4978049745198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:49.564259052 CEST4974549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:49.564557076 CEST4974549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:50.211924076 CEST4974849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:50.216865063 CEST4978049748198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:50.216973066 CEST4974849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:50.217230082 CEST4974849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:50.222086906 CEST4978049748198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:51.645731926 CEST4978049748198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:51.645942926 CEST4974849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:51.646039009 CEST4974849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:54.571182966 CEST4974949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:54.576049089 CEST4978049749198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:54.576164961 CEST4974949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:54.576435089 CEST4974949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:54.581224918 CEST4978049749198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:55.984347105 CEST4978049749198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:55.985502005 CEST4974949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:55.985873938 CEST4974949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:56.649394989 CEST4975049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:56.654515982 CEST4978049750198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:56.657788038 CEST4975049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:56.658672094 CEST4975049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:56.663516998 CEST4978049750198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:58.062686920 CEST4978049750198.12.90.244192.168.2.5
                            Sep 24, 2024 15:22:58.062777042 CEST4975049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:22:58.063132048 CEST4975049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:00.993015051 CEST4975149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:00.998018026 CEST4978049751198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:00.998125076 CEST4975149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:00.998380899 CEST4975149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:01.003104925 CEST4978049751198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:02.437860012 CEST4978049751198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:02.437964916 CEST4975149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:02.438173056 CEST4975149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:03.071928024 CEST4975249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:03.076857090 CEST4978049752198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:03.076961040 CEST4975249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:03.077275038 CEST4975249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:03.082129002 CEST4978049752198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:04.517509937 CEST4978049752198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:04.517730951 CEST4975249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:04.517884016 CEST4975249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:07.446499109 CEST4975649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:07.452220917 CEST4978049756198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:07.452342987 CEST4975649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:07.452596903 CEST4975649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:07.457371950 CEST4978049756198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:08.860426903 CEST4978049756198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:08.860553980 CEST4975649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:08.860753059 CEST4975649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:09.524728060 CEST4975749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:09.529912949 CEST4978049757198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:09.530009031 CEST4975749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:09.530242920 CEST4975749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:09.535196066 CEST4978049757198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:10.956770897 CEST4978049757198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:10.956876040 CEST4975749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:10.957158089 CEST4975749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:13.875160933 CEST4975849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:13.880338907 CEST4978049758198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:13.880455017 CEST4975849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:13.880621910 CEST4975849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:13.885453939 CEST4978049758198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:15.337892056 CEST4978049758198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:15.338042021 CEST4975849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:15.338469028 CEST4975849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:15.992495060 CEST4976049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:15.997448921 CEST4978049760198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:15.997545004 CEST4976049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:15.997797966 CEST4976049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:16.003566027 CEST4978049760198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:17.439810991 CEST4978049760198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:17.444006920 CEST4976049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:17.444206953 CEST4976049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:20.352360964 CEST4976149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:20.358654976 CEST4978049761198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:20.358809948 CEST4976149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:20.359096050 CEST4976149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:20.364248037 CEST4978049761198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:21.763565063 CEST4978049761198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:21.763652086 CEST4976149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:21.769900084 CEST4976149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:22.446707010 CEST4976249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:22.454346895 CEST4978049762198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:22.454552889 CEST4976249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:22.454818010 CEST4976249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:22.459930897 CEST4978049762198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:23.856396914 CEST4978049762198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:23.856487989 CEST4976249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:23.856703997 CEST4976249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:26.775242090 CEST4976549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:26.780122042 CEST4978049765198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:26.780236959 CEST4976549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:26.780459881 CEST4976549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:26.785444975 CEST4978049765198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:28.209131002 CEST4978049765198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:28.209273100 CEST4976549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:28.209517002 CEST4976549780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:28.868177891 CEST4976649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:28.873203993 CEST4978049766198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:28.873321056 CEST4976649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:28.873554945 CEST4976649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:28.878431082 CEST4978049766198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:30.301268101 CEST4978049766198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:30.301386118 CEST4976649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:30.445805073 CEST4976649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:33.234047890 CEST4976749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:33.239013910 CEST4978049767198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:33.239119053 CEST4976749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:33.243319035 CEST4976749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:33.248197079 CEST4978049767198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:34.676187992 CEST4978049767198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:34.676338911 CEST4976749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:34.676469088 CEST4976749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:35.462923050 CEST4976849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:35.468089104 CEST4978049768198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:35.468230009 CEST4976849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:35.468877077 CEST4976849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:35.473757982 CEST4978049768198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:36.895865917 CEST4978049768198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:36.897763014 CEST4976849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:36.898147106 CEST4976849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:39.680389881 CEST4976949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:39.685483932 CEST4978049769198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:39.685592890 CEST4976949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:39.685810089 CEST4976949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:39.690886021 CEST4978049769198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:41.114412069 CEST4978049769198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:41.114649057 CEST4976949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:41.114908934 CEST4976949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:41.915230036 CEST4977049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:41.920346022 CEST4978049770198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:41.920537949 CEST4977049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:41.920674086 CEST4977049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:41.925529003 CEST4978049770198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:43.349055052 CEST4978049770198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:43.349140882 CEST4977049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:43.349411964 CEST4977049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:46.118443966 CEST4977149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:46.123533964 CEST4978049771198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:46.123625994 CEST4977149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:46.127922058 CEST4977149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:46.132848978 CEST4978049771198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:47.550757885 CEST4978049771198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:47.550884962 CEST4977149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:47.551137924 CEST4977149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:48.352456093 CEST4977249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:48.357639074 CEST4978049772198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:48.357743025 CEST4977249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:48.361356020 CEST4977249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:48.366313934 CEST4978049772198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:49.766653061 CEST4978049772198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:49.766746044 CEST4977249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:49.767016888 CEST4977249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:52.555581093 CEST4977349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:52.561253071 CEST4978049773198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:52.561383009 CEST4977349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:52.561764956 CEST4977349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:52.568526983 CEST4978049773198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:53.986808062 CEST4978049773198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:53.986888885 CEST4977349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:53.987096071 CEST4977349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:54.774539948 CEST4977649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:54.779685974 CEST4978049776198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:54.779808998 CEST4977649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:54.780066967 CEST4977649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:54.784872055 CEST4978049776198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:56.204921007 CEST4978049776198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:56.205025911 CEST4977649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:56.205235004 CEST4977649780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:58.992928028 CEST4977749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:58.998251915 CEST4978049777198.12.90.244192.168.2.5
                            Sep 24, 2024 15:23:58.998362064 CEST4977749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:58.998558998 CEST4977749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:23:59.004456997 CEST4978049777198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:00.408593893 CEST4978049777198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:00.408687115 CEST4977749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:00.408940077 CEST4977749780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:01.211697102 CEST4977849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:01.370479107 CEST4978049778198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:01.370711088 CEST4977849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:01.370923042 CEST4977849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:01.375777960 CEST4978049778198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:02.784785032 CEST4978049778198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:02.784893036 CEST4977849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:02.785212040 CEST4977849780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:05.414854050 CEST4977949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:05.419820070 CEST4978049779198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:05.419929028 CEST4977949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:05.420120955 CEST4977949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:05.424907923 CEST4978049779198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:06.809228897 CEST4978049779198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:06.809360027 CEST4977949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:06.809545994 CEST4977949780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:07.789870977 CEST4978049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:07.794903040 CEST4978049780198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:07.795106888 CEST4978049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:07.795332909 CEST4978049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:07.800265074 CEST4978049780198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:09.223901987 CEST4978049780198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:09.224081993 CEST4978049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:09.224189043 CEST4978049780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:11.821055889 CEST4978149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:11.826318979 CEST4978049781198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:11.826426983 CEST4978149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:11.826649904 CEST4978149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:11.831490040 CEST4978049781198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:13.232397079 CEST4978049781198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:13.232547998 CEST4978149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:13.232736111 CEST4978149780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:14.227185965 CEST4978249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:14.233088017 CEST4978049782198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:14.233175993 CEST4978249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:14.233372927 CEST4978249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:14.238193989 CEST4978049782198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:15.655297995 CEST4978049782198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:15.655447006 CEST4978249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:15.655678988 CEST4978249780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:18.243402958 CEST4978349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:18.248491049 CEST4978049783198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:18.248586893 CEST4978349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:18.248826027 CEST4978349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:18.253638983 CEST4978049783198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:19.674859047 CEST4978049783198.12.90.244192.168.2.5
                            Sep 24, 2024 15:24:19.674948931 CEST4978349780192.168.2.5198.12.90.244
                            Sep 24, 2024 15:24:20.744230986 CEST4978349780192.168.2.5198.12.90.244

