Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe

'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'

Details

Is windows:	false
Is dropped:	false
PID:	2404
Target ID:	0
Parent PID:	2944
Name:	Zapytanie ofertowe (THERMAR 04152021).exe
Path:	C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Size:	118784
MD5:	DB9C85FD056D349B140E717463F96AF7
Time:	17:54:29
Date:	15/04/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
PE file contains strange resources	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'

Details

Is windows:	true
Is dropped:	false
PID:	2028
Target ID:	2
Parent PID:	2404
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Size:	64672
MD5:	ADF76F395D5A0ECBBF005390B73C3FD2
Time:	18:00:49
Date:	15/04/2021
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xe90000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Sigma detected: RegAsm connects to smtp port	System Summary
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected GuLoader	Data Obfuscation
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

URLs

Name

Malicious

https://H59hPIoLS2g1MK.net

http://127.0.0.1:HTTP/1.1

unknown

http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0

unknown

http://www.a-cert.at0E

unknown

http://www.certplus.com/CRL/class3.crl0

unknown

http://www.e-me.lv/repository0

unknown

http://www.acabogacia.org/doc0

unknown

http://crl.chambersign.org/chambersroot.crl0

unknown

http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0

unknown

http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0

unknown

http://www.certifikat.dk/repository0

unknown

http://www.chambersign.org1

unknown

http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0

unknown

https://doc-00-74-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/1c5gv62u

unknown

http://www.diginotar.nl/cps/pkioverheid0

unknown

http://www.pkioverheid.nl/policies/root-policy0

unknown

http://repository.swisssign.com/0

unknown

http://crl.ssc.lt/root-c/cacrl.crl0

unknown

https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0

unknown

http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl

unknown

http://ca.disig.sk/ca/crl/ca_disig.crl0

unknown

http://repository.infonotary.com/cps/qcps.html0$

unknown

http://www.post.trust.ie/reposit/cps.html0

unknown

http://www.certplus.com/CRL/class2.crl0

unknown

http://www.disig.sk/ca/crl/ca_disig.crl0

unknown

http://crl.pki.goog/GTS1O1core.crl0

unknown

http://ocsp.infonotary.com/responder.cgi0V

unknown

http://www.sk.ee/cps/0

unknown

http://www.certicamara.com0

unknown

http://www.globaltrust.info0=

unknown

https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E

unknown

http://servername/isapibackend.dll

unknown

http://www.ssc.lt/cps03

unknown

http://www.windows.com/pctv.

unknown

http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=

unknown

http://ocsp.pki.gva.es0

unknown

http://crl.oces.certifikat.dk/oces.crl0

unknown

https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

unknown

http://crl.ssc.lt/root-b/cacrl.crl0

unknown

http://www.certicamara.com/dpc/0Z

unknown

http://crl.pki.wellsfargo.com/wsprca.crl0

unknown

http://www.dnie.es/dpc0

unknown

http://www.rootca.or.kr/rca/cps.html0

unknown

http://pki.goog/gsr2/GTS1O1.crt0

unknown

http://www.trustcenter.de/guidelines0

unknown

http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0

unknown

http://windowsmedia.com/redir/services.asp?WMPFriendly=true

unknown

http://www.globaltrust.info0

unknown

https://pki.goog/repository/0

unknown

http://certificates.starfieldtech.com/repository/1604

unknown

http://www.certplus.com/CRL/class3TS.crl0

unknown

http://www.entrust.net/CRL/Client1.crl0

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.

unknown

https://www.catcert.net/verarrel

unknown

http://www.disig.sk/ca0f

unknown

http://www.e-szigno.hu/RootCA.crl

unknown

http://www.signatur.rtr.at/current.crl0

unknown

http://www.sk.ee/juur/crl/0

unknown

http://crl.chambersign.org/chambersignroot.crl0

unknown

http://crl.xrampsecurity.com/XGCA.crl0

unknown

http://crl.ssc.lt/root-a/cacrl.crl0

unknown

http://mail.aepa.ws

unknown

http://www.trustdst.com/certificates/policy/ACES-index.html0

unknown

http://www.firmaprofesional.com0

unknown

http://crl.pki.goog/gsr2/gsr2.crl0?

