IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Zapytanie ofertowe (THERMAR 04152021).exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KTDIPTU6.txt
ASCII text
downloaded
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe
'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
malicious

URLs

Name
IP
Malicious
https://H59hPIoLS2g1MK.net
malicious
http://127.0.0.1:HTTP/1.1
unknown
clean
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
unknown
clean
http://www.a-cert.at0E
unknown
clean
http://www.certplus.com/CRL/class3.crl0
unknown
clean
http://www.e-me.lv/repository0
unknown
clean
http://www.acabogacia.org/doc0
unknown
clean
http://crl.chambersign.org/chambersroot.crl0
unknown
clean
http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
unknown
clean
http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0
unknown
clean
http://www.certifikat.dk/repository0
unknown
clean
http://www.chambersign.org1
unknown
clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
clean
https://doc-00-74-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/1c5gv62u
unknown
clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
clean
http://www.pkioverheid.nl/policies/root-policy0
unknown
clean
http://repository.swisssign.com/0
unknown
clean
http://crl.ssc.lt/root-c/cacrl.crl0
unknown
clean
https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
unknown
clean
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
unknown
clean
http://ca.disig.sk/ca/crl/ca_disig.crl0
unknown
clean
http://repository.infonotary.com/cps/qcps.html0$
unknown
clean
http://www.post.trust.ie/reposit/cps.html0
unknown
clean
http://www.certplus.com/CRL/class2.crl0
unknown
clean
http://www.disig.sk/ca/crl/ca_disig.crl0
unknown
clean
http://crl.pki.goog/GTS1O1core.crl0
unknown
clean
http://ocsp.infonotary.com/responder.cgi0V
unknown
clean
http://www.sk.ee/cps/0
unknown
clean
http://www.certicamara.com0
unknown
clean
http://www.globaltrust.info0=
unknown
clean
https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E
unknown
clean
http://servername/isapibackend.dll
unknown
clean
http://www.ssc.lt/cps03
unknown
clean
http://www.windows.com/pctv.
unknown
clean
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=
unknown
clean
http://ocsp.pki.gva.es0
unknown
clean
http://crl.oces.certifikat.dk/oces.crl0
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
clean
http://crl.ssc.lt/root-b/cacrl.crl0
unknown
clean
http://www.certicamara.com/dpc/0Z
unknown
clean
http://crl.pki.wellsfargo.com/wsprca.crl0
unknown
clean
http://www.dnie.es/dpc0
unknown
clean
http://www.rootca.or.kr/rca/cps.html0
unknown
clean
http://pki.goog/gsr2/GTS1O1.crt0
unknown
clean
http://www.trustcenter.de/guidelines0
unknown
clean
http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
unknown
clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
clean
http://www.globaltrust.info0
unknown
clean
https://pki.goog/repository/0
unknown
clean
http://certificates.starfieldtech.com/repository/1604
unknown
clean
http://www.certplus.com/CRL/class3TS.crl0
unknown
clean
http://www.entrust.net/CRL/Client1.crl0
unknown
clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
clean
https://www.catcert.net/verarrel
unknown
clean
http://www.disig.sk/ca0f
unknown
clean
http://www.e-szigno.hu/RootCA.crl
unknown
clean
http://www.signatur.rtr.at/current.crl0
unknown
clean
http://www.sk.ee/juur/crl/0
unknown
clean
http://crl.chambersign.org/chambersignroot.crl0
unknown
clean
http://crl.xrampsecurity.com/XGCA.crl0
unknown
clean
http://crl.ssc.lt/root-a/cacrl.crl0
unknown
clean
http://mail.aepa.ws
unknown
clean
http://www.trustdst.com/certificates/policy/ACES-index.html0
unknown
clean
http://www.firmaprofesional.com0
unknown
clean
http://crl.pki.goog/gsr2/gsr2.crl0?
unknown
clean
https://www.netlock.net/docs
unknown
clean
http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
unknown
clean
https://doc-00-74-docs.googleusercontent.com/tG
unknown
clean
http://crl.entrust.net/2048ca.crl0
unknown
clean
http://aepa.ws
unknown
clean
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
unknown
clean
http://cps.chambersign.org/cps/publicnotaryroot.html0
unknown
clean
http://www.e-trust.be/CPS/QNcerts
unknown
clean
http://www.certicamara.com/certicamaraca.crl0
unknown
clean
http://www.msnbc.com/news/ticker.txt
unknown
clean
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
unknown
clean
http://fedir.comsign.co.il/crl/ComSignCA.crl0
unknown
clean
http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
unknown
clean
http://ocsp.entrust.net03
unknown
clean
http://cps.chambersign.org/cps/chambersroot.html0
unknown
clean
http://www.acabogacia.org0
unknown
clean
https://ca.sia.it/seccli/repository/CPS0
unknown
clean
http://crl.securetrust.com/SGCA.crl0
unknown
clean
http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
unknown
clean