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:09:22:12
                            Start date:24/09/2024
                            Path:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\Request for Tender Quotation.exe"
                            Imagebase:0xcd0000
                            File size:728'576 bytes
                            MD5 hash:86D8EB475DB8A7B47C95238A32176B8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2212400913.00000000043A2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2212400913.00000000042D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2212400913.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:3
                            Start time:09:22:14
                            Start date:24/09/2024
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Request for Tender Quotation.exe"
                            Imagebase:0x680000
                            File size:433'152 bytes
                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:4
                            Start time:09:22:14
                            Start date:24/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6d64d0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:5
                            Start time:09:22:14
                            Start date:24/09/2024
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"
                            Imagebase:0x680000
                            File size:433'152 bytes
                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:6
                            Start time:09:22:14
                            Start date:24/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6d64d0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:7
                            Start time:09:22:14
                            Start date:24/09/2024
                            Path:C:\Windows\SysWOW64\schtasks.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmp8B7B.tmp"
                            Imagebase:0xa10000
                            File size:187'904 bytes
                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:8
                            Start time:09:22:14
                            Start date:24/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6d64d0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:9
                            Start time:09:22:15
                            Start date:24/09/2024
                            Path:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\Request for Tender Quotation.exe"
                            Imagebase:0x2a0000
                            File size:728'576 bytes
                            MD5 hash:86D8EB475DB8A7B47C95238A32176B8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:10
                            Start time:09:22:15
                            Start date:24/09/2024
                            Path:C:\Users\user\Desktop\Request for Tender Quotation.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\Request for Tender Quotation.exe"
                            Imagebase:0xfc0000
                            File size:728'576 bytes
                            MD5 hash:86D8EB475DB8A7B47C95238A32176B8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.3422027027.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.3422027027.0000000000425000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:11
                            Start time:09:22:17
                            Start date:24/09/2024
                            Path:C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe
                            Imagebase:0xb60000
                            File size:728'576 bytes
                            MD5 hash:86D8EB475DB8A7B47C95238A32176B8C
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 47%, ReversingLabs
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:12
                            Start time:09:22:18
                            Start date:24/09/2024
                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                            Imagebase:0x7ff6ef0c0000
                            File size:496'640 bytes
                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                            Has elevated privileges:true
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:13
                            Start time:09:22:21
                            Start date:24/09/2024
                            Path:C:\Windows\SysWOW64\schtasks.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BtsoqoHwldFQNw" /XML "C:\Users\user\AppData\Local\Temp\tmpA29D.tmp"
                            Imagebase:0xa10000
                            File size:187'904 bytes
                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:14
                            Start time:09:22:22
                            Start date:24/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6d64d0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:15
                            Start time:09:22:22
                            Start date:24/09/2024
                            Path:C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\AppData\Roaming\BtsoqoHwldFQNw.exe"
                            Imagebase:0xe90000
                            File size:728'576 bytes
                            MD5 hash:86D8EB475DB8A7B47C95238A32176B8C
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:11.4%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:172
                              Total number of Limit Nodes:9
                              execution_graph 24170 143ea80 24171 143eac6 GetCurrentProcess 24170->24171 24173 143eb18 GetCurrentThread 24171->24173 24177 143eb11 24171->24177 24174 143eb55 GetCurrentProcess 24173->24174 24175 143eb4e 24173->24175 24176 143eb8b GetCurrentThreadId 24174->24176 24175->24174 24179 143ebe4 24176->24179 24177->24173 24180 143ecc8 DuplicateHandle 24181 143ed5e 24180->24181 24182 1434668 24183 143467a 24182->24183 24184 1434686 24183->24184 24186 1434b78 24183->24186 24187 1434b9d 24186->24187 24191 1434c78 24187->24191 24195 1434c88 24187->24195 24192 1434c7e 24191->24192 24194 1434d8c 24192->24194 24199 143486c 24192->24199 24197 1434caf 24195->24197 24196 1434d8c 24196->24196 24197->24196 24198 143486c CreateActCtxA 24197->24198 24198->24196 24200 1435d18 CreateActCtxA 24199->24200 24202 1435ddb 24200->24202 24390 143d2f8 24391 143d340 GetModuleHandleW 24390->24391 24392 143d33a 24390->24392 24393 143d36d 24391->24393 24392->24391 24203 7778ad9 24204 7778a8c 24203->24204 24205 7778bc7 24204->24205 24209 777b9a0 24204->24209 24226 777b9b0 24204->24226 24243 777ba16 24204->24243 24210 777b9a4 24209->24210 24211 777b9d2 24210->24211 24261 777c004 24210->24261 24266 777bdc7 24210->24266 24271 777c0e7 24210->24271 24278 777bf39 24210->24278 24283 777c559 24210->24283 24288 777bf79 24210->24288 24294 777c5da 24210->24294 24299 777bdfb 24210->24299 24304 777c4de 24210->24304 24309 777bfd0 24210->24309 24313 777c351 24210->24313 24318 777bf51 24210->24318 24323 777bf97 24210->24323 24327 777c0a3 24210->24327 24211->24205 24227 777b9ca 24226->24227 24228 777b9d2 24227->24228 24229 777bf97 2 API calls 24227->24229 24230 777bf51 2 API calls 24227->24230 24231 777c351 2 API calls 24227->24231 24232 777bfd0 2 API calls 24227->24232 24233 777c4de 2 API calls 24227->24233 24234 777bdfb 2 API calls 24227->24234 24235 777c5da 2 API calls 24227->24235 24236 777bf79 2 API calls 24227->24236 24237 777c559 2 API calls 24227->24237 24238 777bf39 2 API calls 24227->24238 24239 777c0e7 4 API calls 24227->24239 24240 777bdc7 2 API calls 24227->24240 24241 777c004 2 API calls 24227->24241 24242 777c0a3 2 API calls 24227->24242 24228->24205 24229->24228 24230->24228 24231->24228 24232->24228 24233->24228 24234->24228 24235->24228 24236->24228 24237->24228 24238->24228 24239->24228 24240->24228 24241->24228 24242->24228 24244 777b9a4 24243->24244 24246 777ba19 24243->24246 24245 777b9d2 24244->24245 24247 777bf97 2 API calls 24244->24247 24248 777bf51 2 API calls 24244->24248 24249 777c351 2 API calls 24244->24249 24250 777bfd0 2 API calls 24244->24250 24251 777c4de 2 API calls 24244->24251 24252 777bdfb 2 API calls 24244->24252 24253 777c5da 2 API calls 24244->24253 24254 777bf79 2 API calls 24244->24254 24255 777c559 2 API calls 24244->24255 24256 777bf39 2 API calls 24244->24256 24257 777c0e7 4 API calls 24244->24257 24258 777bdc7 2 API calls 24244->24258 24259 777c004 2 API calls 24244->24259 24260 777c0a3 2 API calls 24244->24260 24245->24205 24246->24205 24247->24245 24248->24245 24249->24245 24250->24245 24251->24245 24252->24245 24253->24245 24254->24245 24255->24245 24256->24245 24257->24245 24258->24245 24259->24245 24260->24245 24262 777bf96 24261->24262 24331 7777e10 24262->24331 24335 7777e18 24262->24335 24263 777bfb1 24267 777bdcd 24266->24267 24339 7778664 24267->24339 24343 7778670 24267->24343 24347 777cc70 24271->24347 24352 777cc60 24271->24352 24272 777c0ff 24358 7777d60 24272->24358 24362 7777d68 24272->24362 24273 777c66b 24279 777bf4a 24278->24279 24281 7777d60 ResumeThread 24279->24281 24282 7777d68 ResumeThread 24279->24282 24280 777c66b 24280->24280 24281->24280 24282->24280 24284 777c1b8 24283->24284 24284->24283 24285 777c742 24284->24285 24366 77784d0 24284->24366 24370 77784d8 24284->24370 24285->24211 24289 777bf86 24288->24289 24291 777bee5 24289->24291 24374 77783e0 24289->24374 24378 77783e8 24289->24378 24290 777c516 24291->24211 24296 777c1b8 24294->24296 24295 777c742 24295->24211 24296->24295 24297 77784d0 ReadProcessMemory 24296->24297 24298 77784d8 ReadProcessMemory 24296->24298 24297->24296 24298->24296 24300 777be0d 24299->24300 24302 7778664 CreateProcessA 24300->24302 24303 7778670 CreateProcessA 24300->24303 24301 777be98 24301->24211 24302->24301 24303->24301 24305 777c4e4 24304->24305 24307 77783e0 WriteProcessMemory 24305->24307 24308 77783e8 WriteProcessMemory 24305->24308 24306 777c516 24307->24306 24308->24306 24382 7778321 24309->24382 24386 7778328 24309->24386 24310 777bfee 24314 777c377 24313->24314 24316 7777d60 ResumeThread 24314->24316 24317 7777d68 ResumeThread 24314->24317 24315 777c66b 24316->24315 24317->24315 24319 777bf61 24318->24319 24321 77783e0 WriteProcessMemory 24319->24321 24322 77783e8 WriteProcessMemory 24319->24322 24320 777c87b 24321->24320 24322->24320 24325 7777e10 Wow64SetThreadContext 24323->24325 24326 7777e18 Wow64SetThreadContext 24323->24326 24324 777bfb1 24325->24324 24326->24324 24329 77783e0 WriteProcessMemory 24327->24329 24330 77783e8 WriteProcessMemory 24327->24330 24328 777bee5 24328->24211 24329->24328 24330->24328 24332 7777e5d Wow64SetThreadContext 24331->24332 24334 7777ea5 24332->24334 24334->24263 24336 7777e5d Wow64SetThreadContext 24335->24336 24338 7777ea5 24336->24338 24338->24263 24340 7778670 CreateProcessA 24339->24340 24342 77788bb 24340->24342 24344 77786f9 CreateProcessA 24343->24344 24346 77788bb 24344->24346 24348 777cc85 24347->24348 24350 7777e10 Wow64SetThreadContext 24348->24350 24351 7777e18 Wow64SetThreadContext 24348->24351 24349 777cc9b 24349->24272 24350->24349 24351->24349 24353 777cc64 24352->24353 24355 777cbef 24353->24355 24356 7777e10 Wow64SetThreadContext 24353->24356 24357 7777e18 Wow64SetThreadContext 24353->24357 24354 777cc9b 24354->24272 24355->24272 24356->24354 24357->24354 24359 7777d64 ResumeThread 24358->24359 24361 7777dd9 24359->24361 24361->24273 24363 7777d6b ResumeThread 24362->24363 24365 7777dd9 24363->24365 24365->24273 24367 77784d4 ReadProcessMemory 24366->24367 24369 7778567 24367->24369 24369->24284 24371 77784db ReadProcessMemory 24370->24371 24373 7778567 24371->24373 24373->24284 24375 77783e8 WriteProcessMemory 24374->24375 24377 7778487 24375->24377 24377->24290 24379 77783ef WriteProcessMemory 24378->24379 24381 7778487 24379->24381 24381->24290 24383 7778368 VirtualAllocEx 24382->24383 24385 77783a5 24383->24385 24385->24310 24387 7778368 VirtualAllocEx 24386->24387 24389 77783a5 24387->24389 24389->24310