unknown

https://www.netlock.net/docs

unknown

http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl

unknown

https://doc-00-74-docs.googleusercontent.com/tG

unknown

http://crl.entrust.net/2048ca.crl0

unknown

http://aepa.ws

unknown

http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0

unknown

http://cps.chambersign.org/cps/publicnotaryroot.html0

unknown

http://www.e-trust.be/CPS/QNcerts

unknown

http://www.certicamara.com/certicamaraca.crl0

unknown

http://www.msnbc.com/news/ticker.txt

unknown

http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0

unknown

http://fedir.comsign.co.il/crl/ComSignCA.crl0

unknown

http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0

unknown

http://ocsp.entrust.net03

unknown

http://cps.chambersign.org/cps/chambersroot.html0

unknown

http://www.acabogacia.org0

unknown

https://ca.sia.it/seccli/repository/CPS0

unknown

http://crl.securetrust.com/SGCA.crl0

unknown

http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0

unknown

http://crl.securetrust.com/STCA.crl0

unknown

http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0

unknown

http://www.icra.org/vocabulary/.

unknown

https://H59hPIoLS2g1MK.netLX

unknown

http://www.certicamara.com/certicamaraca.crl0;

unknown

http://www.e-szigno.hu/RootCA.crt0

unknown

http://www.quovadisglobal.com/cps0

unknown

http://investor.msn.com/

unknown

http://www.valicert.com/1

unknown

http://www.e-szigno.hu/SZSZ/0

unknown

http://www.%s.comPA

unknown

http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0

unknown

http://ocsp.entrust.net0D

unknown

http://cps.chambersign.org/cps/chambersignroot.html0

unknown

http://ca.sia.it/secsrv/repository/CRL.der0J

unknown

http://investor.msn.com

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

aepa.ws

185.127.128.20

Details

Name:	aepa.ws
IP:	185.127.128.20
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Sigma detected: RegAsm connects to smtp port	System Summary
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses SMTP (mail sending)	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

mail.aepa.ws

unknown

googlehosted.l.googleusercontent.com

216.58.214.225

Details

Name:	googlehosted.l.googleusercontent.com
IP:	216.58.214.225
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

doc-00-74-docs.googleusercontent.com

unknown

Details

Name:	doc-00-74-docs.googleusercontent.com
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.127.128.20

aepa.ws

Spain

Details

IP:	185.127.128.20
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Spain
Countrycode:	ESP
ASN number:	13287
ASN name:	NIXVALIP-ASNIXVALDatacenterES
Private:	false
Domain:	aepa.ws

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: RegAsm connects to smtp port	System Summary
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses SMTP (mail sending)	Networking	Application Layer Protocol

216.58.214.225

googlehosted.l.googleusercontent.com

United States

Details

IP:	216.58.214.225
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	googlehosted.l.googleusercontent.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

SavedLegacySettings

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	SavedLegacySettings
Value data:	46 00 00 00 1B 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Blob

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	Blob
Value data:	0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Blob

