Loading ...

Play interactive tourEdit tour

Analysis Report Zapytanie ofertowe (THERMAR 04152021).exe

Overview

General Information

Sample Name:Zapytanie ofertowe (THERMAR 04152021).exe
Analysis ID:387921
MD5:db9c85fd056d349b140e717463f96af7
SHA1:35c6ade22bb43f1a540ca038685bc9972cf6bea7
SHA256:e43b31d2b2446cd82a278f282ac128721a9d8b7718524eab066f5ed7eac40c1e
Infos:

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Sigma detected: RegAsm connects to smtp port
Yara detected AgentTesla
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w7x64
  • Zapytanie ofertowe (THERMAR 04152021).exe (PID: 2404 cmdline: 'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe' MD5: DB9C85FD056D349B140E717463F96AF7)
    • RegAsm.exe (PID: 2028 cmdline: 'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe' MD5: ADF76F395D5A0ECBBF005390B73C3FD2)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1BF_RKNN40fiNL_rA9Ky9I27K_BuXgL1x", "Injection Process": ["RegAsm.exe", "RegSvcs.exe", "MSBuild.exe"]}

Threatname: Agenttesla

{"Username: ": "vItWU", "URL: ": "https://H59hPIoLS2g1MK.net", "To: ": "barbosabronx@yandex.com", "ByHost: ": "mail.aepa.ws:587", "Password: ": "c5h9ISinvw", "From: ": "info@aepa.ws"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3144347709.0000000000302000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    00000002.00000002.3148623210.000000001E0CE000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.3148545524.000000001E031000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.3148545524.000000001E031000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: RegAsm.exe PID: 2028JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 2 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: RegAsm connects to smtp portShow sources
            Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 185.127.128.20, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 2028, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000002.00000002.3144347709.0000000000302000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1BF_RKNN40fiNL_rA9Ky9I27K_BuXgL1x", "Injection Process": ["RegAsm.exe", "RegSvcs.exe", "MSBuild.exe"]}
            Source: RegAsm.exe.2028.2.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "vItWU", "URL: ": "https://H59hPIoLS2g1MK.net", "To: ": "barbosabronx@yandex.com", "ByHost: ": "mail.aepa.ws:587", "Password: ": "c5h9ISinvw", "From: ": "info@aepa.ws"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: Zapytanie ofertowe (THERMAR 04152021).exeVirustotal: Detection: 16%Perma Link
            Source: Zapytanie ofertowe (THERMAR 04152021).exeReversingLabs: Detection: 14%
            Machine Learning detection for sampleShow sources
            Source: Zapytanie ofertowe (THERMAR 04152021).exeJoe Sandbox ML: detected
            Source: Zapytanie ofertowe (THERMAR 04152021).exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: unknownHTTPS traffic detected: 216.58.214.225:443 -> 192.168.2.22:49166 version: TLS 1.2