                              Executed Functions

                              Function 01437291 Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID: Pp]q
                              • API String ID: 0-2528107101
                              • Opcode ID: 19f62126eb75e0f4c387e880c0a271474721bc7196dc6a3effd1388a53a37ef6
                              • Instruction ID: f8ebc939501914bbbdfb5a978048e258227ed9dee8b4b4b30d5a93e5cea3a7c4
                              • Opcode Fuzzy Hash: 19f62126eb75e0f4c387e880c0a271474721bc7196dc6a3effd1388a53a37ef6
                              • Instruction Fuzzy Hash: 76F1D474E00219CFDB55DFA9D984A9DBBB2FF89300F1481A9D409AB365DB306E86CF50
                              Function 01434238 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID: Pp]q
                              • API String ID: 0-2528107101
                              • Opcode ID: 17ae95b32559ed85632f4a9137075dbf13b4c47b659dcf13dbca7f5ef4e08bc6
                              • Instruction ID: c300b2143f7fc2834fabe078cd4574d2cd7b5be7bb014327edffbbd1676e4580
                              • Opcode Fuzzy Hash: 17ae95b32559ed85632f4a9137075dbf13b4c47b659dcf13dbca7f5ef4e08bc6
                              • Instruction Fuzzy Hash: 7AF1E474E00219CFDB54DFA9D980A9DBBB2FF89300F1481A9D409AB365DB306E86CF50
                              Function 07771B00 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID: Te]q
                              • API String ID: 0-52440209
                              • Opcode ID: 69fd77ea678cefd8768734b803ae48f85e2399826079c9818f023ecfe03f5049
                              • Instruction ID: 9110b697e480f881fab46538869255c616ab6f49975a9220a19f5f5ca871e794
                              • Opcode Fuzzy Hash: 69fd77ea678cefd8768734b803ae48f85e2399826079c9818f023ecfe03f5049
                              • Instruction Fuzzy Hash: B471B3B4E14209CFDF08CFE9C984AEDBBB6BF8A340F50912AD519AB365DB305945CB50
                              Function 077729E1 Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a62829bd88c189cab2409deac0c10c3325b3a09251c1bb879bfed765c82b1edd
                              • Instruction ID: c7c6d39ba4f4571b5919807600f32717892be9a0162ded1c39268faaed7ed8fc
                              • Opcode Fuzzy Hash: a62829bd88c189cab2409deac0c10c3325b3a09251c1bb879bfed765c82b1edd
                              • Instruction Fuzzy Hash: 1B21E3B0D146188BEB18CFA6D9053EEFAB6BFC9340F04D42AD419B6264DB740545CF90
                              Function 077729F0 Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d358ba2f78f42526b3d4be31ef43956ee12bab4b54cccfecfc3c7027c93d6ff9
                              • Instruction ID: 0f46547a6a7d5d80ac6e5e108256c83aceb650cbb4f4c15848976ec2aa766daf
                              • Opcode Fuzzy Hash: d358ba2f78f42526b3d4be31ef43956ee12bab4b54cccfecfc3c7027c93d6ff9
                              • Instruction Fuzzy Hash: 4621C2B0D146188BEB18CFABC9043EEFAF6BFC9340F14D02AD419A6264DB741945CF90
                              Function 0777BEFD Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 18c3d3c00eb7d46362e9be20e1becd34d8bba361c34911b012396bf2f7a9c044
                              • Instruction ID: 34b4ffbb0ff825eb2a624478c4f18943cd0de32f87ae1d369d30cfc9f43635ff
                              • Opcode Fuzzy Hash: 18c3d3c00eb7d46362e9be20e1becd34d8bba361c34911b012396bf2f7a9c044
                              • Instruction Fuzzy Hash: 89A002C0CEF104D48C151C5014994F8C03C034F1C0F447950D10A33412C440E020C55E
                              Function 0143EA80 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 645 143ea80-143eb0f GetCurrentProcess 649 143eb11-143eb17 645->649 650 143eb18-143eb4c GetCurrentThread 645->650 649->650 651 143eb55-143eb89 GetCurrentProcess 650->651 652 143eb4e-143eb54 650->652 653 143eb92-143ebaa 651->653 654 143eb8b-143eb91 651->654 652->651 658 143ebb3-143ebe2 GetCurrentThreadId 653->658 654->653 659 143ebe4-143ebea 658->659 660 143ebeb-143ec4d 658->660 659->660
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 0143EAFE
                              • GetCurrentThread.KERNEL32 ref: 0143EB3B
                              • GetCurrentProcess.KERNEL32 ref: 0143EB78
                              • GetCurrentThreadId.KERNEL32 ref: 0143EBD1
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: b25071be7631d54505886ecfa6ff4a0db7652cd55e0f6dc65c4fc3d8776c9a88
                              • Instruction ID: 15c192d87166ee1e1ee338257dae52383b95fdf9fe14438ad878bacb963c7729
                              • Opcode Fuzzy Hash: b25071be7631d54505886ecfa6ff4a0db7652cd55e0f6dc65c4fc3d8776c9a88
                              • Instruction Fuzzy Hash: E55155B09013098FDB18DFAAD548B9EBBF5EF88314F208059E109B7360C778A984CF65
                              Function 07778664 Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1044 7778664-7778705 1047 7778707-7778711 1044->1047 1048 777873e-777875e 1044->1048 1047->1048 1049 7778713-7778715 1047->1049 1055 7778797-77787c6 1048->1055 1056 7778760-777876a 1048->1056 1050 7778717-7778721 1049->1050 1051 7778738-777873b 1049->1051 1053 7778725-7778734 1050->1053 1054 7778723 1050->1054 1051->1048 1053->1053 1057 7778736 1053->1057 1054->1053 1064 77787ff-77788b9 CreateProcessA 1055->1064 1065 77787c8-77787d2 1055->1065 1056->1055 1058 777876c-777876e 1056->1058 1057->1051 1060 7778791-7778794 1058->1060 1061 7778770-777877a 1058->1061 1060->1055 1062 777877e-777878d 1061->1062 1063 777877c 1061->1063 1062->1062 1066 777878f 1062->1066 1063->1062 1076 77788c2-7778948 1064->1076 1077 77788bb-77788c1 1064->1077 1065->1064 1067 77787d4-77787d6 1065->1067 1066->1060 1069 77787f9-77787fc 1067->1069 1070 77787d8-77787e2 1067->1070 1069->1064 1071 77787e6-77787f5 1070->1071 1072 77787e4 1070->1072 1071->1071 1074 77787f7 1071->1074 1072->1071 1074->1069 1087 777894a-777894e 1076->1087 1088 7778958-777895c 1076->1088 1077->1076 1087->1088 1089 7778950 1087->1089 1090 777895e-7778962 1088->1090 1091 777896c-7778970 1088->1091 1089->1088 1090->1091 1094 7778964 1090->1094 1092 7778972-7778976 1091->1092 1093 7778980-7778984 1091->1093 1092->1093 1095 7778978 1092->1095 1096 7778996-777899d 1093->1096 1097 7778986-777898c 1093->1097 1094->1091 1095->1093 1098 77789b4 1096->1098 1099 777899f-77789ae 1096->1099 1097->1096 1101 77789b5 1098->1101 1099->1098 1101->1101
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077788A6
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 9bc890886514c9911cbb52437f442112c0b2ab39d4f069245123244adb059c9e
                              • Instruction ID: 2a8e9b44b083ebf8409cb9b99bc658dd772bbb453cfecb3a49386bc9e2e13038
                              • Opcode Fuzzy Hash: 9bc890886514c9911cbb52437f442112c0b2ab39d4f069245123244adb059c9e
                              • Instruction Fuzzy Hash: D1A16DB1D0021ACFDF14CFA9C8447EDBBB2BF48354F1485AAD849A7250DB749985CF92
                              Function 07778670 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1102 7778670-7778705 1104 7778707-7778711 1102->1104 1105 777873e-777875e 1102->1105 1104->1105 1106 7778713-7778715 1104->1106 1112 7778797-77787c6 1105->1112 1113 7778760-777876a 1105->1113 1107 7778717-7778721 1106->1107 1108 7778738-777873b 1106->1108 1110 7778725-7778734 1107->1110 1111 7778723 1107->1111 1108->1105 1110->1110 1114 7778736 1110->1114 1111->1110 1121 77787ff-77788b9 CreateProcessA 1112->1121 1122 77787c8-77787d2 1112->1122 1113->1112 1115 777876c-777876e 1113->1115 1114->1108 1117 7778791-7778794 1115->1117 1118 7778770-777877a 1115->1118 1117->1112 1119 777877e-777878d 1118->1119 1120 777877c 1118->1120 1119->1119 1123 777878f 1119->1123 1120->1119 1133 77788c2-7778948 1121->1133 1134 77788bb-77788c1 1121->1134 1122->1121 1124 77787d4-77787d6 1122->1124 1123->1117 1126 77787f9-77787fc 1124->1126 1127 77787d8-77787e2 1124->1127 1126->1121 1128 77787e6-77787f5 1127->1128 1129 77787e4 1127->1129 1128->1128 1131 77787f7 1128->1131 1129->1128 1131->1126 1144 777894a-777894e 1133->1144 1145 7778958-777895c 1133->1145 1134->1133 1144->1145 1146 7778950 1144->1146 1147 777895e-7778962 1145->1147 1148 777896c-7778970 1145->1148 1146->1145 1147->1148 1151 7778964 1147->1151 1149 7778972-7778976 1148->1149 1150 7778980-7778984 1148->1150 1149->1150 1152 7778978 1149->1152 1153 7778996-777899d 1150->1153 1154 7778986-777898c 1150->1154 1151->1148 1152->1150 1155 77789b4 1153->1155 1156 777899f-77789ae 1153->1156 1154->1153 1158 77789b5 1155->1158 1156->1155 1158->1158
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077788A6
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 36e0b8ee2d6ca740d05e7bc0161a0dbc9ee4c3c0c55f47e4d8d1f6e019641a5f
                              • Instruction ID: 97f7bba2faabfdb8292f7c14c6e112da196f0749742c9e6e611ffe0710f96213
                              • Opcode Fuzzy Hash: 36e0b8ee2d6ca740d05e7bc0161a0dbc9ee4c3c0c55f47e4d8d1f6e019641a5f
                              • Instruction Fuzzy Hash: C3915DB1D0021ACFDF14CFA9C844BEDBBB2BF48354F14856AD849A7250DB749985CF92
                              Function 01435D0D Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                              Download Yara Rule
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 01435DC9
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: f20a71b14bc6c0c304c5c98047bae2916997a5c1c86fa1741803a0bc5eae70e7
                              • Instruction ID: 4bfb01df33b29b982f5988494cafa6af3a9ed5a708c23268cee674f6ea8d6076
                              • Opcode Fuzzy Hash: f20a71b14bc6c0c304c5c98047bae2916997a5c1c86fa1741803a0bc5eae70e7
                              • Instruction Fuzzy Hash: AD41C0B0C00619CFDB24DFA9C884BDEBBB5BF49304F24806AD418AB255DB756946CFA1
                              Function 0143486C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 01435DC9
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: eae6d391e101967929a389c76bbbef633e7f2c274e930dd9711785de36458096
                              • Instruction ID: 8236fa56baeeadbeaa56dadada678d362e4ee7de408e7f819885b8520b8449e9
                              • Opcode Fuzzy Hash: eae6d391e101967929a389c76bbbef633e7f2c274e930dd9711785de36458096
                              • Instruction Fuzzy Hash: 7A41D2B0C0071DCBDB24DFA9C848B9EBBF5BF49304F20806AD418AB265DB755946CFA1
                              Function 077783E0 Relevance: 1.6, APIs: 1, Instructions: 78injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07778478
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 8f973a2bae1ef60e6cbe1b8823236e5ae33ae3215a2c3a1c7fef95549777992a
                              • Instruction ID: 9933715d5f615dccde7a592fec564b6f0083746df14afeaf8cdbb4a40e65f3b2
                              • Opcode Fuzzy Hash: 8f973a2bae1ef60e6cbe1b8823236e5ae33ae3215a2c3a1c7fef95549777992a
                              • Instruction Fuzzy Hash: 503147B19003499FCB10CFA9C8857EEBFB5FF49310F10842AE918A7241C7B99544CBA5
                              Function 077784D0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                              Download Yara Rule
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07778558
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 4ad8158e84730292dab734b595d378d7f3b094162c692cb1366fd1362da9c9af
                              • Instruction ID: 7fbe183cb54eb6473d0bd3f25db7b2e1bcfa588678f69b752df753f20ac2cd1a
                              • Opcode Fuzzy Hash: 4ad8158e84730292dab734b595d378d7f3b094162c692cb1366fd1362da9c9af
                              • Instruction Fuzzy Hash: 5A212AB19003499FCF10CFAAC845AEEBFF5FF49310F108429E518A7240C7799555DBA5
                              Function 077783E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07778478
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 6e7ce57ee620e1caf45a3e15b3ffcb4b375195c6e6b1717493b4a1c8f7c27f15
                              • Instruction ID: 45752d6b4299de4af764e41ed2508e794adf1a20201829b5803f2a56e0894253
                              • Opcode Fuzzy Hash: 6e7ce57ee620e1caf45a3e15b3ffcb4b375195c6e6b1717493b4a1c8f7c27f15
                              • Instruction Fuzzy Hash: 742139B59003099FCF10DFAAC885BEEBBF5FF48310F108829E919A7240C7789944CBA5
                              Function 077784D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                              Download Yara Rule
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07778558
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 0d7adb0a3fb460bba12aa8cf5c63df398f7d76438f3dc8dfc6b68bfe4bc053b1
                              • Instruction ID: 8a86aec51f0bda73b56afa5f6a31271e95a121d6c33530cbf379913653dcaae2
                              • Opcode Fuzzy Hash: 0d7adb0a3fb460bba12aa8cf5c63df398f7d76438f3dc8dfc6b68bfe4bc053b1
                              • Instruction Fuzzy Hash: F82139B1D003499FCB10DFAAC844AEEFBF5FF48310F508829E519A7240C7799540CBA1
                              Function 07777E10 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07777E96
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: 1eca08c34110d12115a3859981cb7f2783526fc139f3a406423e532b480b2871
                              • Instruction ID: bd42e70fcad5726ee5cf2920720fe60caaa3d176491c8d4b12934e3e6129fe79
                              • Opcode Fuzzy Hash: 1eca08c34110d12115a3859981cb7f2783526fc139f3a406423e532b480b2871
                              • Instruction Fuzzy Hash: E52134B1D002098FDB14DFAAC4847AEBBF5EF48314F14882AD459A7251CB78A985CFA5
                              Function 07777E18 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07777E96
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: 7b9b1cb048189fce1276ba07efdea25d967586c25a834cf71746b58bfdd6bbc5
                              • Instruction ID: b46a37a97fc0ac06b6092681e3ba66b7a717ce1acaa05b4f54f9da6d9dd05968
                              • Opcode Fuzzy Hash: 7b9b1cb048189fce1276ba07efdea25d967586c25a834cf71746b58bfdd6bbc5
                              • Instruction Fuzzy Hash: 072138B1D003098FDB14DFAAC4857EEBBF4EF48310F108429D419A7240CB789944CFA5
                              Function 0143ECC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0143ED4F
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: cf8b8f769a2255b5ea216edc17b73783afc8690e9896cedaca8ebc430fe4960f
                              • Instruction ID: bf51c63faaf9a51d95780498c852f008d8db619c65639a914e347c6338014c23
                              • Opcode Fuzzy Hash: cf8b8f769a2255b5ea216edc17b73783afc8690e9896cedaca8ebc430fe4960f
                              • Instruction Fuzzy Hash: F521E4B59002099FDB10CF9AD584ADEBFF8FB48310F14841AE918A3350D378A940CFA4
                              Function 07778321 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07778396
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: c12a69a652ea1c50666fc9630a13235b5ef33bf1932ed84c08fcb880ff50b8e3
                              • Instruction ID: 78eeab9975ca79011b7a668e4a199aeb48387bb83b6770afa6756e6988af9e93
                              • Opcode Fuzzy Hash: c12a69a652ea1c50666fc9630a13235b5ef33bf1932ed84c08fcb880ff50b8e3
                              • Instruction Fuzzy Hash: 5B1159B69002499FCB10DFA9C844AEEBFF5FF48310F10881AE519A7250C7759540CFA1
                              Function 07778328 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07778396
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 3f70c9209d5eedf33d77525524237d41177365a6d1dbd9d21aa043dc9d0e104e
                              • Instruction ID: c67f985f54f39d01d66ce94c04ea92801cb21b692e4d4380bd1115dd3fd82333
                              • Opcode Fuzzy Hash: 3f70c9209d5eedf33d77525524237d41177365a6d1dbd9d21aa043dc9d0e104e
                              • Instruction Fuzzy Hash: 241107B59003499FCB10DFAAC845AEEBFF5FF88324F148819E519A7250C779A544CFA1
                              Function 07777D60 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 6bee97aae6d423c288bb3b21b8d8178fdb370924d6b795abed31f5cb6313ff59
                              • Instruction ID: 06c7e632f69a7e873dd2a9cff172dd77911d0d38d90b8596874d5344fcbd6c99
                              • Opcode Fuzzy Hash: 6bee97aae6d423c288bb3b21b8d8178fdb370924d6b795abed31f5cb6313ff59
                              • Instruction Fuzzy Hash: C3115BB5C003498FCB24DFAAC8457EEFBF5AF48314F248819D519A7240C7796544CBA4
                              Function 07777D68 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: e4aee4efdda815bb6c50d4df7d14a4845518ca59421033e1b7a393b06974750e
                              • Instruction ID: e19a15398eb00a97390258f36941de6440fb67de6dbae533b1a62dd11f5f0ddc
                              • Opcode Fuzzy Hash: e4aee4efdda815bb6c50d4df7d14a4845518ca59421033e1b7a393b06974750e
                              • Instruction Fuzzy Hash: 341136B1D003498FCB24DFAAC4457EEFBF5EF88324F208819D519A7240CB79A944CBA4
                              Function 0143D2F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0143D35E
                              Memory Dump Source
                              • Source File: 00000000.00000002.2209065443.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_1430000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 030c17789124e6045bcdcade6487dad7770ce75a45de049e020acc3efe8546dd
                              • Instruction ID: 0a23008ece7d66f0ecbe2a103da1cdb8f54ad60dc71a930ee8a6bcb4263f0ff5
                              • Opcode Fuzzy Hash: 030c17789124e6045bcdcade6487dad7770ce75a45de049e020acc3efe8546dd
                              • Instruction Fuzzy Hash: 6111E0B5C007498FDB10DF9AC444ADEFBF4EF88714F10845AD959A7210C379A545CFA5
                              Function 0135D4A0 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2208615056.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_135d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 22d403e5cf0879a8ff82595a8d186a496602778e6dfdd70218af48f0d3e1fa64
                              • Instruction ID: f39e1b4cf7a672be5b6a5bb5df2bbc6cec0e16393a20fa48592dcd12cdf84b4f
                              • Opcode Fuzzy Hash: 22d403e5cf0879a8ff82595a8d186a496602778e6dfdd70218af48f0d3e1fa64
                              • Instruction Fuzzy Hash: 7D2103B1504204DFDB46DF98D9C0F26BF69FB8871CF20C969ED090A256C33AD456CBA2
                              Function 0136D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2208655962.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_136d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e42fc21ff68a34e952cfb60d04b07eaeaeaaba1fe7e999104dc2193230411390
                              • Instruction ID: 935296aaf4c766636bcf7a5b98e03ce56379fa7382a378a424de766f8efb4c9e
                              • Opcode Fuzzy Hash: e42fc21ff68a34e952cfb60d04b07eaeaeaaba1fe7e999104dc2193230411390
                              • Instruction Fuzzy Hash: 51212271604204DFCB15DF68D980B26BF69FB88318F20C56DE98A0B35AC33BD407CAA1
                              Function 0135D49B Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2208615056.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_135d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction ID: bd4115114b6e2234cbbc54049b1ab548c7765fcd4bf3d6abee36d3de3031eccb
                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction Fuzzy Hash: FB11AF76504240CFDB16CF58D5C4B16BF61FB84728F24C5A9DD094B257C336D45ACBA2
                              Function 0136D017 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2208655962.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_136d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                              • Instruction ID: 4f3e4eb00bb0ce3bc4310016d7608d395d29fa31220f7c283fc5b73dc29d49c7
                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                              • Instruction Fuzzy Hash: A711BE75604280CFDB12CF54D5C4B15BF71FB88318F24C6A9D8494B65AC33AD40ACB62
                              Function 0135D745 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2208615056.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_135d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 06cd9b3b94e06b441467c5ead24d690425721d54e72a596c6c1da5ffd259f189
                              • Instruction ID: 95878fdbad31f69292364535adc9afa9f46953ca9052431145c8a5fc73c4cfb5
                              • Opcode Fuzzy Hash: 06cd9b3b94e06b441467c5ead24d690425721d54e72a596c6c1da5ffd259f189
                              • Instruction Fuzzy Hash: 76012B310043849AE7608F99CD84F67BF9CEF45B28F18C96AED090B286D3399801CAB1
                              Function 0135D744 Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2208615056.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_135d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 40102e7c608ccc9bffd22a9c16953cf6ecf72cd37828321492183343b2d232de
                              • Instruction ID: f165efc118c361fff4ba8699113e5ea2060f3d3456daa152cebcb56b9637bc73
                              • Opcode Fuzzy Hash: 40102e7c608ccc9bffd22a9c16953cf6ecf72cd37828321492183343b2d232de
                              • Instruction Fuzzy Hash: E8F06271405384AAE7118E1AC988B62FF98EF45634F18C45AED484B286C37A9844CAB5