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	Blob
Value data:	0F 00 00 00 01 00 00 00 14 00 00 00 1C D3 02 B3 38 E3 9E D8 74 2D 9E 44 77 3E 99 CA 1D F4 7A 4B 03 00 00 00 01 00 00 00 14 00 00 00 12 89 1D F7 B0 48 CD 69 D0 19 6C 8A D7 A7 54 C8 A8 12 A0 8C 20 00 00 00 01 00 00 00 01 02 00 00 30 82 01 FD 30 82 01 6A A0 03 02 01 02 02 10 BA 57 1C A8 6D E3 A3 A0 49 07 F7 A4 25 79 FE 98 30 09 06 05 2B 0E 03 02 1D 05 00 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 30 1E 17 0D 31 32 30 34 32 32 31 39 34 34 32 30 5A 17 0D 33 39 31 32 33 31 32 33 35 39 35 39 5A 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 EF 27 70 79 3F 24 C2 AD E1 0F E0 6D 2E 8E 79 0D 09 2C A9 03 B5 9A 2C E3 56 E7 4E DC 66 00 FF AD FB 58 01 76 A2 01 B7 36 2B 5D 15 97 A1 C3 9C 14 8F 36 92 72 6A 92 15 FD 49 7C 9F AD FC 9F 3F F7 D2 70 99 EA F2 1B 4D 3B EB 12 32 61 95 12 A6 82 36 C1 FE C1 07 D1 67 C8 02 80 44 BE 38 8E AD C1 FF A5 9D 8F 56 CD 16 50 5F 93 A5 85 CA DB 59 02 C5 E1 03 E5 83 0E 67 4C A3 27 A4 BE AC 83 4C C5 02 03 01 00 01 A3 4E 30 4C 30 4A 06 03 55 1D 01 04 43 30 41 80 10 09 99 39 F8 0E 7B EB 5C 38 4B 84 2A 74 84 11 CF A1 1B 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 82 10 BA 57 1C A8 6D E3 A3 A0 49 07 F7 A4 25 79 FE 98 30 09 06 05 2B 0E 03 02 1D 05 00 03 81 81 00 06 2A 9E DF 91 46 90 A4 39 7C 72 7F 3F 9D 37 84 1A 4E 75 97 0D 6A C9 EA 64 2E C9 30 A5 56 5D A9 F4 8F 35 E3 E7 D3 05 C3 6E 40 A7 DC BE 00 61 E4 2B FE CC C9 B3 3B 92 C3 86 8F 65 A6 0E 01 C8 B4 BD 2C 71 0C 5F 6B 95 B1 0B 1C DC BC A4 FE 84 5E 9A 8C 03 53 AC 45 13 CE BC 64 B7 A2 9D 3B 9E E3 14 F2 73 E9 6A D7 09 06 44 AA D6 E5 50 F9 9C 49 11 DE 3A DC 72 B9 CE CB 57 0C 94 73 74 0A 36 F5

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Blob

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	Blob
Value data:	14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Blob

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	Blob
Value data:	14 00 00 00 01 00 00 00 14 00 00 00 4A 12 D5 38 76 2C 75 F9 13 49 AE 2A F7 AC F9 D3 88 97 D7 D3 03 00 00 00 01 00 00 00 14 00 00 00 12 89 1D F7 B0 48 CD 69 D0 19 6C 8A D7 A7 54 C8 A8 12 A0 8C 0F 00 00 00 01 00 00 00 14 00 00 00 1C D3 02 B3 38 E3 9E D8 74 2D 9E 44 77 3E 99 CA 1D F4 7A 4B 20 00 00 00 01 00 00 00 01 02 00 00 30 82 01 FD 30 82 01 6A A0 03 02 01 02 02 10 BA 57 1C A8 6D E3 A3 A0 49 07 F7 A4 25 79 FE 98 30 09 06 05 2B 0E 03 02 1D 05 00 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 30 1E 17 0D 31 32 30 34 32 32 31 39 34 34 32 30 5A 17 0D 33 39 31 32 33 31 32 33 35 39 35 39 5A 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 EF 27 70 79 3F 24 C2 AD E1 0F E0 6D 2E 8E 79 0D 09 2C A9 03 B5 9A 2C E3 56 E7 4E DC 66 00 FF AD FB 58 01 76 A2 01 B7 36 2B 5D 15 97 A1 C3 9C 14 8F 36 92 72 6A 92 15 FD 49 7C 9F AD FC 9F 3F F7 D2 70 99 EA F2 1B 4D 3B EB 12 32 61 95 12 A6 82 36 C1 FE C1 07 D1 67 C8 02 80 44 BE 38 8E AD C1 FF A5 9D 8F 56 CD 16 50 5F 93 A5 85 CA DB 59 02 C5 E1 03 E5 83 0E 67 4C A3 27 A4 BE AC 83 4C C5 02 03 01 00 01 A3 4E 30 4C 30 4A 06 03 55 1D 01 04 43 30 41 80 10 09 99 39 F8 0E 7B EB 5C 38 4B 84 2A 74 84 11 CF A1 1B 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 82 10 BA 57 1C A8 6D E3 A3 A0 49 07 F7 A4 25 79 FE 98 30 09 06 05 2B 0E 03 02 1D 05 00 03 81 81 00 06 2A 9E DF 91 46 90 A4 39 7C 72 7F 3F 9D 37 84 1A 4E 75 97 0D 6A C9 EA 64 2E C9 30 A5 56 5D A9 F4 8F 35 E3 E7 D3 05 C3 6E 40 A7 DC BE 00 61 E4 2B FE CC C9 B3 3B 92 C3 86 8F 65 A6 0E 01 C8 B4 BD 2C 71 0C 5F 6B 95 B1 0B 1C DC BC A4 FE 84 5E 9A 8C 03 53 AC 45 13 CE BC 64 B7 A2 9D 3B 9E E3 14 F2 73 E9 6A D7 09 06 44 AA D6 E5 50 F9 9C 49 11 DE 3A DC 72 B9 CE CB 57 0C 94 73 74 0A 36 F5