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1BF_RKNN40fiNL_rA9Ky9I27K_BuXgL1x
            Source: Malware configuration extractorURLs: https://H59hPIoLS2g1MK.net
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.127.128.20:587
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 185.127.128.20:587
            Source: RegAsm.exe, 00000002.00000002.3144581830.00000000007E7000.00000004.00000020.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com3 equals www.linkedin.com (Linkedin)
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
            Source: RegAsm.exe, 00000002.00000002.3144581830.00000000007E7000.00000004.00000020.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: unknownDNS traffic detected: queries for: doc-00-74-docs.googleusercontent.com
            Source: RegAsm.exe, 00000002.00000002.3148545524.000000001E031000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: RegAsm.exe, 00000002.00000002.3148545524.000000001E031000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: RegAsm.exe, 00000002.00000002.3148545524.000000001E031000.00000004.00000001.sdmpString found in binary or memory: http://HCWjJU.com
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0
            Source: RegAsm.exe, 00000002.00000002.3148699743.000000001E16A000.00000004.00000001.sdmpString found in binary or memory: http://aepa.ws
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: http://ca.sia.it/seccli/repository/CRL.der0J
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://ca.sia.it/secsrv/repository/CRL.der0J
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/publicnotaryroot.html0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/publicnotaryroot.crl0
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/TrustedCertificateServices.crl0:
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: RegAsm.exe, 00000002.00000002.3144625845.0000000000855000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.oces.certifikat.dk/oces.crl0
            Source: RegAsm.exe, 00000002.00000002.3144555692.00000000007BD000.00000004.00000020.sdmpString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
            Source: RegAsm.exe, 00000002.00000002.3148146381.000000001D650000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.wellsfargo.com/wsprca.crl0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: RegAsm.exe, 00000002.00000002.3148291480.000000001D71B000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
            Source: RegAsm.exe, 00000002.00000002.3148233406.000000001D6A6000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
            Source: RegAsm.exe, 00000002.00000002.3148233406.000000001D6A6000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
            Source: RegAsm.exe, 00000002.00000002.3148291480.000000001D71B000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f07397a481be1
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
            Source: RegAsm.exe, 00000002.00000002.3148699743.000000001E16A000.00000004.00000001.sdmpString found in binary or memory: http://mail.aepa.ws
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.infonotary.com/responder.cgi0V
            Source: RegAsm.exe, 00000002.00000002.3148146381.000000001D650000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
            Source: RegAsm.exe, 00000002.00000002.3144555692.00000000007BD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
            Source: RegAsm.exe, 00000002.00000002.3144555692.00000000007BD000.00000004.00000020.sdmpString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://repository.infonotary.com/cps/qcps.html0$
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://repository.swisssign.com/0
            Source: RegAsm.exe, 00000002.00000002.3144872150.0000000002610000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
            Source: RegAsm.exe, 00000002.00000002.3149408902.0000000021550000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
            Source: RegAsm.exe, 00000002.00000002.3144872150.0000000002610000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at/certificate-policy.html0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at/certificate-policy.html0;
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at0E
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.ancert.com/cps0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0;
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certifikat.dk/repository0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
            Source: RegAsm.exe, 00000002.00000002.3149242845.0000000020D04000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmp, RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.org1
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.crc.bg0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca0f
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.dnie.es/dpc0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.e-certchile.cl/html/productos/download/CPSv1.7.pdf01
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.e-me.lv/repository0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.entrust.net/CRL/Client1.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.firmaprofesional.com0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://www.globaltrust.info0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://www.globaltrust.info0=
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.post.trust.ie/reposit/cps.html0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.registradores.org/scr/normativa/cp_f2.htm0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.rootca.or.kr/rca/cps.html0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.signatur.rtr.at/current.crl0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.signatur.rtr.at/de/directory/cps.html0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/cps/0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.ssc.lt/cps03
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
            Source: RegAsm.exe, 00000002.00000002.3144581830.00000000007E7000.00000004.00000020.sdmpString found in binary or memory: http://www.trustcenter.de/guidelines0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: http://www.trustdst.com/certificates/policy/ACES-index.html0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.valicert.com/1
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: http://www.wellsfargo.com/certpolicy0
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
            Source: RegAsm.exe, 00000002.00000002.3148657676.000000001E11E000.00000004.00000001.sdmp, RegAsm.exe, 00000002.00000002.3148731419.000000001E194000.00000004.00000001.sdmpString found in binary or memory: https://H59hPIoLS2g1MK.net
            Source: RegAsm.exe, 00000002.00000002.3148657676.000000001E11E000.00000004.00000001.sdmpString found in binary or memory: https://H59hPIoLS2g1MK.netLX
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: https://ca.sia.it/seccli/repository/CPS0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: https://ca.sia.it/secsrv/repository/CPS0
            Source: RegAsm.exe, 00000002.00000002.3144581830.00000000007E7000.00000004.00000020.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
            Source: RegAsm.exe, 00000002.00000002.3144572077.00000000007D9000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-74-docs.googleusercontent.com/GG
            Source: RegAsm.exe, 00000002.00000002.3144636278.0000000000869000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-74-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/1c5gv62u
            Source: RegAsm.exe, 00000002.00000002.3144572077.00000000007D9000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-74-docs.googleusercontent.com/tG
            Source: RegAsm.exe, 00000002.00000002.3144555692.00000000007BD000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
            Source: RegAsm.exeString found in binary or memory: https://drive.google.com/uc?export=download&id=1BF_RKNN40fiNL_rA9Ky9I27K_BuXgL1x
            Source: RegAsm.exe, 00000002.00000002.3148146381.000000001D650000.00000004.00000001.sdmpString found in binary or memory: https://pki.goog/repository/0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
            Source: RegAsm.exe, 00000002.00000002.3149182570.0000000020CA0000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: RegAsm.exe, 00000002.00000002.3149271873.0000000020D32000.00000004.00000001.sdmpString found in binary or memory: https://secure.a-cert.at/cgi-bin/a-cert-advanced.cgi0
            Source: RegAsm.exe, 00000002.00000002.3144609967.0000000000830000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: https://www.catcert.net/verarrel
            Source: RegAsm.exe, 00000002.00000002.3149227523.0000000020CF2000.00000004.00000001.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.hu/docs/
            Source: RegAsm.exe, 00000002.00000002.3149202068.0000000020CBE000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.net/docs
            Source: RegAsm.exe, 00000002.00000002.3148545524.000000001E031000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
            Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
            Source: unknownHTTPS traffic detected: 216.58.214.225:443 -> 192.168.2.22:49166 version: TLS 1.2