                              Non-executed Functions

                              Function 0777D87C Relevance: .4, Instructions: 358COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e94f34f8ff0030bc063d639a723f8799e7617c506c79154f995b256cea20315d
                              • Instruction ID: 75d00228dddda0b2848317b57da5c71b892386ae52c735cc70151bebceb94aea
                              • Opcode Fuzzy Hash: e94f34f8ff0030bc063d639a723f8799e7617c506c79154f995b256cea20315d
                              • Instruction Fuzzy Hash: 3FD1DEB17017418FDF29DB7AC450B6EB7E6AF99240F1448AED046DB2A1DB74E801CB52
                              Function 07775628 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ea4549891bcbbc1e356deb69c8573654180d62b6f5c496a2ab658ae2e22f5f5
                              • Instruction ID: a67c0842c9efad609e46d43fe4a87827d2a0201b0c42e1c7ae3a0a8f13fdd86b
                              • Opcode Fuzzy Hash: 3ea4549891bcbbc1e356deb69c8573654180d62b6f5c496a2ab658ae2e22f5f5
                              • Instruction Fuzzy Hash: 07E107B4E002198FDB14CFA8C580AAEBBB2FF89345F24C569D415AB356D734AD41CFA0
                              Function 07777540 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4659fc207c8f8282cf7261e518b0c6f255c9050968168528bb791bd648dee584
                              • Instruction ID: 9aa0430481903301410fdc2a31149747e2b2f156e97c2a4ca4c0259405787e52
                              • Opcode Fuzzy Hash: 4659fc207c8f8282cf7261e518b0c6f255c9050968168528bb791bd648dee584
                              • Instruction Fuzzy Hash: 19E105B4E002198FDB14CFA8C5809AEBBB2FF89345F64C569D415AB356D734AD41CFA0
                              Function 07777108 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dada4e0c0c1f802131bdaeb8ca2321f01b85768e277b30344fda2938088ae70f
                              • Instruction ID: 3074e991cfc4562e2f6a84a22ed4f57d6adc5963f8daac510342163ed07547ac
                              • Opcode Fuzzy Hash: dada4e0c0c1f802131bdaeb8ca2321f01b85768e277b30344fda2938088ae70f
                              • Instruction Fuzzy Hash: A3E109B4E001198FDB14CFA8C5809AEBBB2FF89345F648569E815A7356D734A941CFA0
                              Function 07777EF0 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9fe3fa5f80629a3fda65294010c0fd3cce97e79e15137fe19d74c6ef9dfd640a
                              • Instruction ID: 668f681254ecbf520bdb57941029b71d720136f4121800126cd06d6c169299eb
                              • Opcode Fuzzy Hash: 9fe3fa5f80629a3fda65294010c0fd3cce97e79e15137fe19d74c6ef9dfd640a
                              • Instruction Fuzzy Hash: 66E106B4E002198FDB14CFA8C5849AEBBB2FF89345F24C569D815AB356C734AD42CF61
                              Function 07775A60 Relevance: .3, Instructions: 312COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a86ee53157a03422e7e575adc682f59e734b96b6b14676df99a1ceae03dab0f9
                              • Instruction ID: 08f58dd203a42892328c5a067f943f0a4615b53283a689a889a7e8568b34d050
                              • Opcode Fuzzy Hash: a86ee53157a03422e7e575adc682f59e734b96b6b14676df99a1ceae03dab0f9
                              • Instruction Fuzzy Hash: AEE107B4E002198FDB14CFA8C584AAEFBB2FF89345F248569E415AB356D734AD41CF60
                              Function 07774A78 Relevance: .1, Instructions: 139COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e2d99e0cb081564222f9155de836af04f9d9cf28b020102a30634db554c53596
                              • Instruction ID: 78c7c823992e850b43de56d2d7897f1679c6b4518076415d6e72b2559a53660a
                              • Opcode Fuzzy Hash: e2d99e0cb081564222f9155de836af04f9d9cf28b020102a30634db554c53596
                              • Instruction Fuzzy Hash: F151F1B4E19259CFCF04CF9AD484AEEFBFABB8A340F149026E419A7221D7309941CF54
                              Function 07775618 Relevance: .1, Instructions: 134COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3f39d54c67ed9008ccdec96ce7e2c7c80e27aceb73270f49459abcf65a37c387
                              • Instruction ID: 121732ee1587b0fd958a9524ab68d2667d72fad7fff916567b8e79bcc4a1aa90
                              • Opcode Fuzzy Hash: 3f39d54c67ed9008ccdec96ce7e2c7c80e27aceb73270f49459abcf65a37c387
                              • Instruction Fuzzy Hash: 865129B4E002198BDB14CFA9C9805AEBBB2FF89305F24C569D418AB356D7309E41CFA1
                              Function 077770F9 Relevance: .1, Instructions: 129COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 82215b999a1379bd6e9bccb14e52a27dd1c2ef3363755a459b1fd656f4e1880c
                              • Instruction ID: a1019d56de5c6a3624d9d62715bf5e9836cd9f1daae311d7e046f1649518dd6c
                              • Opcode Fuzzy Hash: 82215b999a1379bd6e9bccb14e52a27dd1c2ef3363755a459b1fd656f4e1880c
                              • Instruction Fuzzy Hash: 9B512CB4E002198FDB14CFA9C5805AEFBF2FF89305F24C5A9D418AB256D7349941CFA1
                              Function 0777753F Relevance: .1, Instructions: 125COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2216481506.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7770000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 863dc726242059e6a864beef83b631d0579929c981c674c849f269a16abe67ea
                              • Instruction ID: fb6a14e1227516855159cc8ce08025aedacda0ed2542b5b14d283e338df91569
                              • Opcode Fuzzy Hash: 863dc726242059e6a864beef83b631d0579929c981c674c849f269a16abe67ea
                              • Instruction Fuzzy Hash: D351F8B4E002198BDB18CFA9C5805AEFBB2FF89305F24C569D418A7356D7349A42CFA1

                              Execution Graph

                              Execution Coverage:7.8%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:39
                              Total number of Limit Nodes:5
                              execution_graph 15269 16f4668 15270 16f4684 15269->15270 15271 16f4696 15270->15271 15273 16f47a0 15270->15273 15274 16f47c5 15273->15274 15278 16f48a1 15274->15278 15282 16f48b0 15274->15282 15280 16f48b0 15278->15280 15279 16f49b4 15279->15279 15280->15279 15286 16f4248 15280->15286 15284 16f48d7 15282->15284 15283 16f49b4 15283->15283 15284->15283 15285 16f4248 CreateActCtxA 15284->15285 15285->15283 15287 16f5940 CreateActCtxA 15286->15287 15289 16f5a03 15287->15289 15290 16fad38 15291 16fad39 15290->15291 15295 16fae20 15291->15295 15300 16fae30 15291->15300 15292 16fad47 15297 16fae30 15295->15297 15296 16fae64 15296->15292 15297->15296 15298 16fb068 GetModuleHandleW 15297->15298 15299 16fb095 15298->15299 15299->15292 15303 16fae31 15300->15303 15301 16fae64 15301->15292 15302 16fb068 GetModuleHandleW 15304 16fb095 15302->15304 15303->15301 15303->15302 15304->15292 15305 16fd0b8 15306 16fd0fe GetCurrentProcess 15305->15306 15308 16fd149 15306->15308 15309 16fd150 GetCurrentThread 15306->15309 15308->15309 15310 16fd18d GetCurrentProcess 15309->15310 15311 16fd186 15309->15311 15312 16fd1c3 15310->15312 15311->15310 15313 16fd1eb GetCurrentThreadId 15312->15313 15314 16fd21c 15313->15314 15315 16fd300 DuplicateHandle 15316 16fd396 15315->15316