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Blob

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	Blob
Value data:	19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Blob

Details

TargetID:	2
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	'C:\Users\user\Desktop\Zapytanie ofertowe (THERMAR 04152021).exe'
Value name:	Blob
Value data:	19 00 00 00 01 00 00 00 10 00 00 00 E0 70 0A 53 E1 A0 91 CD 00 49 79 CE 14 F2 FD 90 0F 00 00 00 01 00 00 00 14 00 00 00 1C D3 02 B3 38 E3 9E D8 74 2D 9E 44 77 3E 99 CA 1D F4 7A 4B 03 00 00 00 01 00 00 00 14 00 00 00 12 89 1D F7 B0 48 CD 69 D0 19 6C 8A D7 A7 54 C8 A8 12 A0 8C 14 00 00 00 01 00 00 00 14 00 00 00 4A 12 D5 38 76 2C 75 F9 13 49 AE 2A F7 AC F9 D3 88 97 D7 D3 20 00 00 00 01 00 00 00 01 02 00 00 30 82 01 FD 30 82 01 6A A0 03 02 01 02 02 10 BA 57 1C A8 6D E3 A3 A0 49 07 F7 A4 25 79 FE 98 30 09 06 05 2B 0E 03 02 1D 05 00 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 30 1E 17 0D 31 32 30 34 32 32 31 39 34 34 32 30 5A 17 0D 33 39 31 32 33 31 32 33 35 39 35 39 5A 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 EF 27 70 79 3F 24 C2 AD E1 0F E0 6D 2E 8E 79 0D 09 2C A9 03 B5 9A 2C E3 56 E7 4E DC 66 00 FF AD FB 58 01 76 A2 01 B7 36 2B 5D 15 97 A1 C3 9C 14 8F 36 92 72 6A 92 15 FD 49 7C 9F AD FC 9F 3F F7 D2 70 99 EA F2 1B 4D 3B EB 12 32 61 95 12 A6 82 36 C1 FE C1 07 D1 67 C8 02 80 44 BE 38 8E AD C1 FF A5 9D 8F 56 CD 16 50 5F 93 A5 85 CA DB 59 02 C5 E1 03 E5 83 0E 67 4C A3 27 A4 BE AC 83 4C C5 02 03 01 00 01 A3 4E 30 4C 30 4A 06 03 55 1D 01 04 43 30 41 80 10 09 99 39 F8 0E 7B EB 5C 38 4B 84 2A 74 84 11 CF A1 1B 30 19 31 17 30 15 06 03 55 04 03 13 0E 4A 6F 65 53 65 63 75 72 69 74 79 4C 4C 43 82 10 BA 57 1C A8 6D E3 A3 A0 49 07 F7 A4 25 79 FE 98 30 09 06 05 2B 0E 03 02 1D 05 00 03 81 81 00 06 2A 9E DF 91 46 90 A4 39 7C 72 7F 3F 9D 37 84 1A 4E 75 97 0D 6A C9 EA 64 2E C9 30 A5 56 5D A9 F4 8F 35 E3 E7 D3 05 C3 6E 40 A7 DC BE 00 61 E4 2B FE CC C9 B3 3B 92 C3 86 8F 65 A6 0E 01 C8 B4 BD 2C 71 0C 5F 6B 95 B1 0B 1C DC BC A4 FE 84 5E 9A 8C 03 53 AC 45 13 CE BC 64 B7 A2 9D 3B 9E E3 14 F2 73 E9 6A D7 09 06 44 AA D6 E5 50 F9 9C 49 11 DE 3A DC 72 B9 CE CB 57 0C 94 73 74 0A 36 F5