            System Summary:

            barindex
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeProcess Stats: CPU usage > 98%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 98%
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00306D48 NtProtectVirtualMemory,2_2_00306D48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307278 NtQueryInformationProcess,2_2_00307278
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307427 NtQueryInformationProcess,2_2_00307427
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307400 NtQueryInformationProcess,2_2_00307400
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307470 NtQueryInformationProcess,2_2_00307470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0030744B NtQueryInformationProcess,2_2_0030744B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307492 NtQueryInformationProcess,2_2_00307492
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003074DE NtQueryInformationProcess,2_2_003074DE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00306D11 NtProtectVirtualMemory,2_2_00306D11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307504 NtQueryInformationProcess,2_2_00307504
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307579 NtQueryInformationProcess,2_2_00307579
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307553 NtQueryInformationProcess,2_2_00307553
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003075AA NtQueryInformationProcess,2_2_003075AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003075E7 NtQueryInformationProcess,2_2_003075E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003075CA NtQueryInformationProcess,2_2_003075CA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307621 NtQueryInformationProcess,2_2_00307621
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307603 NtQueryInformationProcess,2_2_00307603
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307662 NtQueryInformationProcess,2_2_00307662
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003072AF NtQueryInformationProcess,2_2_003072AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307290 NtQueryInformationProcess,2_2_00307290
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307680 NtQueryInformationProcess,2_2_00307680
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003072F3 NtQueryInformationProcess,2_2_003072F3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003072D2 NtQueryInformationProcess,2_2_003072D2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307336 NtQueryInformationProcess,2_2_00307336
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307313 NtQueryInformationProcess,2_2_00307313
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0030737A NtQueryInformationProcess,2_2_0030737A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307355 NtQueryInformationProcess,2_2_00307355
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00307399 NtQueryInformationProcess,2_2_00307399
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003073DF NtQueryInformationProcess,2_2_003073DF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_003073C3 NtQueryInformationProcess,2_2_003073C3
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_004095BA0_2_004095BA
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409CD10_2_00409CD1
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_0040989A0_2_0040989A
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_0040A1590_2_0040A159
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409D620_2_00409D62
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_0040996B0_2_0040996B
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_0040A1190_2_0040A119
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_004099240_2_00409924
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_0040A1F20_2_0040A1F2
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409E400_2_00409E40
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409E7F0_2_00409E7F
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409A010_2_00409A01
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_004096370_2_00409637
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00410EC80_2_00410EC8
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_004096850_2_00409685
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_0040A2880_2_0040A288
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409F0D0_2_00409F0D
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_004097110_2_00409711
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409FA00_2_00409FA0
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_00409BAB0_2_00409BAB
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_004097AF0_2_004097AF
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeCode function: 0_2_002E01560_2_002E0156
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F90502_2_006F9050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006FEE882_2_006FEE88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F5C802_2_006F5C80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F01682_2_006F0168
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006FC7E82_2_006FC7E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F96202_2_006F9620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F2CC82_2_006F2CC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F3F782_2_006F3F78
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F834D2_2_006F834D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F2D282_2_006F2D28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_006F25D02_2_006F25D0
            Source: Zapytanie ofertowe (THERMAR 04152021).exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: Zapytanie ofertowe (THERMAR 04152021).exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000000.2063507468.000000000041A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameGALDEBR.exe vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewersvcj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbengine.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepuiapi.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWfsR.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewmplayer.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsfltr32.acm.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaudiosrv.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebatt.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMDMINST.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWCNCSVC.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePOWRPROF.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAUTOPLAY.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedmdskres.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamegpscript.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesdcpl.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesrchadmin.dll.mui@ vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWPDSp.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameVfWWDM32.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUsbui.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameERCj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecscsvc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameehRecvr.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamessdpsrv.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXE.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenetcfgx.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsfeedsbs.dll.muiD vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameunregmp2.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWUDFSvc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWPCCPL.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameTrustedInstaller.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUxTheme.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenetprof.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebattc.sys.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewevtsvc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameappmgmts.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSHDOCVW.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesti_ci.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamefaultrep.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewdc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameqwavedrv.sys.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewucltux.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameunpnhost.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameappinfo.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemidimap.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmcndmgr.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAccessibilityCpl.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSRATING.DLL.MUID vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameoleres.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewmploc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameACCTRES.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLEACCRC.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameIPBusEnum.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamerstrui.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameieinstal.exe.muiD vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewmisvc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSRVSVC.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedeskadp.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePowerCPL.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsadp32.acm.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSRV.SYS.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameiccvid.drv.muiN vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamegpapi.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebluetooth.cpl.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewpd_ci.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameINETRES.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMFC42.DLL.MUIR vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSWPRV.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePhotoScreensaver.scr.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameATL.DLL.MUIR vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmcbase.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamelhdfrgui.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePDH.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMPNSSCI.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamescsiport.sys.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAVIFIL32.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmci.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenametermsrv.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameBubblesj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameIE4UINIT.EXE.MUID vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameiedkcs32.dll.muiD vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWinMail.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewevtutil.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameTBSSVC.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameulib.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamei8042prt.sys.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemycomput.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameparport.sys.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedsound.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamefwcfg.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameqwave.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954783486.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameumrdp.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameehres.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMPSideShowGadgetj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameonex.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsvfw32.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamethumbcache.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamelocalsec.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUI0Detect.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWLANGPUI.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSV1_0.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamehotplug.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSTI.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmcss.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewuaueng.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLE32.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamew32time.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameslui.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUSERCPL.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenametaskschd.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMDM.dll.muiZ vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebthci.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSHTMLER.DLL.MUID vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenapdsnap.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameREGSVC.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesbdropj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebrserid.sys.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecomdlg32.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSXS.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedps.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMPNSCFG.EXE.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesdclt.exe.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWEBCHECK.DLL.MUID vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAuxiliaryDisplayCpl.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMBLCTR.EXE.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameEFSADU.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWPDMTPDR.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameNetworkItemFactory.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSCTF.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaudiodev.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaelupsvc.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamejscript.dll.muiH vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamegpedit.dll.muij% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSOERES.DLL.MUIj% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2952786096.0000000000588000.00000004.00000040.sdmpBinary or memory string: OriginalFilenameGALDEBR.exeFE2X vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2952433246.00000000001F0000.00000008.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2952513411.0000000000314000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameRegAsm.exeT vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exeBinary or memory string: OriginalFilenameGALDEBR.exe vs Zapytanie ofertowe (THERMAR 04152021).exe
            Source: Zapytanie ofertowe (THERMAR 04152021).exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: Zapytanie ofertowe (THERMAR 04152021).exe, 00000000.00000002.2954465812.0000000003460000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@7/2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KTDIPTU6.txtJump to behavior
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeFile created: C:\Users\user\AppData\Local\Temp\~DF0A81196D88116507.TMPJump to behavior
            Source: Zapytanie ofertowe (THERMAR 04152021).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Zapytanie ofertowe (THERMAR 04152021).exeVirustotal: Detection: 16%
            Source: Zapytanie ofertowe (THERMAR 04152021).exeReversingLabs: Detection: 14%
            Source: unknownProcess created: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe 'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
            Source: C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe' Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior

            Data Obfuscation:

            bar