                              Executed Functions

                              Function 016FD0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 296 16fd0a8-16fd147 GetCurrentProcess 300 16fd149-16fd14f 296->300 301 16fd150-16fd184 GetCurrentThread 296->301 300->301 302 16fd18d-16fd1c1 GetCurrentProcess 301->302 303 16fd186-16fd18c 301->303 304 16fd1ca-16fd1e5 call 16fd289 302->304 305 16fd1c3-16fd1c9 302->305 303->302 309 16fd1eb-16fd21a GetCurrentThreadId 304->309 305->304 310 16fd21c-16fd222 309->310 311 16fd223-16fd285 309->311 310->311
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 016FD136
                              • GetCurrentThread.KERNEL32 ref: 016FD173
                              • GetCurrentProcess.KERNEL32 ref: 016FD1B0
                              • GetCurrentThreadId.KERNEL32 ref: 016FD209
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 528b931eb7c501339a628ccc2ba4487ba9383b2f806edea7325c1561a8bea18e
                              • Instruction ID: b828251e56a9477e28da00748502f62d28e6e0d3588a57d136704c17df4890f4
                              • Opcode Fuzzy Hash: 528b931eb7c501339a628ccc2ba4487ba9383b2f806edea7325c1561a8bea18e
                              • Instruction Fuzzy Hash: B15147B49002498FDB14DFA9D988BAEBBF5EF48314F20C05DE519A7360D738A944CF65
                              Function 016FD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 318 16fd0b8-16fd147 GetCurrentProcess 322 16fd149-16fd14f 318->322 323 16fd150-16fd184 GetCurrentThread 318->323 322->323 324 16fd18d-16fd1c1 GetCurrentProcess 323->324 325 16fd186-16fd18c 323->325 326 16fd1ca-16fd1e5 call 16fd289 324->326 327 16fd1c3-16fd1c9 324->327 325->324 331 16fd1eb-16fd21a GetCurrentThreadId 326->331 327->326 332 16fd21c-16fd222 331->332 333 16fd223-16fd285 331->333 332->333
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 016FD136
                              • GetCurrentThread.KERNEL32 ref: 016FD173
                              • GetCurrentProcess.KERNEL32 ref: 016FD1B0
                              • GetCurrentThreadId.KERNEL32 ref: 016FD209
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 1001063d60e53d4c4410302c3850c76e404a5e77da2654e475f5e3f5732a5a88
                              • Instruction ID: e13a28d707b8b0ddbf4dfb461c3787f2201f1bf2c9d16840264b49a53d869031
                              • Opcode Fuzzy Hash: 1001063d60e53d4c4410302c3850c76e404a5e77da2654e475f5e3f5732a5a88
                              • Instruction Fuzzy Hash: 445145B49002498FDB14DFA9D988BAEBBF5FF48314F20C059E519A7360D738A984CB65
                              Function 016FAE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 363 16fae30-16fae3f 365 16fae6b-16fae6f 363->365 366 16fae41-16fae4e call 16f9838 363->366 367 16fae83-16faec4 365->367 368 16fae71-16fae7b 365->368 373 16fae64 366->373 374 16fae50 366->374 375 16faec6-16faece 367->375 376 16faed1-16faedf 367->376 368->367 373->365 423 16fae56 call 16fb0c8 374->423 424 16fae56 call 16fb0b8 374->424 375->376 378 16faf03-16faf05 376->378 379 16faee1-16faee6 376->379 377 16fae5c-16fae5e 377->373 380 16fafa0-16fafb7 377->380 381 16faf08-16faf0f 378->381 382 16faee8-16faeef call 16fa814 379->382 383 16faef1 379->383 397 16fafb9-16fb018 380->397 384 16faf1c-16faf23 381->384 385 16faf11-16faf19 381->385 387 16faef3-16faf01 382->387 383->387 388 16faf25-16faf2d 384->388 389 16faf30-16faf39 call 16fa824 384->389 385->384 387->381 388->389 395 16faf3b-16faf43 389->395 396 16faf46-16faf4b 389->396 395->396 398 16faf4d-16faf54 396->398 399 16faf69-16faf76 396->399 415 16fb01a-16fb01c 397->415 398->399 400 16faf56-16faf66 call 16fa834 call 16fa844 398->400 404 16faf99-16faf9f 399->404 405 16faf78-16faf96 399->405 400->399 405->404 416 16fb01e-16fb046 415->416 417 16fb048-16fb060 415->417 416->417 418 16fb068-16fb093 GetModuleHandleW 417->418 419 16fb062-16fb065 417->419 420 16fb09c-16fb0b0 418->420 421 16fb095-16fb09b 418->421 419->418 421->420 423->377 424->377
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 016FB086
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 33f93885c08a5f0205868efd2b85f49f4073509ea17b161fba4f7a991d3cfa08
                              • Instruction ID: a1fdbe5d0afd5dffd0ff2698908290000befdf23986b2165371617165e09f3d5
                              • Opcode Fuzzy Hash: 33f93885c08a5f0205868efd2b85f49f4073509ea17b161fba4f7a991d3cfa08
                              • Instruction Fuzzy Hash: A88147B0A00B458FD724DF69D84075ABBF1FF48300F00892DD69A9BB51D775E84ACB91
                              Function 016F5935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 425 16f5935-16f593c 426 16f5944-16f5a01 CreateActCtxA 425->426 428 16f5a0a-16f5a64 426->428 429 16f5a03-16f5a09 426->429 436 16f5a66-16f5a69 428->436 437 16f5a73-16f5a77 428->437 429->428 436->437 438 16f5a79-16f5a85 437->438 439 16f5a88 437->439 438->439 441 16f5a89 439->441 441->441
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 016F59F1
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: e723a459b289c98787e5b18d631aafc6c44239831d2ee8ce18db0ae4769cce3f
                              • Instruction ID: d38e8212b80b6d305a5cf65917d9a8904ae8877bed79c223e2c624e99c0c8f8d
                              • Opcode Fuzzy Hash: e723a459b289c98787e5b18d631aafc6c44239831d2ee8ce18db0ae4769cce3f
                              • Instruction Fuzzy Hash: 70412EB0C00719CFDB24CFA9C884BCEBBB5BF49304F20806AD409AB255DB75694ACF90
                              Function 016F4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 442 16f4248-16f5a01 CreateActCtxA 445 16f5a0a-16f5a64 442->445 446 16f5a03-16f5a09 442->446 453 16f5a66-16f5a69 445->453 454 16f5a73-16f5a77 445->454 446->445 453->454 455 16f5a79-16f5a85 454->455 456 16f5a88 454->456 455->456 458 16f5a89 456->458 458->458
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 016F59F1
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: ed560f50b3a3b15da4cd7876f2e20836736ac6e54fe3f4ba868b9cb692db31f6
                              • Instruction ID: 68570ee5f060e5b7d2fce2133d6593a489e96f9cbe51d9b3bc64ecb5a47e9ef8
                              • Opcode Fuzzy Hash: ed560f50b3a3b15da4cd7876f2e20836736ac6e54fe3f4ba868b9cb692db31f6
                              • Instruction Fuzzy Hash: D241EFB0C00759CEDB24CFA9C884B9DBBB5FF49304F20806AD509AB255DB75694ACF91
                              Function 016FD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 459 16fd2f9-16fd394 DuplicateHandle 460 16fd39d-16fd3ba 459->460 461 16fd396-16fd39c 459->461 461->460
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016FD387
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 149704420b154431dea2e9ba3f20d22f045ac72a6c56078fd70dd78132bea9b7
                              • Instruction ID: f4e0eb7238975bc7c76047d3bd75eb0f3ccfa22b05d181c805eb508acf075487
                              • Opcode Fuzzy Hash: 149704420b154431dea2e9ba3f20d22f045ac72a6c56078fd70dd78132bea9b7
                              • Instruction Fuzzy Hash: C621B3B59002599FDB10CFAAD985AEEBBF5FB48310F14841AE918A7350C378A954CFA1
                              Function 016FD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 464 16fd300-16fd394 DuplicateHandle 465 16fd39d-16fd3ba 464->465 466 16fd396-16fd39c 464->466 466->465
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016FD387
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 94e6b0112619f8f96039068e4a8d71cc1343f34c2b222c56fb53f5ef757e5cd6
                              • Instruction ID: b8748ae692276d458c05bf2bec85cb6dee42d2abae93bae1acbb01612cdb83cd
                              • Opcode Fuzzy Hash: 94e6b0112619f8f96039068e4a8d71cc1343f34c2b222c56fb53f5ef757e5cd6
                              • Instruction Fuzzy Hash: 3821D5B59002499FDB10CF9AD984ADEFFF9FB48310F14841AE918A3350D378A954CFA5
                              Function 016FB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 469 16fb020-16fb060 470 16fb068-16fb093 GetModuleHandleW 469->470 471 16fb062-16fb065 469->471 472 16fb09c-16fb0b0 470->472 473 16fb095-16fb09b 470->473 471->470 473->472
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 016FB086
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3424126302.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_16f0000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 344210f97ccbd5e8cbb9d74b2b0f6a8525d2527db7126c504209aef513de4158
                              • Instruction ID: a8a7687acba33353b77c6d21d690c51c426c3356bcc98ab63913906417ed0a1c
                              • Opcode Fuzzy Hash: 344210f97ccbd5e8cbb9d74b2b0f6a8525d2527db7126c504209aef513de4158
                              • Instruction Fuzzy Hash: 8E11DFB5C003498FDB20DF9AC844A9EFBF5AB89220F10841AD929A7610C379A545CFA1
                              Function 0165D3D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3423081501.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_165d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 24b432f783b39eea27de3b735bf941382318ea97a65a3063dfe90497f83413b2
                              • Instruction ID: e56bf4290fe271bf909884c99eda42a67e1e9159a9334436fca4df8edaa553fc
                              • Opcode Fuzzy Hash: 24b432f783b39eea27de3b735bf941382318ea97a65a3063dfe90497f83413b2
                              • Instruction Fuzzy Hash: 43210371500204DFDB45DF98DDC0B6ABF65FB98324F20C569ED0A0B396C33AE456CAA2
                              Function 0166D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3423219242.000000000166D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_166d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9182b2246f679b40b2067bcb3bab9e25a42aa480e904123acd459970ea77d5b3
                              • Instruction ID: d06e57f2866a0aa2d76d4fbd0415cf77ad3060f87a7c7b667203ba2b0f6477af
                              • Opcode Fuzzy Hash: 9182b2246f679b40b2067bcb3bab9e25a42aa480e904123acd459970ea77d5b3
                              • Instruction Fuzzy Hash: 67210071604240DFCB15DF68D980B26BF69EB88314F20C569E98A0B396C33AD807CAA1
                              Function 0165D3D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3423081501.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_165d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction ID: 7bb9c046a92de325d79f95cb7234c29debedf57fc7c443478ac412307526f676
                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction Fuzzy Hash: 0611CD72404240DFDB06CF44D9C4B56BF62FB84224F24C6A9DD490A296C33AE45ACBA2
                              Function 0166D017 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3423219242.000000000166D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_166d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                              • Instruction ID: 4a18bad06dab31834f0b2a709523a986c0f4abbfec88d75a091562f93fd71995
                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                              • Instruction Fuzzy Hash: 5311BE75604280CFDB12CF54D9C4B15BF61FB88314F24C6A9D8494B756C33AD40ACB62
                              Function 0165D5F3 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3423081501.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_165d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 836b8b27544d3e9a89d5785d2892bfe45b57826e66407328201782588752d138
                              • Instruction ID: 8a7c1db79191fb7799786acb6fefff54255f2087abea718c136c9c6e166e9486
                              • Opcode Fuzzy Hash: 836b8b27544d3e9a89d5785d2892bfe45b57826e66407328201782588752d138
                              • Instruction Fuzzy Hash: E2F0E776200650AF9720CF4AD884C27FBADEBD4670719C55AED4A4B756C671E842CAA0
                              Function 0165D5E4 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.3423081501.000000000165D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_165d000_Request for Tender Quotation.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bbcc0a811e0d3cc3f8334d6f9c7bc92770116144eda762d806d4e217e5edf069
                              • Instruction ID: 3aeb34711fe32dc7307a9045ee90671ec96619cb6486d61b900c1f5fb5c52788
                              • Opcode Fuzzy Hash: bbcc0a811e0d3cc3f8334d6f9c7bc92770116144eda762d806d4e217e5edf069
                              • Instruction Fuzzy Hash: 02F03C75104680AFD325CF45CC94C22BFB9EF85660B198489EC8A4B362C631FC42CB70

                              Execution Graph

                              Execution Coverage:11.5%
                              Dynamic/Decrypted Code Coverage:98.8%
                              Signature Coverage:0%
                              Total number of Nodes:242
                              Total number of Limit Nodes:14
                              execution_graph 33061 7638c40 33062 7638a8c 33061->33062 33063 7638bc7 33062->33063 33067 763ac6a 33062->33067 33085 763ac18 33062->33085 33102 763ac08 33062->33102 33063->33063 33068 763ac21 33067->33068 33070 763ac77 33067->33070 33069 763ac3a 33068->33069 33119 763b063 33068->33119 33124 763b1ff 33068->33124 33128 763b238 33068->33128 33131 763b5b9 33068->33131 33136 763b1b9 33068->33136 33141 763b26c 33068->33141 33146 763b02f 33068->33146 33151 763b34f 33068->33151 33159 763b30b 33068->33159 33163 763b746 33068->33163 33168 763b1e1 33068->33168 33174 763b7c1 33068->33174 33179 763b1a1 33068->33179 33184 763b842 33068->33184 33069->33063 33070->33063 33086 763ac32 33085->33086 33087 763ac3a 33086->33087 33088 763b063 2 API calls 33086->33088 33089 763b842 2 API calls 33086->33089 33090 763b1a1 2 API calls 33086->33090 33091 763b7c1 2 API calls 33086->33091 33092 763b1e1 2 API calls 33086->33092 33093 763b746 2 API calls 33086->33093 33094 763b30b 2 API calls 33086->33094 33095 763b34f 4 API calls 33086->33095 33096 763b02f 2 API calls 33086->33096 33097 763b26c 2 API calls 33086->33097 33098 763b1b9 2 API calls 33086->33098 33099 763b5b9 2 API calls 33086->33099 33100 763b238 VirtualAllocEx 33086->33100 33101 763b1ff 2 API calls 33086->33101 33087->33063 33088->33087 33089->33087 33090->33087 33091->33087 33092->33087 33093->33087 33094->33087 33095->33087 33096->33087 33097->33087 33098->33087 33099->33087 33100->33087 33101->33087 33103 763ac32 33102->33103 33104 763b063 2 API calls 33103->33104 33105 763b842 2 API calls 33103->33105 33106 763b1a1 2 API calls 33103->33106 33107 763b7c1 2 API calls 33103->33107 33108 763b1e1 2 API calls 33103->33108 33109 763b746 2 API calls 33103->33109 33110 763ac3a 33103->33110 33111 763b30b 2 API calls 33103->33111 33112 763b34f 4 API calls 33103->33112 33113 763b02f 2 API calls 33103->33113 33114 763b26c 2 API calls 33103->33114 33115 763b1b9 2 API calls 33103->33115 33116 763b5b9 2 API calls 33103->33116 33117 763b238 VirtualAllocEx 33103->33117 33118 763b1ff 2 API calls 33103->33118 33104->33110 33105->33110 33106->33110 33107->33110 33108->33110 33109->33110 33110->33063 33111->33110 33112->33110 33113->33110 33114->33110 33115->33110 33116->33110 33117->33110 33118->33110 33120 763b075 33119->33120 33189 7638670 33120->33189 33193 7638664 33120->33193 33197 7637e17 33124->33197 33201 7637e18 33124->33201 33125 763b219 33205 7638328 33128->33205 33132 763b5df 33131->33132 33209 7637d60 33132->33209 33213 7637d68 33132->33213 33133 763b8d3 33137 763b1c9 33136->33137 33217 76383e0 33137->33217 33221 76383e8 33137->33221 33138 763bae3 33142 763b1fe 33141->33142 33144 7637e17 Wow64SetThreadContext 33142->33144 33145 7637e18 Wow64SetThreadContext 33142->33145 33143 763b219 33144->33143 33145->33143 33147 763b035 33146->33147 33149 7638670 CreateProcessA 33147->33149 33150 7638664 CreateProcessA 33147->33150 33148 763b100 33148->33069 33149->33148 33150->33148 33225 763bd60 33151->33225 33230 763bd9a 33151->33230 33237 763bd50 33151->33237 33152 763b367 33154 7637d60 ResumeThread 33152->33154 33155 7637d68 ResumeThread 33152->33155 33153 763b8d3 33154->33153 33155->33153 33161 76383e0 WriteProcessMemory 33159->33161 33162 76383e8 WriteProcessMemory 33159->33162 33160 763b14d 33160->33069 33161->33160 33162->33160 33164 763b74c 33163->33164 33166 76383e0 WriteProcessMemory 33164->33166 33167 76383e8 WriteProcessMemory 33164->33167 33165 763b77e 33166->33165 33167->33165 33169 763b1ee 33168->33169 33171 763b14d 33169->33171 33172 76383e0 WriteProcessMemory 33169->33172 33173 76383e8 WriteProcessMemory 33169->33173 33170 763b77e 33171->33069 33172->33170 33173->33170 33175 763b420 33174->33175 33175->33174 33176 763b9aa 33175->33176 33243 76384d0 33175->33243 33247 76384d8 33175->33247 33176->33069 33180 763b1b2 33179->33180 33182 7637d60 ResumeThread 33180->33182 33183 7637d68 ResumeThread 33180->33183 33181 763b8d3 33182->33181 33183->33181 33185 763b420 33184->33185 33186 763b9aa 33185->33186 33187 76384d0 ReadProcessMemory 33185->33187 33188 76384d8 ReadProcessMemory 33185->33188 33186->33069 33187->33185 33188->33185 33190 76386f9 33189->33190 33190->33190 33191 763885e CreateProcessA 33190->33191 33192 76388bb 33191->33192 33194 7638670 33193->33194 33194->33194 33195 763885e CreateProcessA 33194->33195 33196 76388bb 33195->33196 33198 7637e5d Wow64SetThreadContext 33197->33198 33200 7637ea5 33198->33200 33200->33125 33202 7637e5d Wow64SetThreadContext 33201->33202 33204 7637ea5 33202->33204 33204->33125 33206 7638368 VirtualAllocEx 33205->33206 33208 76383a5 33206->33208 33210 7637da8 ResumeThread 33209->33210 33212 7637dd9 33210->33212 33212->33133 33214 7637da8 ResumeThread 33213->33214 33216 7637dd9 33214->33216 33216->33133 33218 76383e8 WriteProcessMemory 33217->33218 33220 7638487 33218->33220 33220->33138 33222 7638430 WriteProcessMemory 33221->33222 33224 7638487 33222->33224 33224->33138 33226 763bd75 33225->33226 33228 7637e17 Wow64SetThreadContext 33226->33228 33229 7637e18 Wow64SetThreadContext 33226->33229 33227 763bd8b 33227->33152 33228->33227 33229->33227 33231 763bd51 33230->33231 33232 763bda7 33230->33232 33233 763bced 33231->33233 33235 7637e17 Wow64SetThreadContext 33231->33235 33236 7637e18 Wow64SetThreadContext 33231->33236 33232->33152 33233->33152 33234 763bd8b 33234->33152 33235->33234 33236->33234 33238 763bd51 33237->33238 33239 763bced 33238->33239 33241 7637e17 Wow64SetThreadContext 33238->33241 33242 7637e18 Wow64SetThreadContext 33238->33242 33239->33152 33240 763bd8b 33240->33152 33241->33240 33242->33240 33244 76384d8 ReadProcessMemory 33243->33244 33246 7638567 33244->33246 33246->33175 33248 7638523 ReadProcessMemory 33247->33248 33250 7638567 33248->33250 33250->33175 33251 54d4d68 33252 54d4db4 33251->33252 33253 54d5735 GetFocus 33252->33253 33254 54d4e05 33252->33254 33253->33254 33286 147ea80 33287 147eac6 GetCurrentProcess 33286->33287 33289 147eb11 33287->33289 33290 147eb18 GetCurrentThread 33287->33290 33289->33290 33291 147eb55 GetCurrentProcess 33290->33291 33292 147eb4e 33290->33292 33293 147eb8b GetCurrentThreadId 33291->33293 33292->33291 33295 147ebe4 33293->33295 33276 7638ad9 33277 7638a8c 33276->33277 33278 7638bc7 33277->33278 33279 763ac6a 11 API calls 33277->33279 33280 763ac08 11 API calls 33277->33280 33281 763ac18 11 API calls 33277->33281 33279->33278 33280->33278 33281->33278 33057 54d33d0 33058 54d3438 CreateWindowExW 33057->33058 33060 54d34f4 33058->33060 32992 112d01c 32993 112d034 32992->32993 32994 112d08e 32993->32994 32999 54d280c 32993->32999 33008 54d42e8 32993->33008 33017 54d3588 32993->33017 33021 54d3579 32993->33021 33000 54d2817 32999->33000 33001 54d4359 33000->33001 33003 54d4349 33000->33003 33004 54d4357 33001->33004 33041 54d2934 33001->33041 33025 54d454c 33003->33025 33031 54d4480 33003->33031 33036 54d4470 33003->33036 33010 54d42f8 33008->33010 33009 54d4359 33011 54d2934 CallWindowProcW 33009->33011 33012 54d4357 33009->33012 33010->33009 33013 54d4349 33010->33013 33011->33012 33014 54d454c CallWindowProcW 33013->33014 33015 54d4470 CallWindowProcW 33013->33015 33016 54d4480 CallWindowProcW 33013->33016 33014->33012 33015->33012 33016->33012 33018 54d35ae 33017->33018 33019 54d280c CallWindowProcW 33018->33019 33020 54d35cf 33019->33020 33020->32994 33022 54d3588 33021->33022 33023 54d280c CallWindowProcW 33022->33023 33024 54d35cf 33023->33024 33024->32994 33026 54d450a 33025->33026 33027 54d455a 33025->33027 33045 54d4529 33026->33045 33049 54d4538 33026->33049 33028 54d4520 33028->33004 33033 54d4494 33031->33033 33032 54d4520 33032->33004 33034 54d4529 CallWindowProcW 33033->33034 33035 54d4538 CallWindowProcW 33033->33035 33034->33032 33035->33032 33038 54d4494 33036->33038 33037 54d4520 33037->33004 33039 54d4529 CallWindowProcW 33038->33039 33040 54d4538 CallWindowProcW 33038->33040 33039->33037 33040->33037 33042 54d293f 33041->33042 33043 54d59e9 33042->33043 33044 54d5a3a CallWindowProcW 33042->33044 33043->33004 33044->33043 33046 54d4538 33045->33046 33048 54d4549 33046->33048 33052 54d5971 33046->33052 33048->33028 33050 54d4549 33049->33050 33051 54d5971 CallWindowProcW 33049->33051 33050->33028 33051->33050 33053 54d2934 CallWindowProcW 33052->33053 33054 54d598a 33053->33054 33054->33048 33055 147ecc8 DuplicateHandle 33056 147ed5e 33055->33056 33255 1474668 33256 147467a 33255->33256 33257 1474686 33256->33257 33259 1474b78 33256->33259 33260 1474b9d 33259->33260 33264 1474c78 33260->33264 33268 1474c88 33260->33268 33266 1474caf 33264->33266 33265 1474d8c 33265->33265 33266->33265 33272 147486c 33266->33272 33269 1474caf 33268->33269 33270 1474d8c 33269->33270 33271 147486c CreateActCtxA 33269->33271 33271->33270 33273 1475d18 CreateActCtxA 33272->33273 33275 1475ddb 33273->33275 33275->33275 33282 147d2f8 33283 147d340 GetModuleHandleW 33282->33283 33284 147d33a 33282->33284 33285 147d36d 33283->33285 33284->33283

                              Executed Functions

                              Function 0147EA80 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 661 147ea80-147eb0f GetCurrentProcess 665 147eb11-147eb17 661->665 666 147eb18-147eb4c GetCurrentThread 661->666 665->666 667 147eb55-147eb89 GetCurrentProcess 666->667 668 147eb4e-147eb54 666->668 669 147eb92-147ebaa 667->669 670 147eb8b-147eb91 667->670 668->667 674 147ebb3-147ebe2 GetCurrentThreadId 669->674 670->669 675 147ebe4-147ebea 674->675 676 147ebeb-147ec4d 674->676 675->676
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 0147EAFE
                              • GetCurrentThread.KERNEL32 ref: 0147EB3B
                              • GetCurrentProcess.KERNEL32 ref: 0147EB78
                              • GetCurrentThreadId.KERNEL32 ref: 0147EBD1
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2290264556.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_1470000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: c0dad1c6f4dceba86c3c5114bbbf2dd13817baa7fbc998433c581aeeb126a0e1
                              • Instruction ID: 8088b5e3f6986e5108bd12eed2534c787a986e670d55e1ddb4343f94f509b5da
                              • Opcode Fuzzy Hash: c0dad1c6f4dceba86c3c5114bbbf2dd13817baa7fbc998433c581aeeb126a0e1
                              • Instruction Fuzzy Hash: CF5154B09002098FDB14DFA9D548BEEBFF5FF88314F20849AE109A7360D778A944CB65
                              Function 054D4D68 Relevance: 2.0, APIs: 1, Instructions: 508COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2293039902.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_54d0000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 559aba86c81835aac7b2649fba30f14ba7c1711a4516d7d085c9a0206d8e4dc8
                              • Instruction ID: 10a153015834fc393e51f9f0218a4947fe294886d5da7a38d424df632ffa3fe6
                              • Opcode Fuzzy Hash: 559aba86c81835aac7b2649fba30f14ba7c1711a4516d7d085c9a0206d8e4dc8
                              • Instruction Fuzzy Hash: B5221D74E04205CBDB14DB58C5A8AFEFBB3BB84311F248197E815A7364DB749882CB71
                              Function 07638664 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1233 7638664-7638705 1236 7638707-7638711 1233->1236 1237 763873e-763875e 1233->1237 1236->1237 1238 7638713-7638715 1236->1238 1244 7638760-763876a 1237->1244 1245 7638797-76387c6 1237->1245 1239 7638717-7638721 1238->1239 1240 7638738-763873b 1238->1240 1242 7638723 1239->1242 1243 7638725-7638734 1239->1243 1240->1237 1242->1243 1243->1243 1246 7638736 1243->1246 1244->1245 1247 763876c-763876e 1244->1247 1251 76387c8-76387d2 1245->1251 1252 76387ff-76388b9 CreateProcessA 1245->1252 1246->1240 1249 7638791-7638794 1247->1249 1250 7638770-763877a 1247->1250 1249->1245 1253 763877e-763878d 1250->1253 1254 763877c 1250->1254 1251->1252 1256 76387d4-76387d6 1251->1256 1265 76388c2-7638948 1252->1265 1266 76388bb-76388c1 1252->1266 1253->1253 1255 763878f 1253->1255 1254->1253 1255->1249 1257 76387f9-76387fc 1256->1257 1258 76387d8-76387e2 1256->1258 1257->1252 1260 76387e6-76387f5 1258->1260 1261 76387e4 1258->1261 1260->1260 1263 76387f7 1260->1263 1261->1260 1263->1257 1276 763894a-763894e 1265->1276 1277 7638958-763895c 1265->1277 1266->1265 1276->1277 1278 7638950 1276->1278 1279 763895e-7638962 1277->1279 1280 763896c-7638970 1277->1280 1278->1277 1279->1280 1281 7638964 1279->1281 1282 7638972-7638976 1280->1282 1283 7638980-7638984 1280->1283 1281->1280 1282->1283 1284 7638978 1282->1284 1285 7638996-763899d 1283->1285 1286 7638986-763898c 1283->1286 1284->1283 1287 76389b4 1285->1287 1288 763899f-76389ae 1285->1288 1286->1285 1290 76389b5 1287->1290 1288->1287 1290->1290
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076388A6
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: e634f39ef6c1159e5153a2a875019e46715b49adec66afb7990c65d89de2e441
                              • Instruction ID: 7c4fcd0dbeb2f64359753275988a6c9c942d8b2f0153fdc8294729fa4be2348f
                              • Opcode Fuzzy Hash: e634f39ef6c1159e5153a2a875019e46715b49adec66afb7990c65d89de2e441
                              • Instruction Fuzzy Hash: 6DA15CB1D0021ACFDB24DF69C844BEDBBB2BF44314F148569E809A7390DB759985CFA2
                              Function 07638670 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                              Download Yara Rule
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076388A6
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 9f574080fe9a2ffab6f97cd3faaa8504ee6c27fc72a927fc5dac0e5a0dd8c40b
                              • Instruction ID: 2c5ddb036569feeb481f2615c8226b87334812807e0023c3ea6bc8e76b63cd90
                              • Opcode Fuzzy Hash: 9f574080fe9a2ffab6f97cd3faaa8504ee6c27fc72a927fc5dac0e5a0dd8c40b
                              • Instruction Fuzzy Hash: F2914BB1D0021ACFDB24DF69C840BEDBBB2BF44314F148569E809A7290DB759985CFA2
                              Function 054D33D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 054D34E2
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2293039902.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_54d0000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: e78001e36706417bedff0fe3b568c99c8b43c635511389a6b04caf6c0f5bca05
                              • Instruction ID: 5c317674b68a7129e01f41e2806f5ee583b7ffa15fe9cb0f859ae26b70e5e799
                              • Opcode Fuzzy Hash: e78001e36706417bedff0fe3b568c99c8b43c635511389a6b04caf6c0f5bca05
                              • Instruction Fuzzy Hash: DE41B0B1D00349DFDB14CF99C894ADEFBB5BF48310F24852AE819AB250D775A845CF91
                              Function 054D33CE Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                              Download Yara Rule
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 054D34E2
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2293039902.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_54d0000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 4257a296745f61dccd00902e424c05b22119c40eb08a9b22eedef59a8a2bd1f9
                              • Instruction ID: c252c791b5cc9162e8092300db3af9e44c56e70329e68e7a9dda175edf4f62ea
                              • Opcode Fuzzy Hash: 4257a296745f61dccd00902e424c05b22119c40eb08a9b22eedef59a8a2bd1f9
                              • Instruction Fuzzy Hash: 0E41D0B1D00309DFDB14CF99C994ADEFBB5BF48300F24852AE819AB250D774A885CF91
                              Function 01475D0D Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                              Download Yara Rule
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 01475DC9
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2290264556.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_1470000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 1438faf877f64c110bedda486b4da8d8fb7e38900aca8ffafa3e7d1d4ad4e704
                              • Instruction ID: 86426dc7ba3b3f7c18bb6f3878052deeb6b33ae196c4178fb9962121a0faa3ef
                              • Opcode Fuzzy Hash: 1438faf877f64c110bedda486b4da8d8fb7e38900aca8ffafa3e7d1d4ad4e704
                              • Instruction Fuzzy Hash: 834102B0C00719CFDB24DFA9C844BDEBBB2BF49304F24805AD449AB265DB755946CF91
                              Function 054D2934 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 054D5A61
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2293039902.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_54d0000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: 04dc3a0dfb722897b5fff11cd83e7548459859d92a66cec4af695786ae5b1640
                              • Instruction ID: 46dc2fa539ae39b67210ee7e09f5bbd7763ad26f52dc6ea6e6b30cb9642afde3
                              • Opcode Fuzzy Hash: 04dc3a0dfb722897b5fff11cd83e7548459859d92a66cec4af695786ae5b1640
                              • Instruction Fuzzy Hash: 564109B5A002198FDB14DF99C498AEAFBF6FF88314F14C499D519AB321D774A841CFA0
                              Function 0147486C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 01475DC9
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2290264556.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_1470000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: cbd65789179d7f3c09d98ad4f33e7be03f270e2b09fb0e17d68e3678267c719e
                              • Instruction ID: 87c27b71d76106510e6d67e38e519b2a3d3a501863cedbd98d3cba151e7891c8
                              • Opcode Fuzzy Hash: cbd65789179d7f3c09d98ad4f33e7be03f270e2b09fb0e17d68e3678267c719e
                              • Instruction Fuzzy Hash: E441F3B0C00719CBDB24DFA9C848BDEBBB5BF48704F20846AD409AB265DB755946CF91
                              Function 076383E0 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07638478
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 4420e1b7a5566ffe0b8f21beed4fba734e080fdc1964f2a3018cd1b9c573a72f
                              • Instruction ID: c315526a82695bae6cd2c5c06a80a9dd0b727a57eec19097b6a3e4b008932d0b
                              • Opcode Fuzzy Hash: 4420e1b7a5566ffe0b8f21beed4fba734e080fdc1964f2a3018cd1b9c573a72f
                              • Instruction Fuzzy Hash: EB2135B19003599FDB10DFA9C881BEEBBF5FF48310F14842AE919A7241C7789944CBA1
                              Function 076383E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07638478
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 9b538d7062c734ab4b4764ba69bc60f56e703e64af14d4cb92927610451989df
                              • Instruction ID: 15359e04c86bd55a07e015c9b220f9105fd857bbdc8519276d6cf6ea8b67cfe9
                              • Opcode Fuzzy Hash: 9b538d7062c734ab4b4764ba69bc60f56e703e64af14d4cb92927610451989df
                              • Instruction Fuzzy Hash: D12125B19003099FDB10DFAAC885BEEBBF5FF48310F10842AE919A7241D7789944CBA1
                              Function 076384D0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07638558
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 259d4cf7e0875d58186acd38b3d1e68cb93df7c410ecd1479a75c40eae7821e6
                              • Instruction ID: 15aa00f2bef322039bfdea0e088711ec2546dc5b525d83a849f39ceafedb73dc
                              • Opcode Fuzzy Hash: 259d4cf7e0875d58186acd38b3d1e68cb93df7c410ecd1479a75c40eae7821e6
                              • Instruction Fuzzy Hash: 222139B1C003599FDB10DFAAC841AEEFBF5FF48320F10842AE519A7240D7389541DBA5
                              Function 076384D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                              Download Yara Rule
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07638558
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: de758407e6ed764e3bc8f31d4213e19ba7ffb8c9a0cbb9cc9db0696b89cdabf2
                              • Instruction ID: 7817e90dca2db9f5386670994e4cd1681a754042d887b3439bce299db115446d
                              • Opcode Fuzzy Hash: de758407e6ed764e3bc8f31d4213e19ba7ffb8c9a0cbb9cc9db0696b89cdabf2
                              • Instruction Fuzzy Hash: F02139B1C003499FCB10DFAAC840AEEFBF5FF48310F10842AE519A7240C7389541CBA0
                              Function 07637E18 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07637E96
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: a565b736d7f2200d3db7be342274eafad282202da7afa7bf80b490fbd5d42771
                              • Instruction ID: 9dc4ba5d108cf917014b38e3eb64fb787d0433d5017ab8ada75d3963b2f27eec
                              • Opcode Fuzzy Hash: a565b736d7f2200d3db7be342274eafad282202da7afa7bf80b490fbd5d42771
                              • Instruction Fuzzy Hash: 792135B1D003098FDB10DFAAC4857EEBBF4EF88310F10842AD419A7240CB78A945CFA0
                              Function 0147ECC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0147ED4F
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2290264556.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_1470000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 5db1064d4a96cb2f1346b6d7e3f254d405aeef93dbfea619954a162020846efa
                              • Instruction ID: d1b4668ca868ae2592352a823fa59e8e3cc2d01dc71b4ead284dcf4d0b4581b2
                              • Opcode Fuzzy Hash: 5db1064d4a96cb2f1346b6d7e3f254d405aeef93dbfea619954a162020846efa
                              • Instruction Fuzzy Hash: C521C4B59002499FDB10CF9AD584ADEFFF9FB48310F14845AE918A3350D378A944CFA5
                              Function 07637E17 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                              Download Yara Rule
                              APIs
                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07637E96
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: 48e60e400baa5dd5e4164b63fa0f2639a296bf63e05f4c2057d4e921a7275798
                              • Instruction ID: 069fa3b225003d15be646d6892c49b16fd9a25911c78b53c66b5d7ea709d77c5
                              • Opcode Fuzzy Hash: 48e60e400baa5dd5e4164b63fa0f2639a296bf63e05f4c2057d4e921a7275798
                              • Instruction Fuzzy Hash: FA2133B2D002098FDB10DFAAC5857EEBBF4AF48310F14882AD419A7240CB789985CFA0
                              Function 07638328 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07638396
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: b349d570c92ede85062ab810bed1e76af2db666657d743ab332337af808a76af
                              • Instruction ID: 14fc5bb8894c323925ee0501c17c736a6baa21f196399638106d9d39a316c7f2
                              • Opcode Fuzzy Hash: b349d570c92ede85062ab810bed1e76af2db666657d743ab332337af808a76af
                              • Instruction Fuzzy Hash: 221126B18002499FDB10DFAAC844AEEBFF5EF88310F108819E519A7250CB79A540CBA0
                              Function 07637D60 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 8ccbeadf89df740db68b469881014cdd5698ebb6edbb5577e6a8a94fb4b13e4b
                              • Instruction ID: 0d3f55a445cffe3f69b3c36e2fc34533ef3d78fd29cb0094e78c591abbfb2869
                              • Opcode Fuzzy Hash: 8ccbeadf89df740db68b469881014cdd5698ebb6edbb5577e6a8a94fb4b13e4b
                              • Instruction Fuzzy Hash: 911128B5D002098BDB10DFA9C5457EEFBF5AF88314F24881AD559A7240CB39A945CBA4
                              Function 07637D68 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2294108719.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7630000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: e0e60af99be7a5bc09be0a2fcc980656a4d2faf0dc12f858686cd5c59271054a
                              • Instruction ID: 5855a3003f0bbe33e74680df665c077d3d387d4c3cac91a2d6fdddd2132b1519
                              • Opcode Fuzzy Hash: e0e60af99be7a5bc09be0a2fcc980656a4d2faf0dc12f858686cd5c59271054a
                              • Instruction Fuzzy Hash: 37113AB1D003498FDB10DFAAC4457EEFBF5EF88314F208819D519A7240CB79A544CBA4
                              Function 0147D2F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0147D35E
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2290264556.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_1470000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: a7575ee26d19d4f50f80019bdf6db05cba53fc159797fbae13786d690a28142e
                              • Instruction ID: d249035b0a6c1ef67207e09b04d54ca9ab9296fbccc383181d0ee286211e9746
                              • Opcode Fuzzy Hash: a7575ee26d19d4f50f80019bdf6db05cba53fc159797fbae13786d690a28142e
                              • Instruction Fuzzy Hash: E211DFB5C006498FDB10DF9AC444ADEFBF8EF88224F10841AD519A7210D379A545CFA1
                              Function 0111D4A0 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2289286866.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_111d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e3840f32cc4997161755f009f50fd0d95d4e3f64ae57a293c434f57c7b0a0b7e
                              • Instruction ID: ac1f2a2ebd6ae64d2a090e5418f35325d9e23b581f9d7416651905fbf1e7047e
                              • Opcode Fuzzy Hash: e3840f32cc4997161755f009f50fd0d95d4e3f64ae57a293c434f57c7b0a0b7e
                              • Instruction Fuzzy Hash: 0A210671544200DFDF09DF98E9C8B26FF65FB88314F20C579E9090A25AC33AD415C7A2
                              Function 0112D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2289339895.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_112d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c8ff20d1c075f5408da7b44870e06f8330b0e29902ba50beb2c8cdfc8bc2656
                              • Instruction ID: 439c3efe7bacfe567e560672278ec90e3419718467b752c2714017cf7d897f69
                              • Opcode Fuzzy Hash: 1c8ff20d1c075f5408da7b44870e06f8330b0e29902ba50beb2c8cdfc8bc2656
                              • Instruction Fuzzy Hash: EE210371504240DFCF19DF68E580B16BF65EB84314F20C569D9090B266C33ED416CA66
                              Function 0112D006 Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2289339895.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_112d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8ebea6401b9960e6cc02afad0f893791f186d13f90b2aad40e464552bed644b4
                              • Instruction ID: e1b7ef85357c2d7e1579e7661b7e1377717fe45186244d8e175249061986d70e
                              • Opcode Fuzzy Hash: 8ebea6401b9960e6cc02afad0f893791f186d13f90b2aad40e464552bed644b4
                              • Instruction Fuzzy Hash: 402192755083809FCB07CF64D994715BF71EF4A214F28C5DAD8898F2A7C33A981ACB62
                              Function 0111D49B Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.2289286866.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_111d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction ID: 0e1a903f2e7f0d57bba03b40f138e2748518a4f424c96ec6d2d61123bc25161c
                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction Fuzzy Hash: 8F119D76504240CFDF16CF58D5C4B16BF71FB84324F2486A9D9094A25BC336D45ADBA2