Memdumps

Base Address

Regiontype

Protect

Malicious

302000

unkown

page execute and read and write

1E0CE000

unkown

page read and write

1E031000

unkown

page read and write

2580000

unkown

page write copy

880000

unkown

page read and write

880000

unkown

page read and write

2C0000

unkown

page read and write

1DBE0000

heap private

page read and write

1E54000

heap private

page read and write

2FD2000

unkown

page readonly

41A000

unkown image

page readonly

1DDD0000

heap private

page execute and read and write

881000

unkown

page read and write

8A5000

unkown

page read and write

6F5000

unkown

page read and write

3092000

unkown

page readonly

1D698000

unkown

page read and write

3255000

unkown

page readonly

2C5000

unkown

page read and write

BD0000

unkown

page readonly

774000

unkown

page read and write

2E0000

unkown

page read and write

2730000

unkown

page read and write

21550000

unkown

page readonly

2B30000

unkown

page readonly

2B50000

unkown

page readonly

750000

unkown

page read and write

2C0000

unkown

page read and write

6F0000

unkown

page read and write

2154E000

unkown

page read and write

6F0000

unkown

page read and write

6FB000

unkown

page read and write

2C0000

unkown

page read and write

6F5000

unkown

page read and write

7A4000

heap default

page read and write

1E11E000

unkown

page read and write

31B9000

unkown

page readonly

20CBE000

unkown

page read and write

2C5000

unkown

page read and write

1D162000

heap private

page read and write

2089E000

unkown

page read and write

5ED000

unkown

page execute and read and write

700000

unkown

page read and write

884000

unkown

page read and write

760000

unkown

page read and write

6F0000

unkown

page read and write

6F0000

unkown

page read and write

6F8000

unkown

page read and write

110000

unkown

page readonly

2C0000

unkown

page read and write

EB0000

unkown

page readonly

6F5000

unkown

page read and write

7D9000

heap default

page read and write

2C9000

unkown

page read and write

6F0000

unkown

page read and write

2C0000

unkown

page read and write

885000

unkown

page read and write

2C0000

unkown

page read and write

7E7000

heap default

page read and write

2C0000

unkown

page read and write

120000

unkown

page read and write

890000

unkown

page read and write

6F0000

unkown

page read and write

855000

heap default

page read and write

880000

unkown

page read and write

560000

heap private

page read and write

20BA0000

unkown

page read and write

1E50000

heap private

page read and write

1D65C000

unkown

page read and write

750000

unkown

page read and write

1D0000

unkown

page readonly

2C5000

unkown

page read and write

1E188000

unkown

page read and write

6F5000

unkown

page read and write

6F0000

unkown

page read and write

6F0000

unkown

page read and write

20CA0000

unkown

page read and write

3202000

unkown

page readonly

1EB0000

unkown

page read and write

940000

heap private

page execute and read and write

890000

unkown

page read and write

2D0000

unkown

page read and write

2C5000

unkown

page read and write

5F0000

unkown

page read and write

6F0000

unkown

page read and write

7BD000

heap default

page read and write

880000

unkown

page read and write

2C0000

unkown

page read and write

2E0000

unkown

page read and write

700000

unkown

page read and write

6F0000

unkown

page read and write

1DD3F000

stack

page read and write

6F5000

unkown

page read and write

700000

unkown

page read and write

1E0CC000

unkown

page read and write

700000

unkown

page read and write

1DB47000

unkown

page read and write

770000

unkown

page read and write

700000

unkown

page read and write

753000

unkown

page read and write

6F5000

unkown

page read and write

770000

unkown

page read and write

2C0000

unkown

page read and write

265F000

unkown

page read and write

1DEF0000

heap private

page read and write

3094000

unkown

page readonly

ACE000

unkown

page read and write

2C5000

unkown

page read and write

3232000

unkown

page readonly

750000

unkown

page read and write

2C5000

unkown

page read and write

700000

unkown

page read and write

2C0000

unkown

page read and write

20B9E000

unkown

page read and write | page guard

6F0000

unkown

page read and write

30B4000

unkown

page readonly

8EC000

unkown

page read and write

5C2000

heap private

page read and write

6E0000

unkown

page read and write

D93000

unkown

page read and write

BCF000

unkown

page read and write

1030000

unkown

page readonly

1DEAE000

unkown

page read and write

C8E000

unkown

page read and write

2C5000

unkown

page read and write

6F5000

unkown

page read and write

2F7000

heap default

page read and write

700000

unkown

page read and write

31F5000

unkown

page readonly

8F9000

heap private

page read and write

1D54B000

unkown

page read and write

1D6A6000

unkown

page read and write

C40000

unkown

page read and write

2C5000

unkown

page read and write

1F0000

unkown

page read and write

2C0000

unkown

page read and write

D9F000

unkown

page read and write

CDE000

unkown

page read and write

1DF12000

heap private

page read and write

2D0000

unkown

page read and write

6F5000

unkown

page read and write

760000

unkown

page read and write

2C0000

unkown

page read and write

881000

unkown

page read and write

2C0000

unkown

page read and write

3647000

unkown

page readonly

770000

unkown

page read and write

701000

unkown

page read and write

1E02E000

unkown

page read and write | page guard

1210000

unkown

page readonly

600000

heap private

page read and write

31BD000

unkown

page readonly

6F0000

unkown

page read and write

1CFCE000

unkown

page read and write | page guard

2C2000

unkown

page read and write

560000

unkown

page readonly

936000

unkown

page read and write

30D4000

unkown

page readonly

2ED2000

unkown

page readonly

2101E000

unkown

page read and write

31D2000

unkown

page readonly

6F5000

unkown

page read and write

2128E000

unkown

page read and write

880000

unkown

page read and write

20000

heap private

page read and write

6F5000

unkown

page read and write

1DBCD000

unkown

page read and write

787000

heap default

page read and write

8A0000

unkown

page read and write

2C0000

unkown

page read and write

6F0000

unkown

page read and write

59D000

unkown

page execute and read and write

DAF000

unkown

page read and write

2C0000

unkown

page read and write

6F0000

unkown

page read and write

6F5000

unkown

page read and write

269E000

unkown

page read and write

700000

unkown

page read and write

6F0000

unkown

page read and write

8A0000

unkown

page read and write

1DC0000

unkown

page read and write

2E0000

unkown

page read and write

1D692000

unkown

page read and write

1B0000

unkown

page execute read

20B9F000

unkown

page read and write

1D672000

unkown

page read and write

3460000

unkown

page readonly

6F5000

unkown

page read and write

760000

unkown

page read and write

6F5000

unkown

page read and write

700000

unkown

page read and write

31A5000

unkown

page readonly

3156000

unkown

page readonly

2F0000

heap default

page read and write

30D2000

unkown

page readonly

700000

unkown

page read and write

2C0000

unkown

page read and write

5A0000

heap private

page read and write

770000

unkown

page read and write

3440000

unkown

page readonly

608000

heap private

page read and write

6F0000

unkown

page read and write

200000

unkown

page write copy

1E0000

unkown

page read and write

170000

unkown

page readonly

7B8000

heap default

page read and write

750000

unkown

page read and write

6F0000

unkown

page read and write

401000

unkown image

page execute read

6F0000

unkown

page read and write

2E0000

unkown

page execute and read and write

2C0000

unkown

page read and write

1E11B000

unkown

page read and write

705000

unkown

page read and write

770000

unkown

page read and write

1D34D000

unkown

page read and write

880000

unkown

page read and write

2A00000

unkown

page read and write

890000

unkown

page execute and read and write

1D73D000

unkown

page read and write

26F4000

heap private

page read and write

700000

unkown

page read and write

3186000

unkown

page readonly

7EFDF000

unkown

page read and write

400000

unkown image

page readonly

2D0000

unkown

page readonly

1DB3F000

stack

page read and write

205D0000

unkown

page read and write

3126000

unkown

page readonly

2C2000

unkown

page read and write

700000

unkown

page read and write