                              Execution Graph

                              Execution Coverage:8.8%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:85
                              Total number of Limit Nodes:6
                              execution_graph 28422 182d01c 28423 182d034 28422->28423 28424 182d08e 28423->28424 28427 57c2c08 28423->28427 28436 57c0ad4 28423->28436 28428 57c2c0c 28427->28428 28429 57c2c79 28428->28429 28431 57c2c69 28428->28431 28461 57c0bfc 28429->28461 28445 57c2e6c 28431->28445 28451 57c2da0 28431->28451 28456 57c2d90 28431->28456 28432 57c2c77 28438 57c0adf 28436->28438 28437 57c2c79 28439 57c0bfc CallWindowProcW 28437->28439 28438->28437 28440 57c2c69 28438->28440 28441 57c2c77 28439->28441 28442 57c2e6c CallWindowProcW 28440->28442 28443 57c2da0 CallWindowProcW 28440->28443 28444 57c2d90 CallWindowProcW 28440->28444 28442->28441 28443->28441 28444->28441 28446 57c2e2a 28445->28446 28447 57c2e7a 28445->28447 28465 57c2e58 28446->28465 28469 57c2e48 28446->28469 28448 57c2e40 28448->28432 28453 57c2da1 28451->28453 28452 57c2e40 28452->28432 28454 57c2e58 CallWindowProcW 28453->28454 28455 57c2e48 CallWindowProcW 28453->28455 28454->28452 28455->28452 28457 57c2d94 28456->28457 28459 57c2e58 CallWindowProcW 28457->28459 28460 57c2e48 CallWindowProcW 28457->28460 28458 57c2e40 28458->28432 28459->28458 28460->28458 28462 57c0c07 28461->28462 28463 57c4309 28462->28463 28464 57c435a CallWindowProcW 28462->28464 28463->28432 28464->28463 28466 57c2e59 28465->28466 28467 57c2e69 28466->28467 28473 57c429b 28466->28473 28467->28448 28470 57c2e4c 28469->28470 28471 57c2e69 28470->28471 28472 57c429b CallWindowProcW 28470->28472 28471->28448 28472->28471 28474 57c0bfc CallWindowProcW 28473->28474 28475 57c42aa 28474->28475 28475->28467 28401 1874668 28402 1874669 28401->28402 28403 1874696 28402->28403 28405 18747a0 28402->28405 28406 18747a4 28405->28406 28410 18748a1 28406->28410 28414 18748b0 28406->28414 28411 18748a4 28410->28411 28412 18749b4 28411->28412 28418 1874248 28411->28418 28415 18748b1 28414->28415 28416 18749b4 28415->28416 28417 1874248 CreateActCtxA 28415->28417 28417->28416 28419 1875940 CreateActCtxA 28418->28419 28421 1875a03 28419->28421 28476 187d0b8 28477 187d0bd 28476->28477 28481 187d298 28477->28481 28485 187d289 28477->28485 28478 187d1eb 28482 187d29d 28481->28482 28489 187c9a0 28482->28489 28486 187d298 28485->28486 28487 187c9a0 DuplicateHandle 28486->28487 28488 187d2c6 28487->28488 28488->28478 28490 187d300 DuplicateHandle 28489->28490 28492 187d2c6 28490->28492 28492->28478 28493 187ad38 28494 187ad39 28493->28494 28498 187ae20 28494->28498 28503 187ae30 28494->28503 28495 187ad47 28500 187ae24 28498->28500 28499 187ae64 28499->28495 28500->28499 28501 187b068 GetModuleHandleW 28500->28501 28502 187b095 28501->28502 28502->28495 28505 187ae31 28503->28505 28504 187ae64 28504->28495 28505->28504 28506 187b068 GetModuleHandleW 28505->28506 28507 187b095 28506->28507 28507->28495

                              Executed Functions

                              Function 0187AE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 742 187ae30-187ae3f 745 187ae41-187ae4e call 1879838 742->745 746 187ae6b-187ae6f 742->746 751 187ae64 745->751 752 187ae50 745->752 747 187ae83-187aec4 746->747 748 187ae71-187ae7b 746->748 755 187aec6-187aece 747->755 756 187aed1-187aedf 747->756 748->747 751->746 807 187ae56 call 187b0b8 752->807 808 187ae56 call 187b0c8 752->808 755->756 758 187af03-187af05 756->758 759 187aee1-187aee6 756->759 757 187ae5c-187ae5e 757->751 762 187afa0-187afb7 757->762 763 187af08-187af0f 758->763 760 187aef1 759->760 761 187aee8-187aeef call 187a814 759->761 767 187aef3-187af01 760->767 761->767 775 187afb9-187b018 762->775 765 187af11-187af19 763->765 766 187af1c-187af23 763->766 765->766 770 187af25-187af2d 766->770 771 187af30-187af39 call 187a824 766->771 767->763 770->771 776 187af46-187af4b 771->776 777 187af3b-187af43 771->777 795 187b01a 775->795 778 187af4d-187af54 776->778 779 187af69-187af76 776->779 777->776 778->779 781 187af56-187af66 call 187a834 call 187a844 778->781 785 187af99-187af9f 779->785 786 187af78-187af96 779->786 781->779 786->785 796 187b021-187b024 795->796 797 187b01c 795->797 800 187b025-187b046 796->800 798 187b01e 797->798 799 187b048-187b060 797->799 798->800 801 187b020 798->801 802 187b062-187b065 799->802 803 187b068-187b093 GetModuleHandleW 799->803 800->799 801->796 802->803 804 187b095-187b09b 803->804 805 187b09c-187b0b0 803->805 804->805 807->757 808->757
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0187B086
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424811804.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_1870000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 5a6fb1949c43ae93a97ed7d6a8fe3b1b8818849f63da5534ae37dcad0681e9f8
                              • Instruction ID: 064c065be9fd697d7a198499b83901b3cedd713df0d70df002efeb007d3de208
                              • Opcode Fuzzy Hash: 5a6fb1949c43ae93a97ed7d6a8fe3b1b8818849f63da5534ae37dcad0681e9f8
                              • Instruction Fuzzy Hash: 9B8156B0A00B058FD728DF29D0447AABBF5FF88304F04892ED59AD7A51D735EA49CB91
                              Function 01875935 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 809 1875935-1875936 810 187593d 809->810 811 1875938-187593a 809->811 812 1875941-1875a01 CreateActCtxA 810->812 811->812 813 187593c 811->813 815 1875a03-1875a09 812->815 816 1875a0a-1875a64 812->816 813->810 815->816 823 1875a66-1875a69 816->823 824 1875a73-1875a77 816->824 823->824 825 1875a79-1875a85 824->825 826 1875a88 824->826 825->826 828 1875a89 826->828 828->828
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 018759F1
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424811804.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_1870000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 44b16d35ed5ab7ebf0fd83c7e5fad132c0477a9407bed93f7cf6593b2270efd8
                              • Instruction ID: af4b4e4db5125e20e87f422c1e1a7c61b13fc25847a6557f55241df24d41af69
                              • Opcode Fuzzy Hash: 44b16d35ed5ab7ebf0fd83c7e5fad132c0477a9407bed93f7cf6593b2270efd8
                              • Instruction Fuzzy Hash: DB4113B0C00319CFDB24DFA9C884B9DBBB5FF49304F20806AD518AB251DB75AA45CF90
                              Function 057C0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 829 57c0bfc-57c42fc 832 57c43ac-57c43cc call 57c0ad4 829->832 833 57c4302-57c4307 829->833 840 57c43cf-57c43dc 832->840 835 57c4309-57c4340 833->835 836 57c435a-57c4392 CallWindowProcW 833->836 843 57c4349-57c4358 835->843 844 57c4342-57c4348 835->844 838 57c439b-57c43aa 836->838 839 57c4394-57c439a 836->839 838->840 839->838 843->840 844->843
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 057C4381
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3431670860.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_57c0000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: 615b5cb97a167fd3a81c38de87dafe247517805a12273970203a78ad9a9aeeae
                              • Instruction ID: 662c534b7ff11fdf84b7eb4774f83df1af7ea360e8db1b10b815946fa9362ce9
                              • Opcode Fuzzy Hash: 615b5cb97a167fd3a81c38de87dafe247517805a12273970203a78ad9a9aeeae
                              • Instruction Fuzzy Hash: 964107B59002058FCB14CF99C888AAABFF6FF88314F24859DD519A7321D774A841DFA0
                              Function 01874248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 846 1874248-1875a01 CreateActCtxA 850 1875a03-1875a09 846->850 851 1875a0a-1875a64 846->851 850->851 858 1875a66-1875a69 851->858 859 1875a73-1875a77 851->859 858->859 860 1875a79-1875a85 859->860 861 1875a88 859->861 860->861 863 1875a89 861->863 863->863
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 018759F1
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424811804.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_1870000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 313dff629a4ea55683f9640aae41da7f20ed06cbf72b862ce1ee22050f88606c
                              • Instruction ID: e199cdbd5aa5a3320329a76a2c705bdbfa2a7fc02b445578e2aa87d5208fcdfc
                              • Opcode Fuzzy Hash: 313dff629a4ea55683f9640aae41da7f20ed06cbf72b862ce1ee22050f88606c
                              • Instruction Fuzzy Hash: 5141D1B0C0071DCBDB24DFA9C884B9DBBB5FF49304F20806AD518AB255DB75A949CF91
                              Function 0187C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 864 187c9a0-187d394 DuplicateHandle 867 187d396-187d39c 864->867 868 187d39d-187d3ba 864->868 867->868
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0187D2C6,?,?,?,?,?), ref: 0187D387
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424811804.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_1870000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 8223f5bc270b3000b23ce9e22cf1553b5898393cce8d4d52e31c66c1f1d5300c
                              • Instruction ID: f23ed60c2a3a19bf51faf07f26763795331618b79caaf2f85dba43e53daec485
                              • Opcode Fuzzy Hash: 8223f5bc270b3000b23ce9e22cf1553b5898393cce8d4d52e31c66c1f1d5300c
                              • Instruction Fuzzy Hash: 8E21C4B59002489FDB10CF9AD984AEEBFF9FF48314F14841AE918A7350D378A954CFA5
                              Function 0187D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 871 187d2f9-187d2fe 872 187d305-187d394 DuplicateHandle 871->872 873 187d300-187d304 871->873 874 187d396-187d39c 872->874 875 187d39d-187d3ba 872->875 873->872 874->875
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0187D2C6,?,?,?,?,?), ref: 0187D387
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424811804.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_1870000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: c6bdeba14dbc8640917f967c5d2f75c199d0e2ade5447842ebdd7f1cd73e7124
                              • Instruction ID: 47bc37e7e090b58b29a5bd5ead5c45f50641d6594d6537de179e0ba5111d4236
                              • Opcode Fuzzy Hash: c6bdeba14dbc8640917f967c5d2f75c199d0e2ade5447842ebdd7f1cd73e7124
                              • Instruction Fuzzy Hash: 6521E3B5D002089FDB10CF9AD984ADEBBF9FF48314F14801AE918A3310D378AA54CFA5
                              Function 0187B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 878 187b020-187b060 882 187b062-187b065 878->882 883 187b068-187b093 GetModuleHandleW 878->883 882->883 884 187b095-187b09b 883->884 885 187b09c-187b0b0 883->885 884->885
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0187B086
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424811804.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_1870000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 8a994b8eecbf5cda4dd54d9241e436fa1b9fc3354df4aba53c2ba5dbf4e99adc
                              • Instruction ID: 2dc1e7a604b1cce5b0c3b69c04bf617da08cdade1917e0eac630107f55015255
                              • Opcode Fuzzy Hash: 8a994b8eecbf5cda4dd54d9241e436fa1b9fc3354df4aba53c2ba5dbf4e99adc
                              • Instruction Fuzzy Hash: 7711D2B5C003498FDB20DF9AC444A9EFBF9AB49314F10841AD529A7610C379A645CFA1
                              Function 0181D3D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424254447.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_181d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5776576f158e5335af9bf69d59de22884c48993a4bb0d22418641f48ead65e73
                              • Instruction ID: 01b4c91c83589f4fab8ef45c7be7e77687a769c634fe8456c57e0c5b1f2df4e7
                              • Opcode Fuzzy Hash: 5776576f158e5335af9bf69d59de22884c48993a4bb0d22418641f48ead65e73
                              • Instruction Fuzzy Hash: EA216A72140204DFDB05DF98D9C8F56BF69FB88314F20C66DE9098B25AC33AE506C7A2
                              Function 0182D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424393299.000000000182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0182D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_182d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68cec36dc539483cb2dac1ca03c1daea908a3caece2db0297af6acd340dc94ea
                              • Instruction ID: edf22b89486c6c223f005b2ce1c9d6455df3f47d4a8434567ebf5b09f6f81cbb
                              • Opcode Fuzzy Hash: 68cec36dc539483cb2dac1ca03c1daea908a3caece2db0297af6acd340dc94ea
                              • Instruction Fuzzy Hash: DE210371504244DFCB16DF68D580B16BF65EB84314F20C669D9098B2A6C33ED587CA61
                              Function 0181D3D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424254447.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_181d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction ID: 15c245a054643ec8c134d214131a344695ea3e6fbbcbc975f33fbf203437eaf5
                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                              • Instruction Fuzzy Hash: 6D110372444240CFDB16CF44D5C4B56BF71FB88324F24C6A9D9094B25BC33AE55ACBA2
                              Function 0182D017 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424393299.000000000182D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0182D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_182d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                              • Instruction ID: 4aa95f39c5b04fd6865ee37d1715774fcc3930c8cc0571d3a1adbc9ab94977c7
                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                              • Instruction Fuzzy Hash: D311D075504280CFDB12CF54D5C4B15FF61FB44314F24C6A9D8498B666C33AD54BCB62
                              Function 0181D5F3 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424254447.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_181d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4bf1fdf6685a31a8163b5db22521f77c279e838ee5979bb582d349d3ebe861b2
                              • Instruction ID: 6fc748caab95523d6394d725d93328639128733ee4a7c0243061479bb91f6e83
                              • Opcode Fuzzy Hash: 4bf1fdf6685a31a8163b5db22521f77c279e838ee5979bb582d349d3ebe861b2
                              • Instruction Fuzzy Hash: CAF049B6600600AF93208F0AC884C27FBADFFD4734719C55AE84A8B616C271FC41CEA0
                              Function 0181D5E4 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.3424254447.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_181d000_BtsoqoHwldFQNw.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3a8d1dbbb55f66b0320e84ce1ca34accb766eb2311e664bed2a5aa46868d4b62
                              • Instruction ID: 1df5d24748139b3074970543314c3873868937fbc23335a9036ca12232d7ed18
                              • Opcode Fuzzy Hash: 3a8d1dbbb55f66b0320e84ce1ca34accb766eb2311e664bed2a5aa46868d4b62
                              • Instruction Fuzzy Hash: 74F03C75104680AFD3258F05C884C23BFBDFF897607198589E88A8B656C671FC42CFA0