700000

unkown

page read and write

6F5000

unkown

page read and write

6F0000

unkown

page read and write

2C0000

unkown

page read and write

2C0000

unkown

page read and write

2C0000

unkown

page read and write

700000

unkown

page read and write

20D32000

unkown

page read and write

1D190000

unkown

page read and write

1D0DD000

unkown

page read and write

5A4000

heap private

page read and write

20120000

heap private

page execute and read and write

D8D000

unkown

page read and write

2F0000

unkown

page read and write

180000

unkown

page execute and read and write

8A1000

unkown

page read and write

2C0000

unkown

page readonly

202EE000

unkown

page read and write

890000

unkown

page read and write

56A000

heap private

page read and write

880000

unkown

page read and write

1CB00000

unkown

page readonly

2E0000

unkown

page read and write

6F5000

unkown

page read and write

1E58000

heap private

page read and write

890000

unkown

page read and write

1D40E000

unkown

page read and write

617000

unkown

page execute and read and write

1CE0000

unkown

page readonly

700000

unkown

page read and write

2C5000

unkown

page read and write

6F0000

unkown

page read and write

1DA3F000

stack

page read and write

A4D000

unkown

page read and write

588000

heap private

page read and write

2C5000

unkown

page read and write

DB4000

unkown

page read and write

2C0000

unkown

page read and write

6F0000

unkown

page read and write

6F0000

unkown

page read and write

1D3C0000

heap private

page read and write

1DEF5000

heap private

page read and write

5E0000

unkown

page read and write

770000

unkown

page read and write

2C0000

unkown

page read and write

3239000

unkown

page readonly

2C0000

unkown

page read and write

8A0000

unkown

page read and write

26F0000

heap private

page read and write

2C5000

unkown

page read and write

740000

unkown

page readonly

6F0000

unkown

page read and write

2ED8000

unkown

page readonly

930000

unkown

page read and write

2D0000

unkown

page read and write

2C5000

unkown

page read and write

30B2000

unkown

page readonly

1DC3F000

stack

page read and write

261F000

unkown

page read and write

750000

unkown

page read and write

2C0000

unkown

page read and write

1D650000

unkown

page read and write

1DC6D000

unkown

page read and write

1D660000

unkown

page read and write

41A000

unkown image

page readonly

1DCB0000

heap private

page read and write

2C0000

unkown

page read and write

61B000

unkown

page execute and read and write

490000

unkown

page read and write

6C0000

unkown

page read and write

5FA000

unkown

page execute and read and write

890000

unkown

page read and write

6F5000

unkown

page read and write

930000

unkown

page read and write

3225000

unkown

page readonly

869000

heap default

page read and write

31D9000

unkown

page readonly

1D85F000

unkown

page read and write

3175000

unkown

page readonly

612000

unkown

page read and write

615000

unkown

page execute and read and write

6F8000

unkown

page read and write

700000

unkown

page read and write

1E16A000

unkown

page read and write

75B000

unkown

page read and write

580000

unkown

page read and write

1E0000

unkown

page readonly

9CE000

unkown

page read and write

630000

heap default

page read and write

6F0000

unkown

page execute and read and write

22B0000

unkown

page readonly

2712000

heap private

page read and write

A8E000

unkown

page read and write

1E160000

unkown

page read and write

8F0000

heap private

page read and write

5B0000

heap private

page read and write

20D04000

unkown

page read and write

6F0000

unkown

page read and write

74E000

unkown

page read and write

213BE000

unkown

page read and write

5C0000

unkown

page readonly

700000

unkown

page readonly

D6E000

unkown

page read and write

400000

unkown image

page readonly

3102000

unkown

page readonly

6F5000

unkown

page read and write

1A0000

unkown

page read and write

1F0000

unkown

page write copy

6F0000

unkown

page read and write

3162000

unkown

page readonly

880000

unkown

page read and write

210000

heap default

page read and write

3209000

unkown

page readonly

2C0000

unkown

page read and write

2C0000

unkown

page read and write

750000

unkown

page read and write

418000

unkown image

page read and write

6F5000

unkown

page read and write

2C0000

unkown

page read and write

1E0B4000

unkown

page read and write

1E162000

unkown

page read and write

2C0000

unkown

page read and write

700000

unkown

page read and write

209AC000

unkown

page read and write

1F0000

unkown

page read and write

2C0000

unkown

page read and write

20CF2000

unkown

page read and write

2D0000

unkown

page read and write

760000

unkown

page read and write

2C5000

unkown

page read and write

2C0000

unkown

page read and write

18C000

stack

page read and write

2C0000

unkown

page read and write

2C0000

unkown

page read and write

1E194000

unkown

page read and write

3115000

unkown

page readonly

780000

heap default

page read and write

880000

unkown

page read and write

890000

unkown

page read and write

314000

heap default

page read and write

1D150000

heap private

page read and write

1E18C000

unkown

page read and write

6F0000

unkown

page read and write

1F031000

unkown

page read and write

2C5000

unkown

page read and write

770000

unkown

page read and write

420000

unkown

page readonly

6F5000

unkown

page read and write

6F5000

unkown

page read and write

6D0000

unkown

page execute and read and write

1070000

heap private

page read and write

21120000

unkown

page read and write

6F5000

unkown

page read and write

3400000

unkown

page readonly

750000

unkown

page read and write

6F5000

unkown

page read and write

1D71B000

unkown

page read and write

770000

unkown

page read and write

2C2000

unkown

page read and write

89000

unkown

page read and write

6F5000

unkown

page read and write

1D6F9000

unkown

page read and write

917000

heap private

page read and write

2D0000

unkown

page read and write

5F2000

unkown

page read and write

6F0000

unkown

page read and write

158000

heap private

page read and write

2C0000

unkown

page read and write

930000

unkown

page read and write

1E5B000

heap private

page read and write

7EFDF000

unkown

page read and write

6F0000

unkown

page read and write

594000

unkown

page read and write

6F0000

unkown

page read and write

3420000

unkown

page readonly

1E17B000

unkown

page read and write

202F0000

unkown

page readonly

9D0000

heap private

page read and write

33C2000

unkown

page readonly

2A0000

unkown

page readonly

190000

unkown

page readonly

1F0000

unkown

page read and write

77A000

unkown

page read and write

880000

unkown

page read and write

6F5000

unkown

page read and write

2610000

unkown

page readonly

930000

unkown

page read and write

700000

unkown

page read and write

1EA0000

heap private

page read and write

400000

unkown image

page readonly

3132000

unkown

page readonly

26DF000

unkown

page read and write

530000

heap private

page read and write

8A0000

unkown

page read and write

750000

unkown

page readonly

1076000

heap private

page read and write

401000

unkown image

page execute read

2F0000

unkown

page read and write

D70000

unkown

page read and write

593000

unkown

page execute and read and write

700000

unkown

page read and write

6F0000

unkown

page read and write

1CF6D000

unkown

page read and write

20000

unkown

page read and write

6F5000

unkown

page read and write

200000

unkown

page readonly

2C0000

unkown

page read and write

760000

unkown

page read and write

890000

unkown

page read and write

1D743000

unkown

page read and write

90000

unkown

page readonly

6F0000

unkown

page read and write

5F6000

unkown

page execute and read and write

1E02F000

unkown

page read and write

2E0000

unkown

page read and write

150000

heap private

page read and write

1D6EE000

unkown

page read and write

3192000

unkown

page readonly

8A0000

unkown

page read and write

980000

unkown

page read and write

1DCF0000

unkown

page readonly

6F0000

unkown

page read and write

830000

heap default

page read and write

1CFCF000

unkown

page read and write

31B6000

unkown

page readonly

700000

unkown

page read and write

6F5000

unkown

page read and write

3145000

unkown

page readonly

890000

unkown

page read and write

880000

unkown

page read and write

There are 451 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps